Just 4 Controls

Greatly reduce the risk of a security incident by employing four basic controls. This was the finding from a survey of 993 firms. Depending on the type of organization, the use of four basic security precautions reduced the probability of a cybersecurity incident from 69% to 21% or 94% to 70%. In both cases these are large reductions. See the bottom of this post for a link to the study.

For those who have dedicated years to fortify their enterprise's network and assets, the choice of these four safeguards will hit home.

1. Strong password policy

This one never goes away. Choose length over complexity. Use a long memorable phrases (> 20 characters) or use a password manager to generate and store all your passwords. Keep passwords unique across all your applications and websites.

2. Keeping systems up to date

Keep your phones, computers, servers and network devices up to date with latest patches and updates. This means at least once a month or more frequently if zero-day or critical updates become available.

3. Having multiple backup copies including one offsite

When ransomware hits, you need to have your data and any critical systems backed up. Keep a copy offline if possible or leverage a cloud provider like AWS which provides immutable backups. These backups prevent anyone (including you and the ransomware) from overwriting the copy of your data.

4. Detecting and responding to malware at endpoints

Make sure every computer and server has some flavor of anti-virus installed to stop malware or alert you when something is amiss.

https://weis2022.econinfosec.org/wp-content/uploads/sites/10/2022/06/weis22-gandal.pdf