01

Protect identities first

Accounts are often the doorway to business systems. Make access intentional and remove it promptly when roles change.

  • Use multi-factor authentication where available
  • Avoid shared user accounts
  • Review administrator access
  • Document offboarding
02

Keep devices current

Supported operating systems, application updates, endpoint protection, and encryption create a stronger baseline.

  • Apply security updates
  • Replace unsupported systems
  • Use managed endpoint protection
  • Require device lock screens
03

Prepare for recovery

Backups are most useful when the organization knows what is protected, who owns recovery, and how restoration will be prioritized.