Level 1: Free / easy / 1 hour fixes
-Block China, Russia, Ukraine on your firewall and email
-Turn on email banner for external emails
-make sure PCs are running a version of Windows that gets updates; update to Win10 can still be found for free
-Verify Windows Defender is on and updated automatically
-Verify Windows patches itself automatically. Set Active hours to not be annoyed by reboots
-Invest some time in fishing and cyber-security training. Lots of free info on YouTube.com
-make sure your router/firewall and Wifi have long passwords that are NOT the default from the factory
-type your email address into haveibeenpwnd.com; if it says breached, change your password
-install a password manager; BitWarden is free, use it to generate long, complex passwords
-create some HoneyDocs and sprinkle them around your shared files
-standardize on a non-email company wide communication method; Microsoft Teams, Slack, NextCloud etc.
-make sure you have backups and test them
-ensure users are using a secure browser and not IE
-sign up for PayPal; don’t use credit cards online unless its thru PayPal
Level 2: Cheap / 1 day fixes
-enable GeoFiltering for your email logon
-turn on 2FA for email and anything money related (email is used to reset passwords)
-turn off NetBios, WPAD and LLMNR on PCs. Easier if you have an AD Domain
-replace SSL based VPN with IPSec VPN / RdWeb / NextCloud
-disable macros in Office. Easier if you have an AD Domain
-disable PowerShell on workstations. Easier if you have an AD Domain
-setup an SPF record with your ISP/DNS provider
-setup OFFLINE backups; think external harddrives + some IoT power plugs
-make a guest wifi network and put all cell phones and IoT devices on it
Level 3: Projects that take planning but provide higher levels of security
-Offsite laptops; install a remote management security tool. SentinelOne etc
-Randomize Local administrator account passwords; Microsoft LAPS is free but takes time to implement
-collect and analyze log files
-setup DMARC & DKIM with your ISP/DNS provider