- Learn as much about the risk as possible. Understanding the risk, threats and vulnerabilities that currently exist on your enterprise.
- Knowledge is power, the more you know about your target the more likely you are to succeed.
- Don’t worry about what you see it’s what you don’t see
- Know What You Have (that others might want)
- Identify the “Opportunities” You Might Be Providing
- Research Your Employees
- Educate Your Employees
- Establish and Utilize Checks & Balances System
- Audit remote access points
- Apply the principle of least privilege / need to know or have, Access Control – “Need to Know” = “Need To Access”
- Monitor third party aggregation points
- Enforce strong password policy/multifactor authentication. Something you know/have/are
- Monitor contractors and business partners with access to your data