🔐 1. Backup Strategy

•	Daily backups, both on-site and off-site (e.g. cloud + external drives).
•	Use immutable or versioned backups where possible.
•	Regularly test restoration procedures.

Most of the rest that follows is not really likely to be done by an average small business. 

🛡️ 2. Endpoint Protection

•	Install and maintain reputable antivirus/anti-malware software.
•	Enable real-time protection and automatic updates.

🚧 3. Firewall & Network Segmentation

•	Use a hardware firewall or UTM appliance.
•	Segment critical systems (e.g. finance, admin) from general use areas.

🔑 4. Access Control

•	Enforce least privilege: users only get access to what they need.
•	Use unique credentials and disable shared accounts.

🔁 5. Patch & Update Management

•	Apply security updates to OS, applications, and firmware promptly.
•	Automate where feasible, especially for Windows, macOS, and server software.

✉️ 6. Email Security

•	Use spam filters with malware and phishing detection.
•	Warn users about attachments and links from unknown senders.

🧠 7. User Training

•	Educate staff on phishing, social engineering, and suspicious activity.
•	Run simulated phishing campaigns periodically.

🧾 8. Application Whitelisting

•	Limit systems to run only authorised software.
•	Block unauthorised scripts and macros (especially in MS Office).

🔍 9. Monitoring & Logging

•	Enable centralised log collection.
•	Monitor for unusual access patterns, e.g. large file movements or login attempts.

🔐 10. Multi-Factor Authentication (MFA)

•	Enforce MFA for:
•	Admin accounts
•	Remote access
•	Email systems (e.g. Microsoft 365, Google Workspace)