1. Use strong passwords and don’t share them
2. Don’t click on suspicious links and attachments (PDF)
3. Ensure staff have the access to do their job but not do harm
4. Identify critical systems and data and protect them appropriately (PDF)
5. Encrypt sensitive data in transit and at rest (PDF)
6. Patch your systems regularly to ensure operating systems and applications are up to date (PDF)
7. Use technical controls on servers, desktops, mobile devices, and wireless (eg. anti-virus, anti-malware, logging) (PDF)