Tips 7 25 Key Findings 1 Stolen Access Credentials 6 Ransomware 5 Vulnerability Intelligence 4 Blurring Boundaries 3 Threat Snapshot 2 How to Protect Your Organization Organizations should follow these general best practices and recommendations to protect against the common threat vectors and threats discussed in this report: Regularly implement security updates and patches released for software and systems used by the organization and verify that they are updated with the latest version Remind employees not to use their organizational email address to register on external third-party services Two-factor authentication should be enabled for all users, if possible In case of a data leak, inform the affected users and instruct them to change their passwords If compromised passwords were used by the employees for organizational systems, perform a full scan of the systems to check for infiltration Raise employee awareness regarding phishing and social engineering attempts Ensure all internet-facing servers' components are updated to their latest version, and whenever possible, limit access to specific IP addresses Ensure employees use strong, complex and unique passwords Add leaked passwords to your organization’s blacklist, to prevent them from being used again Ensure computers on the organizational network have patched, updated and synchronized anti-malware and security systems installed Implement role-based access based on the principle of least privilege (ie, grant users the minimum level of access or permissions required to perform their job) 25 Tips 7