Device Management
Devices that access corporate data need to be known, tracked, updated and managed by policy (access by time or day, or ability to copy files). Most infections are due to vulnerabilities that have been known and patched in the last few months. Updates are key.
Detection
Use telemetry to detect unusual anomalies on the network and block bad behavior. The anomaly can be code that is trying to copy or encrypt all of your data out of the office (or an employee)
Encryption
Encrypt sensitive data while it is at rest in a database and when it moves across the organization.
Logging
Because the bad actors can be inside your network for weeks at a time, it’s helpful to have good logging enabled. Alerts on these events also gets others involved in stopping a possible silent breach in process.
Segmentation
Parcel off parts of the network into different areas, so one is infected, it can’t spread to other locations.
Continued Education
Users can graduate from being cybersecurity liabilities to guardians of the network. Training sessions followed up by small, infrequent testing can keep users sharp and on the lookout for strange actors in the digital world. If you see something, say something.
Disaster Recovery
When all else fails, have an entire snapshot of all the data you own; both on-premise and outside of the building for safety. Have a disaster recovery action plan as well as a cybersecurity response plan.