Application control
Only approved software is allowed to run, stopping malicious code before it starts
Patch applications
Updates fix known flaws in apps—apply them fast to close easy entry points
Macro settings
Block macros from the internet and allow only signed macros to run in Office files
App hardening
Disable or remove browser and reader features attackers often abuse
Limit admin rights
Give administrative privileges only when needed and monitor their use closely
Patch OS
Keep Windows and macOS fully up to date so critical holes are closed promptly
MFA
Require Multi-Factor Authentication on all eligible software
Regular backups
Maintain offline, tested copies of data so you can restore quickly after an incident
