Majority of ramsomware and cyberattacks stem from phishing, social engineering, unpatched software and weak passwords. Mitigating these cover more than 80% of your cybersecurity defenses. Here are the three top defenses that you should prioritize right away to minimize your cybersecurity risk:

1. Mitigate Social Engineering
   1. Educate your users about cybersecurity on a regular basis. Use creative ways for them to get engaged
   2. Codify security policies and make sure to enforce them.
   3. Use technical defenses such as screening out phishing emails from your email system. A useful anti-phishing guide can be obtained from this website: https://info.knowbe4.com/comprehensive-anti-phishing-guide
2. Patch your Operating Systems, application software, firmware, and appliances.
   1. Review vulnerabilities and patch your software regularly. Patches for critical vulnerabilities should be applied as soon as possible.
   2. Be aware of current threats and work with your vendor to obtain security patches. Use the following website to check known exploited vulnerabilities and mitigate them right away: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
3. Use Multifactor Authentication (MFA)
   1. Even if cyber criminals are able to obtain your users’ passwords, an MFA using a second source of authentication will be able to prevent attack.
   2. At the very least, set an enforceable policy for your users to use unique, 12-char fully random, unguessable passwords.