Most incidents do not start with an advanced exploit. They start with missing operational hygiene.
Enable immediately
- Two-factor authentication for control panels and email
- Individual users instead of shared logins
- Regular backups with restore checks
Network layer
- SSH keys and IP restrictions
- Closed service ports
- Admin panels behind VPN or allowlists
Operational hygiene
- Scheduled system updates
- Password rotation after handover
- Login and critical action logs
The best time to build a baseline is before the first deployment, not after the first incident.