Most incidents are not caused by sophisticated attacks, but by missing baseline measures. With a limited set of hygiene measures, you prevent the vast majority of risks. Below are the fundamentals every organisation should have in place.
The baseline set
- Updates & patches — promptly, for all systems and software.
- Multi-factor authentication (MFA) — certainly for email, VPN and administration.
- Backups with a restore test (3-2-1 principle).
- Access management — least privilege, clean up accounts.
- Awareness — staff recognise phishing.
- Monitoring & logging — detect anomalies.
From individual measures to control
Individual measures help, but real control only emerges with a management system that steers risks and safeguards improvement. That is where ISO 27001 comes in. Are you preparing for NIS2? Then this baseline is the starting point.
ISO/IEC 27001 — official standard page (official source).
Frequently asked questions
Short, direct answers — written for people and for AI search features alike.
Timely updates, multi-factor authentication, reliable backups with a restore test, strict access management, security awareness among staff, and monitoring/logging. This baseline set prevents the majority of common incidents, such as phishing, ransomware and the exploitation of outdated software.
Yes. Multi-factor authentication is one of the most effective measures against account takeover. Even if a password is leaked, MFA blocks access in most cases. At a minimum, enable it for email, remote access (VPN) and administrator accounts.
An independent baseline assessment or gap analysis tests your measures against a recognised framework such as ISO 27001. This gives you an objective view of which fundamentals are in order and where the biggest risks and gaps lie.
Want to know whether you are audit-ready?
Schedule a no-obligation audit scan and find out in a single conversation where you stand and what the next step is.
