- Schedule random penetration testing which has social engineering in the scope
- Identify your critical data and ensure an external assessment is done to verify your internal test results
- Ensure the executive level is aware of the results
- Conduct periodic cybersecurity assessments
- Establish a framework and program for highly trusted or privileged employees.
- Establish a least-privileges policy, and ensure employees has access only to what they need and not more
- Perform regular backups, and utilize cloud power such as Microsoft Azure
- Follow ISO 27001 or similar regulations to secure your information security management systems
- Perform enhanced background screening at regular intervals