Saw these recommendations for cyber today. Organizations should be vigilant for the evergreen practices: employee training about phishing and social engineering, give only the permissions needed to users, and scan for vulns and lock down ports you don’t use. But it adds, clean up old accounts (a practice for admins) and resist trying out new security measures.
Four key cybersecurity practices during geopolitical upheaval | Malwarebytes Labs
CISA has also put out some recommendations: Shields Up | CISA