These three simple steps will dramatically reduce your ransomware risk.
- Enable Multi-Factor Authentication on your identity provider (Microsoft Active Directory, Google Workspace)
- Enable Enterprise Sign-In/Single-Sign-On/SAML on all your applications. Disable *all* local accounts including admin
- The remainder applications which don’t support single identity? Fix them or Fire them (or see me for an authenticating reverse proxy to keep them alive).