This becomes a cyber resilience knowledge base: readable, but technically correct. No attack guides – defense only.

Risk reality

• Unclear ownership
• Too many admin rights, too little MFA
• Backups without restore testing
• Missing email auth (SPF/DKIM/DMARC)
• Logs exist, but nobody reviews them

Quick wins

• MFA wherever possible
• Password manager + clear policy
• Patch cycles + document exceptions
• 3-2-1 backups + monthly restore test
• Least privilege

Network & access (SMB-friendly)

• Segmentation: office / servers / DMZ / IoT / guests
• Firewall: deny by default → allow explicitly
• Remote: VPN + MFA + logging