Good/Best Practices in Security
Passwords
Use Password Manager. No one can remember all the passwords.
Use unique passwords for your online services, eg. banking, e-mail, online shopping, gaming, social media,... If leak happen other accounts will be safe.
Authentication
Use two factor auth if it is possible. There is overview of avaliable services which supports 2FA. Do not rely on SMS as 2FA, if it is possible use Token. Use hard or soft token (better if you have to have more tokens).
Use Secure Protocols
HTTPs, POP3s, IMAPs, SSH,... because no one knows who is listening.
Your auth data could be stolen/intercept/...
When you are downloading/uploading data there is no evidence that other site is the right one. You have no proof (certificate, that the host is belonging to the organization).
PowerShell Best Practices
https://www.digitalshadows.com/blog-and-research/powershell-security-best-practices/
Office Pro Plus Enterprise Security
Admins of the Enterprise version of Office ProPlus can already take a number of specific measures to lower the privacy risks for employees and other people.
Apply the new zero-exhaust settings
Centrally prohibit the use of Connected Services
Centrally prohibit the option for users to send personal data to Microsoft to ‘improve Office’
Do not use SharePoint Oneline / OneDrive
Do not use the web-only version of Office 365
Periodically delete the Active Directory account of some VIP users, and create new accounts for them, to ensure that Microsoft deletes the historical diagnostic data
Consider using a stand-alone deployment without Microsoft account for confidential/sensitive data.
(Windows) Audit Policy Recommendations
Follow Microsoft recommendations on their docs to be up to date with current settings.
E-mail Protection
Make sure that your organisation implemented SPF, DKIM and DMARC in the right way. Messages originating from your domain can send only servers that are allowed to. No one else.
In case you need encryption use S/MIME or PGP/GPG.
Linux Hardening
Last updated