But please please please use Conditional Access to put some controls around where MFA and SSPR can be registered from!

Zero-Trust Security: Verify every user and device, applying least-privilege access. Multi-Factor Authentication (MFA): Require MFA for all critical accounts and systems to prevent unauthorized access. Patch Management: Regularly update software and run vulnerability scans to address security gaps. Endpoint Detection and Response: Use EDR tools to detect and mitigate suspicious activities on devices in real time. Network Segmentation: Isolate critical systems through network segmentation to limit the spread of potential attacks. Data Encryption: Encrypt sensitive data at rest and in transit to protect against breaches. Incident Response : Develop and test an incident response and disaster recover plan to ensure fast recovery after an attack.

Adding my few cents: Along with regular cyber protections, firewalls ,frequent patches, data back up, vulnerability fixes, - Use Internet Address Restrictions by location, zone to allow logins. - Identify patterns and predict unusual login attempts like different location, timezones, wrong attempts and more. - Apply biometrics using mobile app for desktop logins (like microsoft authenticator) - Use additional authentication like OTP for sensitive apps, tools which deal with sensitive data.

Os pontos chaves para proteger nossos ativos digitais enquanto trabalhamos remotamente são: utilizar uma VPN com criptografia segura, habilitear autenticação multifator (MFA) para todas as contas, e manter nossos dispositivos atualizados com os patches de segurança mais recentes. Além disso, use um software antivírus confiável, evite redes Wi-Fi públicas sem proteção e faça backups regulares dos seus dados. Essas medidas ajudam a mitigar o risco de ameaças cibernéticas, mantendo seus ativos digitais protegidos mesmo fora do ambiente de trabalho On-Premisses tradicional.