IT Security Checklist for 2026

Access and credential management

• implementation of mandatory Multi-Factor Authentication (MFA) on all VPN access points and email systems to combat remote access account compromise,
• conducting a rigorous audit of local and technical accounts, along with the removal of inactive accounts of former employees and external contractors,
• ensuring continuous monitoring for unusual login activity, with particular attention to night hours and non-standard geographical locations.

Edge infrastructure and vulnerabilities

• establishing a priority patching mode for edge devices, such as firewalls and email gateways,
• verifying the configuration of network devices for vulnerabilities exploited by advanced ransomware groups, such as Akira,
• disabling all unused ports and services exposed directly to the public Internet.

Staff awareness and social engineering

• organizing awareness training regarding new manipulation techniques, such as "callback phishing" and fake CAPTCHA scripts,
• introducing multi-channel verification procedures for changes to financial data with counterparties to prevent fraud,
• educating employees on "insider threat" risks, including recruitment methods conducted by cybercriminal groups.

Data protection and BCP

• testing the system recovery process from offline backups, which is a key factor in limiting the rationale for paying ransoms,
• applying data loss prevention (DLP) tools to detect and stop data theft before files fall into the hands of cybercriminals,
• updating Business Continuity Plans (BCP) with scenarios assuming long-term incident handling lasting even several months.