How many of these are present in your organization?  

1.No cybersecurity training for employees

2.Software is not up to date

3.Strong password policies are not implemented

4.Use of vendor-supplied default configurations or default login usernames and passwords

5.Open ports and misconfigured services are exposed to the internet

6.Incorrectly applied privileges or permissions and errors within access control lists

7.Remote services, such as VPNs, lack sufficient controls to prevent unauthorized access

8.Multifactor authentication (MFA) is not enforced

9.Cloud services are unprotected

10.Failure to detect or block phishing attempts

11.Poor endpoint detection and response

Click here to read how to mitigate these weak points.