Having a password policy that requires your users to use longer passwords with complexity and change them every 30 days is highly recommended. Forcing password complexity would be the requirement to use small letters, capital letters, numbers, and special characters in a password of a predetermined length (8 characters minimum). Having such a policy helps to ensure that users accounts are much more difficult to break and helps to ensure the safety of corporate data confidentiality, integrity, and availability (CIA).
Regular scanning and assessment of the network for vulnerabilities is a critical element in maintaining a healthy security posture. Remediation of these vulnerabilities will help to ensure the CIA of your corporate data
Establishing a baseline for your regular network activity will enable you to identify any anomalies or unusual network traffic that could be cause for concern and require further investigation.
Users of company technological equipment must ensure that all equipment is for business and professional use only. As such they should sign an Acceptable Use Policy. They should only access, and have access rights to, information and data that is required to perform their job or any duties that may assist co-workers in doing theirs.
All shared company passwords for essential resources, like server access, database access or firewalls etc., should be stored in a centralized and encrypted password database, such as KeePass, LastPass or Password Safe. The administrator passwords for these applications should be strictly maintained, kept private, never written down and provided only to appropriate authorized users.