This section explores the aspects that need to be implemented to ensure effective management of cyber-risks in day-to-day activities. It sets out a series of minimum best practices for staff to adopt, as well as for processes and the technological component.