[Down_n_Out]

First off, reading your intro, I'd make sure to cover yourself from any liability the lack of security as well as the lack of apparent cooperation from the company so they can't hold you responsible for any breaches or problems.

That being said, I'd look into MSB (Minimum Security Baseline), there's quite some examples out there, like this one for example [0]

Besides that SANS has a very good reading room [1] where you can find a lot more information, as well as on individual items as on general ones.

The most difficult part will definitely be to change the way of working and thinking of the management of this company. Maybe show them an example of a company that was attacked using ransomware, they were down for a month, lost millions. I will try to find the example I'm thinking of, but there's plenty to be found out there.

[0] http://www.rn.psu.edu/wp-content/uploads/sites/4349/2016/01/... [1] https://www.sans.org/reading-room/

[allrightyeo]

Excellent material man, that will help me a lot for a kick start. Thank you very much,