A best practice that appears to be overlooked in many organizations is that of reducing your attack footprint. During recent audits, we’ve discovered that organizations large and small are leaving themselves unnecessarily open to a security breach. Hackers are like rock climbers. They only need a series of small cracks within reach of the each other in order to make it to the summit.
Leaving unnecessary services running on a server, not locking down internal resources and allowing egress traffic with no filtering all increase your attack footprint. It makes you easier to find, grab hold of and allows for a hacker to continually climb your infrastructure without falling off or having no other way to advance.