Cybersecurity Transformation
Zero-Trust
Implementation
Checklist
The Vam Group, LLC ·
Prepared by Charville A. Ubagan
· March 12, 2026
Overall progress
0
/ 12 completed
Phase 1 — Identity & access hardening
Transition all employees to phishing-resistant MFA
Google Authenticator or physical security keys — replace SMS codes to eliminate SIM swap risk
Implement least privilege access controls
No employee has more access than their role strictly requires
Enroll executives & finance in Google Advanced Protection
Highest-tier security monitoring for high-risk accounts
Phase 2 — Domain integrity (email security)
Configure SPF record
Authorize only official servers to send mail on behalf of the domain
Enable DKIM signing on all outgoing email
Cryptographic signatures to prove emails haven't been tampered with
Set DMARC policy to p=reject
Automatically block spoofed emails before they reach any recipient's inbox
Phase 3 — Data loss prevention (DLP)
Restrict public link sharing in Google Drive
Whitelist specific client domains for secure file exchange
Set up automated content scanning rules
Flag or block transmission of sensitive data — credit cards, passwords, and confidential documents
Conduct shadow IT audit
Review and revoke excessive third-party app permissions — Canva, AI tools, etc.
Phase 4 — Human firewall & culture
Schedule quarterly phishing simulations
Controlled, safe exercises to continuously test team readiness
Establish rapid offboarding protocol — 15-min kill switch
Revoke all access (Gmail, Slack, Adobe) within 15 minutes of any departure
Draft and publish AI usage policy
Clear guidelines to prevent client data from being shared with public AI models
All phases complete — security transformation done.
The Vam Group is now operating under a Zero-Trust framework.