Advanced Persistent Threat (APT) adversaries run highly targeted, multifaceted campaigns to exploit vulnerabilities either through holes in an organization's security implementation or by targeting the human element which often uses social engineering. Financially motivated actors indiscriminately send mass spam emails in credential harvesting campaigns or deploy ransomware. These attack vectors are the most common against organizations of any size, but often have a greater impact on small to medium-sized business that may not have a robust security posture. As a security practitioner, it is imperative to posture an organization to prevent and mitigate the risk posed by these attacks. The Critical Security Controls (CSC) are the industry standard for securing an environment but may be costly and time-consuming to implement; also, some of them may not be as applicable to all organizations. This presentation examines the controls from a risk perspective given the common attack vectors, and explains how an organization may secure themselves against the threats.