Russian state-sponsored hackers and zero-day attacks sound infinitely more exciting than, say, multi-factor authentication and patch management. But these seemingly boring security basics should be ...