Hosted Services Security Guide for Extraordinary Homes

Hosted Services Security Guide for Extraordinary Homes

I. CLOUD SERVICES for EXTRAORDINARY HOMES and HOUSE STAFF ACCOUNT SECURITY

  1. Implement Password Manager (Last Pass)
    • What it entails: Last Pass account setup on user computer(s) and device(s), transferring/copying all passwords to application vault and user training.
    • Estimated time to complete: Depends on number of users + training
    • Problem/Security Risks: Password reuse and the use of simple passwords are a major security risk.  Saving passwords on documents or web browsers is not safe.
  1. Office 365 account audit + shore-up security
    • What it entails: Audit/cleanup Office 365 user accounts and make changes as necessary. Setup MFA for all ASF Office 365 accounts. Setup DKIM, SPF and DMARC email security.
    • Estimated time to complete: Depends on number of user accounts to be setup
    • Problem/Security Risks: Currently, Multi Factor Authentication (MFA) is not setup and if email accounts are hijacked, the malicious third party can get access to other services/accounts, request password resets and further compromise the organization.
  1. DropBox account audit + shore-up security
    • What it entails: Audit/cleanup DropBox user accounts and access controls/permissions and make changes as necessary.
    • Estimated time to complete: Depends on number of user accounts/directories that need to be audited
    • Problem/Security Risks: External users (no longer working at/for ASF) may still have access to DropBox files or folders.

II. ORGANIZATION HOME IT SECURITY POLICIES AND PROCEDURES

  1. Develop IT security policies
    • Expected Benefit: Cybersecurity Standards and Policy Framework
    • What it entails: Developing a set of strategies for managing the processes, tools and policies necessary to prevent threats to digital and non-digital information.
  1. Develop CyberSecurity Incident Response Plan
    • Expected Benefit: Cybersecurity Standards and Policy Framework
    • What it entails: Developing a set of strategies for managing the processes, tools and policies necessary to detect, document and counter security threats.
  1. Develop Disaster Recovery Plan
    • Expected Benefit: Business continuity
    • What it entails: Developing a documented process or set of procedures to execute an organization’s disaster recovery processes and recover and protect a business IT infrastructure in the event of a disaster.

Please let me know if you have any questions. Steve@ipsofacto.net

mm
Steve Boullianne, Multiple post-graduate degrees, Mind/Body/Spirit enthusiast. 139 IQ & Mensa. Loves Skiing, Scuba, and Food. Steve’s First job out of college was programming satellites for AT&T. Founded IPSOFACTO in 1996, Y2K boom, e-Commerce super success, 2.1 boom. Steve is ready to Mediate high quality for all life, our one planet, and human kindness. Loves to dance and tell jokes. Steve believes that Excellent Communication is key to human success (and failure). Steve has 3 sons who are his STARS. They will carry the world into a brilliant future. Since 1996, Steve has been a volunteer drug and alcoholism counselor in the Bay Area. The power of the Great Spirit is in you. Steve is a good friend to have.

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*