Hosted Services Security Guide for All IT Firms to Use (our gift to you during Covid19 hardship)

Hosted Services Security Guide for All IT Firms to Use (our gift to you during Covid19 hardship)

I. CLOUD SERVICES AND USER ACCOUNT SECURITY

  1. Implement Password Manager (Last Pass)
    • What it entails: Last Pass account setup on user computer(s) and device(s), transferring/copying all passwords to application vault and user training.
    • Estimated time to complete: Depends on number of users + training
    • Problem/Security Risks: Password reuse and the use of simple passwords are a major security risk.  Saving passwords on documents or web browsers is not safe.
  1. Office 365 account audit + shore-up security
    • What it entails: Audit/cleanup Office 365 user accounts and make changes as necessary. Setup MFA for all ASF Office 365 accounts. Setup DKIM, SPF and DMARC email security.
    • Estimated time to complete: Depends on number of user accounts to be setup
    • Problem/Security Risks: Currently, Multi Factor Authentication (MFA) is not setup and if email accounts are hijacked, the malicious third party can get access to other services/accounts, request password resets and further compromise the organization.
  1. DropBox account audit + shore-up security
    • What it entails: Audit/cleanup DropBox user accounts and access controls/permissions and make changes as necessary.
    • Estimated time to complete: Depends on number of user accounts/directories that need to be audited
    • Problem/Security Risks: External users (no longer working at/for ASF) may still have access to DropBox files or folders.

II. ORGANIZATION IT SECURITY POLICIES AND PROCEDURES

  1. Develop IT security policies
    • Expected Benefit: Cybersecurity Standards and Policy Framework
    • What it entails: Developing a set of strategies for managing the processes, tools and policies necessary to prevent threats to digital and non-digital information.
  1. Develop CyberSecurity Incident Response Plan
    • Expected Benefit: Cybersecurity Standards and Policy Framework
    • What it entails: Developing a set of strategies for managing the processes, tools and policies necessary to detect, document and counter security threats.
  1. Develop Disaster Recovery Plan
    • Expected Benefit: Business continuity
    • What it entails: Developing a documented process or set of procedures to execute an organization’s disaster recovery processes and recover and protect a business IT infrastructure in the event of a disaster.

Please let me know if you have any questions. Steve@ipsofacto.net

mm
Steve Boullianne, High school drop-out. College drop-out. A go-go dancer in Amsterdam. LOVED computers, programmed satellites for AT&T. Founded IPSOFACTO in 1996, Y2K boom, Dot-Com boom, 2.0 boom. Likes his smallish company and human relationships; not into big anonymous IT. Loves to tell jokes. Loves and Hates technology; pick up the phone, ok? Thinks on line hook up sites have saved the world from AIDS and DateRape. Thinks his kids are better collaborators and world leaders thanks to video games. Is still a hip-hop dancer; is NOT a Brony. Loves San Francisco; Hates the homeless crisis. Tells young people to buy real estate, as soon as possible. Don’t rent. Hopes his final years are spent handing out blankets, food, clothes, and medical supplies.

0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*