Most clients I’ve been talking to are making security a priority for 2021. With everything that happen in 2020 with the workforce and culture for most organizations moving remotely and the quick ingestion of systems and solutions to support that move security risks have increased just as drastically. So, if you haven’t started talking security and planning then you need too. At the end of last year there was a wake up call that even if you are doing everything “correctly” any vendor you are using could become compromised. I haven’t seen a disaster recovery plan that would have planned for this contingency. So what should you do? Our team has helped numerous clients recover from security breaches and based on that experience there are some key items everyone should be doing.
- Constant Vigilance
- Weekly Visual Security reviews of dashboards and manual review of key systems
- Create a “digital vault” that only a handful (CIO, CTO, 1 IT Admin) has access too. Contents:
- Backup of AD – Why? Because we have seen a couple instances were backups were corrupted and Domain Controllers had to be restored from scratch
- Excel list of all employees and phone numbers – Why? If e-mail is down and your core intranet how do you communicate. In one instance we had to use SMS messaging and direct calling to users. Without this list it would have taken even longer
- Excel list of vendors and contacts
- Documentation of passwords and service accounts
- Diagram of network
- Backup of Router and Wireless Network configurations – Why? These configurations if wiped have to be rebuilt
- Where? We have been recommending a SPO site that is only accessible to specific cloud only accounts that are only used on an as need basis.