Security Checklist
Backups:
- NAS backup is automated and monitored, no need to switch or change out drives. The backups are saved on the network drive. (NAS = network attached storage)
- Online backups are automated and run in the cloud each night and are monitored, so you do not have to do anything.
- In addition to a NAS and online backup, having 2 external USB drives you can rotate weekly, so that one is unplugged from the server at all times would be beneficial. This can only be done in person, so a staff member can perform very easily at the end of a week.
Email: This may be the most important thing to remember!!!
DO NOT click on any links, open any attachments, or call any support numbers. Unless you are sure of the sender. Even so, you are not sure if the known sender has been compromised. You may get an email from a friend, or colleague, but you don't know if they have been compromised. Be aware of phishing scams that look like legit emails: ie. Your norton antivirus software protection is up for renewal, please renew here. Your receipt for such and such purchase is here. Your invoice is overdue, please pay here. etc..
Websites:
DO NOT click on any links, or call any numbers you are asked to click/call. I.e Your computer has been infected, please call this number to fix, etc..
Computer Accounts:
Must have a strong password, and the password cannot be the same as the username. Please take it upon yourself to change the password if you do not have a strong password in place already. (At least 6 characters, with Cap, number, and special character)
Remote access:
Remoting into a work computer must have a 2FA rotating code in place. (Those using denver screenconnect have this already)
Third party remote access: NTech discourages the use of 3rd party access (i.e. MB2, EAssist, Insurance billing, Bookkeeper Quick books access, Marketing tech, or any remote access for any purpose) and will not be held responsible for ANY security breach of the network if 3rd party remote access is present. We will not allow any RDP sessions, or VPNs using RDP (RDS) under any circumstance. If absolutely necessary, remote access will only be allowed on a dedicated workstation. No Server installs will be allowed. Please see article: https://www.techtarget.com/searchsecurity/answer/What-are-the-potential-risks-of-giving-remote-access-to-a-third-party-service-provider
Antivirus/Ransomware Software:
A paid version of security software MUST be installed on the server and every computer in your office.
Firewall:
A business hardware firewall must be used.
Microsoft Operating Systems:
Any Windows OS that has reached end of extended support is not ok.
Any computers that are still running after extended support are vulnerable to attacks and will not be supported. These computers will no longer receive security updates from Microsoft, and will not be able to support any of those computers until they are upgraded or replaced. ie. Windows XP, Windows 7, Server 2012, etc...
MISC:
Servers will be rebooted every 3 months for security updates and network refresh. Computers will be rebooted every week over the weekend after hours for the same.
Apple/MAC products are not supported in offices running a windows network. Apple does not play well in work environments mixed with windows PCs.
NTech can be the only IT provider for the office. If another IT company has access to server or network, NTech cannot be responsible for any damages done. (Think too many cooks in the kitchen)
DO NOT use the server as a workstation, it only causes problems, slows down the network, and increases the risk for security breach.
Finally, we recommend purchasing cyber security insurance for your practice or business. Even with all of these safeguards in place, bad things can still happen. This list is not bulletproof, but a good step in the right direction for the security of your office. Please sign below stating that you have read, agree, and are willing to implement these procedures. Service could be delayed until form is submitted.