Computer security
Mr.PC take a firm stance security and backups, these days there are no winners in taking shortcuts on security and backups only losers.Â
We have put together a basic security standards and policies to be treated as a bare minimum level that is required to be in place no mater how small your business is. Â
Basic Security Standards
Remote Access
- Open RDP access not allowed
- RDP over VPN allowed
- Multi Factor Authentication Sign-in
Documented Procedures
- Backup and restore procedure including offsite backups.
- Escalation and notification steps.
- General safe email and web browsing.
These procedures require periodic sign-off by authorised personnel.
Servers and Systems
- Servers and workstations must be on a patch management plan.
- Servers and workstations must be on a managed antivirus plan.
- Software installations on workstations must be locked to designated administrators.
- All backups must be encrypted with offsite cloud backups with a degree of separation (external disk rotation not acceptable)
User Policies
Password complexity requirements:
- Minimum Length: 8 characters
- Must contain: numbers, special characters, capital letters, lowercase letters
- Must not contain: username, first name, last name, email address.
- Password expiration: 6 months
- Password reusability: reuse after 3 changes
Router Standards
- Business-grade firewall (minimum reference device Draytek Vigor2862+)
- Intrusion detectavsaaion with logging and reporting.
- No open ports allowed (with certain exceptions)
- Exchange Servers (TCP 25, 443)
- Security Systems and DVRs managed by other providers (must be approved by Mr PC).
- VPN security level - Minimum L2TP/IPSec AES-256 SHA-1 or SSL VPN equivalent.
- All email correspondence must be via Microsoft Exchange or equivalent. POP3 and IMAP not allowed.
- All email correspondence must go through an email filtering service.
- All on-premise email servers must have a publicly trusted SSL certificate.
- 365 Multi Factor Authentication must be enabled.
- 365 Geo location blocking must be in place.
- Email SPF, DKIM & DMARC must be setup.
- All 365 Emails must have an active backup service.Â
BYOD (Bring Your Own Device)
All devices that are used within the business or access the business network:Â
- Must have an embedded elevated administrator account with remote wipe rights.
- Must have an acceptable antivirus subscription or added to the Mr PC Managed AV plan.
- Must be kept updated at all times (security patches for OS, antivirus, 3rd party software).
- Will be subject to random scanning.