IT_Cyber

Herewire promotes the concept of Default Security in your devices, services and systems. Default Cyber Security is government grade security built into your devices, services and systems without any configuration required by the end user to “set it up” to get it to work. Default Cyber Security includes Automated security updates, automated system updates and automated encryption of data in storage and in transit.

Google’s Chromebook is an example of a device with default security.

Software-as-a-Service (SaaS) programs like Intuit ProConnect Tax and Google Workspace are service examples that include default security.

Default security is the idea that end users have the right to have secure devices, systems and services for their business without having to spend endless hours to “make them secure” or have to hire an “expert” to make and keep devices, services and systems secure.

Secure by Default devices, systems, services for a small tax practice of 1-5 staff would include:

  • Google Chromebooks (add Enterprise option for full laptop control including remote delete/wipe)
  • Google Workspace Business (Central Shared Drive folder, plus business email me@mybusinessname.com and Google Sites for website, managed by Google Admin panel)
  • Intuit ProConnect Tax Online, Intuit Link (managed data transfer), Intuit Quickbooks Online Accountant
  • Square Payments (PCI-DSS compliant payment processor)
  • Kingston DataLocker (AES-256 encrypted USB, onboad crypto chip, air-gapped data backup)
  • Microsoft OneDrive Personal Vault (secure secondary cloud backup)

Herewire provides User administration (for business specific cloud apps) (ProConnect, Clio, RightCapital, Curve Dental, Foreflight)

Business continuity operations planning (Consideration of different types of Backup plans to keep the business operating if cyber security incidents, facility outages and/or cloud service outages occur)

Security training sprints (daily 3-5 security reminders for all staff sent as an email form (Google Forms))

(Services for businesses up to 5 staff)

Herewire IT Cyber security focuses on practically deploying generally accepted cyber security standards so your business can automatically run efficient and understandable daily cyber secure practices by default.

National Institute of Standards and Technology (NIST) Cyber Security Framework (NIST CSF)

NIST 800-53 (revision 5) (Low baseline items, both privacy and security, suitable for small businesses) (NIST 800-53B, Control Baselines)

CIS Critical Security Controls

IRS Safeguards Program

The US Cybersecurity & Infrastructure Security Agency (CISA) provides Cyber Hygiene Services free of charge to Federal, state, local, tribal and territorial governments, as well as public and private sector critical infrastructure organizations. US-CERT National Cyber Assessments and Technical Services (NCATS).

CISA – Preparing for and Mitigating Cyber Threats

Incident Response:

NIST 800-61 (Computer Security Incident Handling Guide)

Cybersecurity & Infrastructure and Security Agency (CISA) Incident and Vulnerability Response Playbooks (CISA Incident Response Playbook document) (2021)

CyberSpeedLane Checklists and Reports

FAST Cyber NIST Checklists (USE THESE)

NIST CSF (record OP/INOP items)

NIST SP 800-53 rev 5 (low baseline) (record OP/INOP items) (Security and Privacy Controls for Information Systems)

NIST Checklists (FAST) (FAST checklist review without recording OP/INOP items)

CISA Incident Response Playbook (record OP/INOP items)

DIY Checklists

FASTCyber (Quick Review lists, NIST CSF, NIST 800-53 lowBase, CISA Incident Response)

NIST CSF mobile review checklist (local program)

NIST 800-53 low baseline mobile review checklist (local program)

CISA Incident Response Playbook (based on NIST 800-61) mobile checklist

IT Security Vendor Selection Checklist (staysafeonline.org)

IT Inventory (small business, manual method)(save data to your private twitter account)

Webapp, website, cloud security check online (immuniweb.com)

Global Cyber Alliance Small Business Toolkit

FASTCyber IRS Data Security Review (abbreviated) (Report Results)

FASTCyber Do-it-Yourself (DIY) (custom checklist)(access id req)

TaxJets (Main site)

TextHold (temporary text/data holding area)