Herewire promotes the concept of Default Security in your devices, services and systems. Default Cyber Security is government grade security built into your devices, services and systems without any configuration required by the end user to “set it up” to get it to work. Default Cyber Security includes Automated security updates, automated system updates and automated encryption of data in storage and in transit.
Google’s Chromebook is an example of a device with default security.
Software-as-a-Service (SaaS) programs like Intuit ProConnect Tax and Google Workspace are service examples that include default security.
Default security is the idea that end users have the right to have secure devices, systems and services for their business without having to spend endless hours to “make them secure” or have to hire an “expert” to make and keep devices, services and systems secure.
Secure by Default devices, systems, services for a small tax practice of 1-5 staff would include:
- Google Chromebooks (add Enterprise option for full laptop control including remote delete/wipe)
- Google Workspace Business (Central Shared Drive folder, plus business email firstname.lastname@example.org and Google Sites for website, managed by Google Admin panel)
- Intuit ProConnect Tax Online, Intuit Link (managed data transfer), Intuit Quickbooks Online Accountant
- Square Payments (PCI-DSS compliant payment processor)
- Kingston DataLocker (AES-256 encrypted USB, onboad crypto chip, air-gapped data backup)
- Microsoft OneDrive Personal Vault (secure secondary cloud backup)
Herewire provides User administration (for business specific cloud apps) (ProConnect, Clio, RightCapital, Curve Dental, Foreflight)
Business continuity operations planning (Consideration of different types of Backup plans to keep the business operating if cyber security incidents, facility outages and/or cloud service outages occur)
Security training sprints (daily 3-5 security reminders for all staff sent as an email form (Google Forms))
(Services for businesses up to 5 staff)
Herewire IT Cyber security focuses on practically deploying generally accepted cyber security standards so your business can automatically run efficient and understandable daily cyber secure practices by default.
The US Cybersecurity & Infrastructure Security Agency (CISA) provides Cyber Hygiene Services free of charge to Federal, state, local, tribal and territorial governments, as well as public and private sector critical infrastructure organizations. US-CERT National Cyber Assessments and Technical Services (NCATS).
CyberSpeedLane Checklists and Reports
FAST Cyber NIST Checklists (USE THESE)
NIST Checklists (FAST) (FAST checklist review without recording OP/INOP items)
CISA Incident Response Playbook (record OP/INOP items)
FASTCyber (Quick Review lists, NIST CSF, NIST 800-53 lowBase, CISA Incident Response)
IT Security Vendor Selection Checklist (staysafeonline.org)
IT Inventory (small business, manual method)(save data to your private twitter account)
FASTCyber Do-it-Yourself (DIY) (custom checklist)(access id req)