These are some tips and best practices for recovering credentials after a disaster: Document server permission changes made during recovery Ensuring that you handle – and plan for – situations where your normal handling of credentials is disrupted is key to ensuring that you don’t place your firm at greater risk after a disaster. Too often in the heat of the moment you find yourself unable to gain access to your normal processes. It’s also to review how they handle processes and procedures, particularly the handling of credentials. The goal is to ensure that the consulting staff can handle stress during a client’s disaster (albeit a staged event). Like simulated phishing experiments, these staged disasters are controlled to ensure that data will not be lost and damage to the client is limited to the staged areas. How often do you or your consultants test to see if they can handle the recovery process under stress?Ĭonsultant firms often arrange with their clients to stage a disaster and then monitor the results with their staff. All these disasters could cause you or someone in your firm to be less than secure in how they handle the transfer and recovery of servers and key operations. A multi-factor authentication device is lost. A device with critical passwords is stolen. Your servers are hit with ransomware or hacked. We have our normal password management processes, password storage tools, and encryption processes. Doing so requires multiple backups, cloud resources, and tested backup and recovery processes. Whenever I am dealing with cloud services or remote consultants, the one thing that gives me the greatest pause is keeping track of and protecting credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |