Workspace Watchdog

  • Harden Your Security Settings: We'll ensure your password policies, two-factor authentication, and other security measures are robust enough to withstand even the most determined hackers.

  • Control User Access: We'll help you define user roles and permissions, ensuring that everyone has access to the resources they need, and nothing more.

  • Monitor for Suspicious Activity: We'll help you set up alerts and identify orphaned accounts and groups that may be a prime target for an attacker.

  • Optimize Your Configuration: We'll help you fine-tune your Admin console settings to maximize security without sacrificing usability.

  • Password Policies:

    • Strength requirements (length, complexity, expiration).

    Two-Factor Authentication (2FA):

    • Enforcement of 2FA for all users, especially administrators.

    • Types of 2FA methods allowed (e.g., Google Prompt, authenticator apps, security keys).

    • Recovery options for lost 2FA devices.

    Single Sign-On (SSO) Integration:

    • Configuration and security of SSO with external identity providers.

    • Proper mapping of user attributes.

    User Account Management:

    • Process for creating, disabling, and deleting user accounts.

    • Review of inactive accounts.

    • Privileged account management and separation of duties.

    Session Management:

    • Session timeout settings.

    • Control over concurrent sessions.

    • Ability to revoke active sessions.

    Access Control:

    • Role-based access control (RBAC) and assignment of appropriate permissions.

    • Review of administrator roles and privileges.

    • conditional access policies.

    Audit Logging:

    • Enabling and retention of audit logs.

    • Monitoring of login attempts and suspicious activity.

    • Review of admin audit logs.

    Phishing protections:

    • Settings regarding phishing and malware protections.

  • Google Drive:

    Sharing Settings:

    • Auditors check who can share what, and with whom. Think "can anyone with a link see my lunch order?"

    • They look for excessive external sharing and whether sensitive data is exposed to the public.

    • They analyze the default sharing permissions.

    Data Loss Prevention (DLP):

    • Is DLP set up to stop sensitive data from leaking? (e.g., Social Security numbers, financial info).

    • Are there alerts in place when sensitive data is detected?

    Access Controls:

    • Who has access to what folders and files?

    • Are there appropriate access levels for different users and groups?

    • Are there any orphaned accounts with access?

    File Versioning and Recovery:

    • Can files be restored if accidentally deleted or modified?

    • Is there a backup and disaster recovery plan?

  • Spam and Phishing Filters:

    • Are the filters strong enough to catch those "you've won a million dollars" emails?

    • Are there any custom rules to block suspicious senders or content?

    Authentication:

    • Is two-factor authentication (2FA) enforced? (Because passwords alone are like screen doors on a submarine).

    • Are there any suspicious login attempts?

    DLP and Content Compliance:

    • Is DLP set up to prevent sensitive data from being sent via email?

    • Are there content compliance rules in place to monitor and control email content?

    Email Encryption (TLS/S/MIME):

    • Are emails encrypted in transit and at rest?

    • Are there any policies regarding encrypted email?

    Mail Routing and Delegation:

    • Are there any unusual mail routing rules?

    • Who has delegated access to what inboxes?

  • External Sharing:

    • Whether calendars are publicly accessible or shared only within the organization.

    • Restrictions on sharing with external domains.

    • Permissions granted to external collaborators (e.g., view only, edit).

    Default Visibility:

    • The default visibility settings for new calendar events (e.g., public, private, organizational).

    • Whether sensitive information is inadvertently exposed in event details.

    Resource Scheduling:

    • Permissions for booking resources (e.g., meeting rooms, equipment).

    • Controls to prevent unauthorized resource usage.

    Delegation and Permissions:

    • Who has delegated access to calendars and the level of access granted.

    • Whether permissions are appropriately assigned and regularly reviewed.

    Mobile and API Access:

    • Security policies related to mobile calendar access and API integrations.

    • Authorization controls for third-party applications accessing calendar data.

    Meeting Settings:

    • If meeting links are automatically generated, and the security settings around those links.

    • If outside guests are allowed to join meetings.

    Audit Logging:

    • Ensuring that calendar activity is properly logged for auditing and incident response purposes.

    • Retention policies for calendar audit logs.

  • Access Settings:

    • Who can join the group (e.g., anyone in the organization, invited users only).

    • Who can view conversations (e.g., group members, entire organization).

    • Who can post messages (e.g., group members, specific roles).

    • The ability for external users to join or post to the group.

    Group Membership Management:

    • How group members are added (e.g., direct addition, requests, automated).

    • Whether group owners are regularly reviewing membership.

    • The process for removing inactive or unauthorized members.

    Content and Moderation:

    • Whether message moderation is enabled.

    • Whether spam filters are effective.

    • If there are any policies around sensitive information being shared in groups.

    • If message history is being retained, and for how long.

    External Sharing:

    • Policies regarding allowing external users to be members of groups.

    • Policies regarding allowing external users to post to groups.

    Group Creation:

    • Who has the ability to create new groups.

    • Naming conventions for groups.Item description

$999 per district