All employees Mail and Cloud accounts require strong password and 2FA with U2F physical security keys.
SSO is used whenever possible for any other service we use and 2FA is mandatory.
All employees are provided with a password manager account to help them generate secure and unique passwords as well as sharing secrets internally. SSO is used to connect to their password manager.
All employees' laptop’s disk are encrypted.
We use managed services from Cloud providers. They provide the infrastructure security (patching, backups, firewall, etc) and availability.
Secrets are stored in a key management system (KMS) and accessed only by services requiring these secrets.
Data is encrypted in transit with all services using HTTPS.
Authentication between users and services is done via OAuth2.
Databases are encrypted at rest (AES 256).
Users are trained and tested against different social engineering attacks using Mantra's awareness and simulation platform.