Security Policies
To protect against cyber threats and attacks, organizations need to set up security policies for their employees' accounts. Security policies are rules and regulations for every individual or group using the organization's assets and resources.
Enabling security policies will restrict unauthorized access. The goal of these policies is to minimize security risks for the organization.
Following are the typical components of a security policy:
1. Password policy
Password policies are a set of rules that guide you in creating a strong and secure password. These ensure that a password is strong and changed periodically to avoid password breaches.
2. Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) adds an extra layer of security to the sign-in process (in two or more different ways). If any additional steps are required for authenticating a user, it is either two-factor authentication or MFA. MFA requires an additional verification process rather than just asking for a username and password, which decreases the probability of cyber attacks.
3. Allowed IPs
Enabling an IP restriction can prevent your organization's systems from being used by other IP addresses. Users can only log in through the allowed IP address so only authorized users can access sensitive data or resources. Anyone entering from a different IP address will not be able to access data.
4. Session management
Setting up time limits in session management will automatically sign out users from their accounts if,
- the session exceeds the given time limit
- stays inactive over the chosen time.
You can also limit the number of concurrent sessions for a user in this setup.
For more information about security policies, click here.