Internal Security Policies and Procedures

Internal Security Policies and Procedures

1. Wherever possible, employees must use 2FA. Where Duo is not applicable, employees must use stand-alone 2FA. 
2. Employees must use complex passwords that are at least 8 characters long and contain uppercase, lowercase and at least one symbol. 
3. Employees must use the company password manager (or approved equivalent)  to store any company-related passwords that are not in IT Glue. Do not store company-related passwords in a personal password manager or anywhere else. Violation of this policy is grounds for disciplinary measures including termination of employment. 
4. Employees must stay current on monthly cyber security training. 

Todyl Cloud VPN

We use Todyl Cloud VPN to contact to critical services. Through the use of IP-blocking, users are prevented from connecting to the following services unless the Todyl SGN network client is running on the computer from which the user is attempting access:

  1. Office 365
  2. Autotask
  3. DropBox
  4. Company KB (kb.geekgirlsit.com)
  5. IT Glue
  6. ScreenConnect AD User Login

If you intend to access any of these web sites from your mobile device, please request enrollment of your mobile device in Todyl from Matthew or you won't have access. 

We use Single Sign-ON (SSO) for these services. So once you are connected to one, you can connect to the others in the same browser session without logging in again. 

Duo 2FA

We use Duo 2FA for 2 Factor Authentication. Once you are enrolled by an admin, you will receive an invitation to install the Duo app on your mobile device. You will need to install the Duo application on your mobile device in order to access these services: 

  1. Office 365
  2. Autotask
  3. DropBox
  4. Company KB (kb.geekgirlsit.com)
  5. IT Glue
  6. Continuum (RMM) Portal (ITS Portal) 
  7. ScreenConnect AD User Login

Keeper Security Password Management


We use Keeper Security MSP for centralized Password Management. (We also resell this to customers from the Keeper MSP dashboard.)

    • Related Articles

    • Technician On-Site Appointment Procedures

      Please do not perform work that was not assigned in the ticket. If the customer asks for other work to be performed, you must get approval from a senior technician or office admin first. On-Site Visit Procedures Administrative items to bring to every ...

    • Cyber Security Incident Response Plan

      Cyber Security Incident Response Plan (for Incidents Internal to GGIT) This document describes the steps to be taken during a cyber security incident response. For purposes of this plan, our Security Team consists of Roberta and Matthew. You can ...

    • Behavioral Policies and Disciplinary Procedures

      This article applies to all full-time employees. It does not apply to temporary hires such as interns and summer hires. Interns and temporary employees may be terminated at any time based either on their performance or the on the changing needs of ...

    • Instructions for Customer to Bypass Mac Security Setting to Install ScreenConnect or any Other Software

      General Instructions for Customer on Bypassing Mac Security Setting For Installing ScreenConnect or Any Other Software Not Approved By Apple Open your Mac's System Preferences (by clicking on the Apple logo on the top left corner of your screen) and ...

    • Daily Time Policies

      The following represents our current employee policies. Failure to follow these policies is grounds for disciplinary action up to and including termination. Promptness Employees are to arrive on time, unless there is an emergency or other exceptional ...