Monitoring and auditMonitoring and audit

Organization users who last logged in more than 30 days ago are blockedOrganization users who last logged in more than 30 days ago are blocked

Y360-5

To minimize the risks of unauthorized access, you should regularly audit user activity. We recommend blocking or deleting accounts that were inactive for more than 30 days. This especially concerns organizations with high turnover of staff, contractors, or temporary employees.

Before implementing this measure, make sure the session cookie lifetime in your organization is limited according to the Y360-2 standard. This is required for accurate evaluation of user activity.

How to implement:

For added security, we recommend blocking or deleting user accounts that were inactive for more than 30 days, provided you comply with the Y360-2 standard for session cookies.

How to block or unblock an employee.

How to delete an employee account.

Monitoring of audit log events is set upMonitoring of audit log events is set up

Y360-11

This recommendation mandates collection and analysis of audit log events in order to detect potentially dangerous actions and anomalies in the system. Such events may include information about access to files, user activity, system logins, and other actions.

Admins and managers can use audit logs to look into:

1. Events in services:

   • How employees log in to their accounts, e.g., the time and device of their login.
   • Actions employees take with emails and files in their Mail and Disk. For example, you can find out who has moved an email or file.

2. Events in the organization’s profile:

   • Changes in the organization’s profile. For example, you can view what changed in a user’s data and who made those changes.
   • Past searches of other admins in the email archive and how they set up email rules.

How to implement:

To ensure system security, enable collection and analysis of audit log events. This will allow you to timely detect and respond to potential threats.