MailChimp is a flexible, cost-effective, and easy-to-use cloud productivity platform. MailChimp provides a suite of productivity services that you can use to manage your business. This paper is targeted at customers’ internal security, risk and compliance teams and their external auditors who may have a need to assess the use of MailChimp.
This paper provides a checklist to support assessments of MailChimp based on the following domains:
- MailChimp Super Admins - Admin accounts come with elevated privileges, they're valuable targets for hackers and cyber criminals. Every developer or user on your network with administrative privileges adds risk of account compromise.
- MailChimp Identity Access Management - Identity management and access control is the discipline of managing access to enterprise resources to keep systems and data secure. As a key component of your security architecture, it can help verify your users' identities before granting them the right level of access to workplace systems and information.
- MailChimp Resources - Customers are responsible for maintaining the security of anything they install / store on their internal storage or connect to their tenant. Secure management of your resources means knowing what resources your organization is using (asset inventory), securely configuring the guest OS and applications on your resources (secure configuration settings, patching, and anti-malware), and controlling changes to your resources (change management).
- MailChimp Chat & Conferences - Make sure your users is not vulnerable to Meeting Bombing, Malicious Links In a Chat, and Stolen Meeting Links. Making sure your videoconferencing is set up securely can help prevent these attacks from being successful.
- MailChimp Email Security - Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with email systems.
- MailChimp Certificates - SSL, and its successor TLS, are industry standard protocols for encrypting network communications and establishing the identity of websites over the Internet. SSL/TLS provides encryption for sensitive data in transit and authentication using SSL/TLS certificates to establish the identity of your site and secure connections between browsers and applications and your site.
- MailChimp Incident Response - Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.
Automate your MailChimp ISO / PCI compliance process and prevent misconfiguration.
1. MailChimp Super Admins
Admin accounts come with elevated privileges, they're valuable targets for hackers and cyber criminals. Every developer or user on your network with administrative privileges adds risk of account compromise.
2. MailChimp Identity Access Management
Identity management and access control is the discipline of managing access to enterprise resources to keep systems and data secure. As a key component of your security architecture, it can help verify your users' identities before granting them the right level of access to workplace systems and information.
3. MailChimp Resources
Customers are responsible for maintaining the security of anything they install / store on their internal storage or connect to their tenant. Secure management of your resources means knowing what resources your organization is using (asset inventory), securely configuring the guest OS and applications on your resources (secure configuration settings, patching, and anti-malware), and controlling changes to your resources (change management).
4. MailChimp Chat & Conferences
Make sure your users is not vulnerable to Meeting Bombing, Malicious Links In a Chat, and Stolen Meeting Links. Making sure your videoconferencing is set up securely can help prevent these attacks from being successful.
5. MailChimp Email Security
Minimize the attack surface and the opportunities for attackers to manipulate human behavior through their interaction with email systems.
6. MailChimp Certificates
SSL, and its successor TLS, are industry standard protocols for encrypting network communications and establishing the identity of websites over the Internet. SSL/TLS provides encryption for sensitive data in transit and authentication using SSL/TLS certificates to establish the identity of your site and secure connections between browsers and applications and your site.
7. MailChimp Incident Response
Protect the organization's information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker's presence, and restoring the integrity of the network and systems.