1. Bookmark the SendSafely Online Help Center, Blog & Developer Center
Your first points of reference to learn more about new platform features, find guidance on setting up various integrations, or download “Quick Start Guides” and/or Videos for your new users. You can also email support@sendsafely.com with any questions.

2. Plan Employee On-boarding & New User Education
New user education is a critical component of a successful on-boarding plan. SendSafely provides many useful resources that can be incorporated into your internal on-boarding documentation and employee guidance.  It is recommended you start by reviewing the SendSafely New User Guide with the aim of providing it to your employees along with the applicable “Quick Start Guides” and/or demo Videos.

3. Plan Service Account Usage (Particularly for Dropzones)
Administrators can create and manage designated Service Accounts from the Enterprise Console to use with our API, Dropzones and third party integrations.  Before using a Service Account be sure to fully understand both the security benefits and also the potential requirement for generating backup private decryption keys if used to host production Dropzones.  Review the following Service Account documentation:

• Blog - SendSafely Service Accounts
• Help Center Article - Creating Service Accounts

"Non-Service Account" Dropzone Setup Instructions: When setting up a production Dropzone using a fully registered user account (instead of using a Service Account) we recommend backing up the initial Trusted Browser Key for the Dropzone "Owner". This initial key can be used to access all historical packages received via that Dropzone - which is especially useful if you choose to automate the download/export of received files in the future.

4. Integrate Single Sign On (SSO)
Integrate SendSafely with your organization's SSO solution to authenticate your employees.  SendSafely supports SSO using the SAML2 authentication standard, and is listed in the application catalogs for Okta, OneLogin and Azure AD, and also supports Google SSO.

5. Enforce 2FA/MFA to Protect All User Accounts
SendSafely recommends enforcing the use of 2FA/MFA to protect all employee user accounts. This is especially important for privileged Administrator accounts.  If available, utilize your enterprise SSO solution to provide the 2FA/MFA authentication protection (see above).  If SSO is not available, review the supported SendSafely Two Step Authentication options, and enforce within the SendSafely Enterprise Console. 

6. Assign a Backup Administrator User
SendSafely requires having at least 2 Administrator user accounts configured at all times (as a primary & backup account in case someone is out on vacation).  Administrators can also manage Dropzones directly from the Enterprise Console.

7. Setup a SendSafely Master Key
Assess whether you need a Master Key configured for your SendSafely portal as part of a compliance, audit, or archival program.  A Master Key provides an organization the ability to decrypt items transferred through its SendSafely platform. This is especially important if you need to recover data after an employee leaves the company, or if your organization operates within a regulated industry, such as Financial Services. Please note: a Master Key can only decrypt packages sent and received after the date the key is successfully configured in your SendSafely portal.  It cannot provide access to historical packages sent/received prior to its setup date or to packages that have already been deleted.

8. Configure SendSafely Data Retention Settings for your Organization
SendSafely Admins can specify the default, minimum and maximum package expiration for all users in the Enterprise Console. Expiration settings apply to all packages sent using the web portal, Chrome extension, email integrations and the API.  Dropzone Package Expiration is configured separately in the Dropzone profile, while Workspaces are designed for longer term collaboration and are currently not subject to data expiration settings.  

The maximum package expiration is 365 days. Organizations required to retain data for extended periods of time, or export it to other systems for archival or compliance purposes should read up on Long Term Data Storage & Auditability for Compliance with SendSafely, then set up a SendSafely Portal Master Key and then utilize one of the following long term storage options:  

1. Configure your own AWS S3 Bucket for use with SendSafely - Utilizing this feature provides you with additional options regarding long term storage of packages sent and received through your SendSafely instance. This includes  "Disabling Package Expiration" and "Disabling File Deletion". You can also utilize versioning in S3 buckets to recover more easily from unintended user actions such as accidental deletion.   
   • Note - Disabling package expiration may negatively affect the user experience since users will be unable to delete any sent files. For these cases, users will still be able to immediately expire access to the files to prevent access but the files will remain available in the system for compliance purposes. 
2. Scheduled Export of Sent/Received Packages via the SendSafely API - the SendSafely API can be used to automatically download all packages sent/received on a regularly scheduled basis.  The downloaded files can then be processed or archived as required.  SendSafely provides a Package Export Utility along with several source code examples for exporting packages via the SendSafely API on GitHub.

9. Secure Privileged Administrative & Service Accounts
As a best practice, Admin accounts should only be used for performing Administrative functions and not for daily SendSafely use. Ensure 2FA/MFA authentication controls are utilized to protect these privileged accounts, ideally via enterprise SSO if available.   

Service Accounts used to host Dropzones or provide API access should not be assigned Administrative privileges.  When possible these accounts should also be protected by 2FA/MFA.  After initial setup, Service Accounts should not be used to log into the SendSafely portal, and instead be managed by an Admin via the Enterprise Console.

10. Encourage Users to use SMS Verification to Protect Sensitive Files
Both SendSafely Send and Workspaces provide an SMS verification option for recipients and collaborators. Encourage your users to require external guests be authenticated using an SMS pin for extra protection against unauthorized access. SMS verification can be easily enabled from the Workspace Collaborators page and the Send Items screen.