| layout | title | order |
|---|---|---|
page |
Security |
5 |
Following these simple steps should ensure that data stays secure
- Always encrypt your hard-drive. In Ubuntu use full-disc encryption, in OSX use File Vault.
- Do not connect to public WiFi. Never. Anywhere.
- if you need internet access, take the company’s 3g-router
- if it’s not possible, use your mobile as 3g-hotspot and just ask for a refund for using mobile data
- If possible, have Bluetooth turned off. Always have Bluetooth turned off when you’re not in the office or at home.
- If you’re using Google Authenticator on your mobile, ensure that accessing your mobile phone data is not possible without the password.
- make sure, that after 10 tries it will auto-wipe
- ensure that no one can read text messages on your phone without providing the password first (turn off text-message notification on lock screen)
- 2F Auth must be turned on wherever this is possible; ensure that you have turned it on for GSuite, GitHub, Bitbucket, Gitlab and other services we’re using on a daily basis.
- Your computer must have auto-lock turned on, the suggested timeout is 1 minute. Every team member caught leaving his computer unlocked is obliged to buy doughnuts to the office as penalty compensation.
- Use a secure password manager, ie. KeePassXC{:target="_blank"}
- Use GPG to sign your mail
- on OSX you can use either Thunderbird or GPG Suite with Mail.app. MailMate also has nice support for GPG
- GnuPG is most likely installed on Linux, if you're using one
- Use your GPG to sign your commits
- Never send credentials / API keys / etc in plain text
- To share files within company use intranet and shared hard drive
- To share files with clients, use S3 bucket and signed links (with expiry set to max 24h)