Following these simple steps should ensure that data stays secure:
- Always encrypt your hard-drive. In Ubuntu use full-disc encryption, in OSX use File Vault.
Do not connect to public WiFi. Never. Anywhere.
- if you need internet access, take the company’s 3g-router
- if it’s not possible, use your mobile as 3g-hotspot and just ask for a refund for using mobile data
If possible, have Bluetooth turned off. Always have Bluetooth turned off when you’re not in the office or at home.
Always have your mobile secured by PIN (Hello, Captain Obvious!)
If you’re using Google Authenticator on your mobile, ensure that accessing your mobile phone data is not possible without the password
- make sure, that after 10 tries it will auto-wipe
- ensure that no one can read text messages on your phone without providing the password first (turn off text-message notification on lock screen)
- 2F Auth must be turned on wherever this is possible; ensure that you have turned it on for GSuite, GitHub, Bitbucket, Gitlab and other services we’re using on a daily basis.
- Your computer must have auto-lock turned on, the suggested timeout is 1 minute. Every team member caught leaving his computer unlocked is obliged to buy doughnuts to the office as penalty compensation.
- Use a secure password manager, ie. KeePassXC
- Use GPG to sign your mail
- on OSX you can use either Thunderbird or GPG Suite with Mail.app. MailMate also has nice support for GPG
- GnuPG is most likely installed on Linux, if you’re using one
- Use your GPG to sign your commits
- Never send credentials / API keys / etc in plain text
- To share files within company use intranet and shared hard drive To share files with clients, use S3 bucket and signed links (with expiry set to max 24h)