Following these simple steps should ensure that data stays secure:
- Always encrypt your hard-drive. In Ubuntu use full-disc encryption, in OSX use File Vault.
Do not connect to public WiFi. Never. Anywhere.
- if you need internet access, take the company’s 3g-router
- if it’s not possible, use your mobile as 3g-hotspot and just ask for a refund for using mobile data
If possible, have Bluetooth turned off. Always have Bluetooth turned off when you’re not in the office or at home.
Always have your mobile secured by PIN (Hello, Captain Obvious!)
If you’re using Google Authenticator on your mobile, ensure that accessing your mobile phone data is not possible without the password
- make sure, that after 10 tries it will auto-wipe
- ensure that no one can read text messages on your phone without providing the password first (turn off text-message notification on lock screen)
- 2F Auth must be turned on wherever this is possible; ensure that you have turned it on for GSuite, GitHub, Bitbucket, Gitlab and other services we’re using on a daily basis.
- Your computer must have auto-lock turned on, the suggested timeout is 1 minute. Every team member caught leaving his computer unlocked is obliged to buy doughnuts to the office as penalty compensation.
- Use a secure password manager, ie. KeePassXC
- Use GPG to sign your mail
- on OSX you can use either Thunderbird or GPG Suite with Mail.app. MailMate also has nice support for GPG
- GnuPG is most likely installed on Linux, if you’re using one
- Use your GPG to sign your commits
- Never send credentials / API keys / etc in plain text
- To share files within company use intranet and shared hard drive To share files with clients, use S3 bucket and signed links (with expiry set to max 24h)
ISO 27001: Information Security Management at Prograils
In December 2019 Prograils received the ISO 27001 certificate (no IS 718906). The certificate confirms that our operations in the field of designing, building and development of IT systems, web & mobile applications, as well as consulting are in line with the information security norm ISO 27001:2013, and that we have created and implemented our own Information Security Management System.
Long story short: any information, from source code to user data at Prograils is strictly protected and confidential. The ISO 27001 certification is an unbiased proof that software development at Prograils is done according to the highest standards.
If you want to read the Prograils Information Security Policy, get in touch with us.