Here is a list of security best-practices which we apply at Binary.com, but which are good practices to adopt at any company.
Use strong passwords
Seems obvious, right? But surprisingly many people don't actually know what a strong password is. Adding a few capitals and punctuation marks into the password won't cut it.
A strong password for a human isn't necessarily a strong password for a computer. To understand the difference, see the following famous XKCD cartoon:
The point being that "Tr0ub4dor&3" may look like a strong password but in fact "correct horse battery staple" is a much stronger password, despite it being easier to remember for a human being.
Store all passwords in the company password manager.
This means, no passwords on Post-It notes, no passwords in text files, or Word documents.
Communicate passwords only via the company password manager.
This means: never email passwords, never put them in Google Chat, or Slack, never put them into Skype chat etc. Always use the company password manager to securely send passwords to your colleagues.
Don't re-use passwords
Don't use the same password in two different systems. In particular, never re-use a password that you have used outside of the company.
Enable two-factor security
Enable two-factor security on all systems that support it. Most often, the two-factor code will be sent to your mobile phone, so please ensure that you have (1) updated your phone's operating system to the latest version; and (2) set a password or fingerprint protection on your phone lock screen.
At Binary.com, we will always enforce two-factor security on all systems that support it.
Enable your laptop screensaver
Enable the screensaver on your laptop, and password-protect it.
On a Mac, this is enabled by going to System Preferences -> Security & Privacy -> General.
Avoid using Windows
Microsoft Windows generally suffers from more security risks than Apple Macs and Chromebooks. Everyone who works onsite at Binary.com will receive either a company MacBook or a Chromebook. If you can do your job entirely on a Chromebook, choose that, as it's the most secure. You need special permission to work on Windows.
Don't use home PCs
Odds are, the Windows PC you have at home is probably already hacked. You should never log into any company-related system from home, except on company-supplied laptops. Even that is not recommended, as you probably don't have a proper network firewall at home.
Prefer the Chrome browser
Some people may debate this point, but generally speaking Chrome is the most secure browser, so please use it for all tasks (except of course, browser compatibility testing). Make sure it is up to date by checking chrome://help/.
Run the Google Security checkup
Go to https://security.google.com and run the Google Security checkup.
Enable your Firewall
On a Mac, this is enabled by going to System Preferences -> Security & Privacy -> Firewall.
Encrypt your hard-disk
On a Mac, this is enabled by going to System Preferences -> Security & Privacy -> FileVault.
Be wary of links in emails
If in doubt, don't click on it.