Basic Security Best-Practices

Here is a list of security best-practices which we apply at Binary.com, but which are good practices to adopt at any company.

Use strong passwords

Seems obvious, right? But surprisingly many people don't actually know what a strong password is. Adding a few capitals and punctuation marks into the password won't cut it.

A strong password for a human isn't necessarily a strong password for a computer. To understand the difference, see the following famous XKCD cartoon:

xkcd

The point being that "Tr0ub4dor&3" may look like a strong password but in fact "correct horse battery staple" is a much stronger password, despite it being easier to remember for a human being.

Store all passwords in the company password manager.

This means, no passwords on Post-It notes, no passwords in text files, or Word documents.

Communicate passwords only via the company password manager.

This means: never email passwords, never put them in Google Chat, or Slack, never put them into Skype chat etc. Always use the company password manager to securely send passwords to your colleagues.

Don't re-use passwords

Don't use the same password in two different systems. In particular, never re-use a password that you have used outside of the company.

Enable two-factor security

Enable two-factor security on all systems that support it. Most often, the two-factor code will be sent to your mobile phone, so please ensure that you have (1) updated your phone's operating system to the latest version; and (2) set a password or fingerprint protection on your phone lock screen.

At Binary.com, we will always enforce two-factor security on all systems that support it.

Enable your laptop screensaver

Enable the screensaver on your laptop, and password-protect it.

On a Mac, this is enabled by going to System Preferences -> Security & Privacy -> General.

screensaver

Avoid using Windows

Microsoft Windows generally suffers from more security risks than Apple Macs and Chromebooks. Everyone who works onsite at Binary.com will receive either a company MacBook or a Chromebook. If you can do your job entirely on a Chromebook, choose that, as it's the most secure. You need special permission to work on Windows.

Don't use home PCs

Odds are, the Windows PC you have at home is probably already hacked. You should never log into any company-related system from home, except on company-supplied laptops. Even that is not recommended, as you probably don't have a proper network firewall at home.

Prefer the Chrome browser

Some people may debate this point, but generally speaking Chrome is the most secure browser, so please use it for all tasks (except of course, browser compatibility testing). Make sure it is up to date by checking chrome://help/.

Run the Google Security checkup

Go to https://security.google.com and run the Google Security checkup.

Enable your Firewall

On a Mac, this is enabled by going to System Preferences -> Security & Privacy -> Firewall.

firewall

Encrypt your hard-disk

On a Mac, this is enabled by going to System Preferences -> Security & Privacy -> FileVault.

harddisk

Be wary of links in emails

If in doubt, don't click on it.