Over the lat of working in the web rozwój industry we've collected a number of rules that we believe are essential to keep the firma and all its products secure. These are a bare minimum and must-have norms that every oprogramowanie rozwój zespół should apply to meet some level of security while working on a oprogramowanie product.

1. Encrypt your hard drives

FileVault is a rozwiązanie for Apple hardware, but there are tons of other applications that make data on a computer's drive that is turned off very difficult to decrypt.

2. Turn off your computer when you are on the move

Disk encryption only works when the computer is completely turned off (not just closing the lid or hibernating). Remember this especially during traveling when there is - even a small - risk of losing / theft of equipment.

3. Set up two-factor authentication (2FA) whenever you can

At USEO, we use Google Workspace with built-in 2FA. We have this rule that we log in with a Google account whenever the external usługa allows it. If there is no such option - it is best to set a unique password and turn on 2FA immediately after logging in.

4. Update your antivirus program

It's kind of obvious. Never delay your oprogramowanie updates.

5. Lock your screen(s)

Set your computer to ask for a password every time your screen goes dark. Best of all, lock it down yourself as soon as you leave your computer.

6. Secure your phone

Your phone is a 2FA component, so it must be well protected - use a long password, facial recognition or fingerprint.

7. Use only a work account

Do not use private cloud solutions for your work, even if it's also Google. This also applies to documents, e-mail, calendar, etc. Google Workspace has a different security policy for private and work accounts.

8. Secure external drivesAll external drives where we store firma’s data should be encrypted and password protected.

9. Use a password manager

It could be an Apple Keychain, 1password, or any other rozwiązanie that allows you to store your passwords securely. Thanks to this, we have individual passwords for everything and we do not have to remember them.

10. Generate secure passwords

If you can't log in somewhere using your Google account, generate a password in the password manager - it will be difficult, unique, but you won't have to remember it.

11. Use a VPN

Whenever you use public wi-fi, use a VPN to protect your connection. We have some doświadczenie with ExpressVPN and NordVPN - both are ok, but there are tons of other options.

12. Be careful with firma’s data

Even if it seems that the data seems not important or sensitive it can still be used for various types of attacks (e.g.: phishing or spoofing).

13. Update the oprogramowanie

All your oprogramowanie, also the operating system. Do it regularly. Old versions often have bugs that can be easily exploited.

14. If you are a oprogramowanie programista - never use a production baza danych in your local environment

It may seem easier and faster to load a production baza danych for local rozwój, but it generates a lot of threats.