Every month we will be reaching out to someone we know from the GridAKL community to share insights, tips and tricks. This month we asked the crew from ThisData to tackle some online/computer security advice which happens to be an area of expertise for this team!
One of my jobs here at ThisData is to build community around our brand and establish our product as a thought leader when it comes to login security. I manage our Twitter account so I'm often tweeting about security news, breaches and product updates. Following a few tweets last week commenting on the latest security blips, the team at GridAKL, where we are based, asked if I could put together something about tech security in shared offices. I've come up with my five top tips (who doesn't love a good top 5 post?!) on how to stay safe when working in a shared space situation:
Always lock your computer. It really surprises me how many people leave their screen on in plain view when they get up to make a coffee or are otherwise occupied away from their desk. We have a rule that you have to lock your computer every . single . time you get up to move away from it. If you think that is too hard to remember, set your screen to auto-lock after one minute and that should annoy you enough to get you motivated enough to do it. (You should probably really do both). The same applies to your phone - auto-lock, touch ID & passcode should always be enabled. If you're working towards building a good security culture in your company, this checklist may help: Security checklist for your employees.
Use a VPN on shared wifi. I use Cloak pretty much every where I go on my laptop and on my phone. There's no need to use a VPN on the Grid Resident network as you have your own username & password, so no one is sharing your connection to the internet. As an aside, if you are using a VPN anyway or on a guest wifi connection you'll probably have trouble printing to the shared printer. In this case, you just have to turn the VPN off to print, then turn it back on.
Password manager. I'm hoping this is not the first time you have heard of a password manager. But if it is, then take a look at 1Password or LastPass. These tools generate passwords for you, keep them safe, and sync across your devices. You can choose the password length (longer the better) and if it should contain characters, symbols, numbers (it should have all of these). It takes a little time to go through all of the sites you use and generate new passwords, but it is 150% worth doing. Plus, you can always do this gradually, checking your passwords as you visit sites and changing them where necessary. Your 'Master Password' for the password manager needs to be equally strong but you have to come up with that one yourself. This post should help: 5 tips to create strong passwords.
Firewalls. Ensure you have firewalls on local machines that are attached to the shared network. Remember some apps (especially distributed services like Elasticsearch, which we use) have service auto discovery. You don’t want them to connect to other people’s services at the shared space. Keep tabs on what services your machines are exposing on the network. Find out more here on how to enable the firewall and find your open ports: OS X: About the application firewall and
Turn Windows Firewall on or off (applies to Windows 10.
Physical security. Other security risks are around physical security and they just involve common sense. We consider the Grid to be a safe environment, but it is smart to treat shared spaces as you would a cafe. When it comes to sensitive or confidential documents, don't leave them unattended on your desk. Take them home or lock them up in a cupboard or safe. If you write notes on a meeting room whiteboard, take a photo and wipe it off before you leave. Finally, don't have conversations about sensitive topics in the open for all to hear. Jump in to a meeting room or take it outside to avoid having to deal with a situation where confidential information has made it outside of your inner circle.