There are certain practices that we ignore and would avoid more than one dislike.
In this post, our SlashBoy Oriol Sanz, Software Developer, tells us 10 tips to take
into account in the computer security of our company.
Take note!
There are 3 authentication methods: something you know (identifying question),
something that you have (dni) and something that you are (fingerprint ..). Passwords
belong to the first group, so writing them somewhere makes them something of the
second and leaves to be as effective as they can be.
When the number of users and passwords we have is considerably large we can “point”
them as long as it is in the Keychain of the device, be it a mobile or the pc but never
anywhere else.
Whenever a breach of security is found or any existence is suspected, it must
immediately be communicated to a superior or manager to be able to solve it as soon
as possible and thus avoid future problems.
As a general rule, default passwords are often easy (such as user or “12345”) or written
in a welcome email, so you have to change them as soon as we receive them.
No one is perfect, so passwords can be “misplaced”. It is safest to modify these passwords
periodically or when there is the slightest suspicion of security breach.
In our day to day we constantly have sensitive information in our computers, so leaving
them open at the mercy of the whole world is a bad idea. Whenever the terminal is
abandoned, it must be properly blocked to avoid leaks of any kind (yes, even if it is abandoned
“for a moment”).
A network has practically the same security problems as a terminal, so that if there is a
security problem you must also change the passwords of the WiFi, do not leave them by
default, control access, etc.
The code for all applications needs to be reviewed before they are raised to production
for avoid exposing passwords and other data to reverse engineering, etc.
It is necessary to have a plan of action in case there is data that is misplaced or stolen
by someone external to the company, is something that can happen and not have a plan is
a error.
More of the same as the previous point, unlike in this case someone is spoken of the
company. When someone leaves the company they have to be revoked the permissions
of this one and change all the passwords of which it could have knowledge, even WiFi.