• Docs/
  • Welcome/
  • IT security

IT security

General idea

To protect Codifly's systems against theft, abuse or any form of harm and loss, always think from a security & privacy point-of-view. This basically means: apply strict security and privacy standards to everything you do/use/create.

These guidelines are a good start. Of course, feel free to discuss this topic or share other interesting security measures on our "General"-channel on Teams!

Office security

If you are the last person to leave the office, make sure all windows are closed, all lights are out, the AC is off, everyone is gone... Hold your badge against the alarm unit and push the "lock" button. Close all 3 doors between the office and Growthopia (first push the red button to unlock the magnet holding the door).

Password policy

In order to improve security and privacy within Codifly, we have decided that from 2016 onwards we no longer use weak passwords and that from then on we would never use the same password twice.

To support this idea without too much overhead, we have set up a password management system. We started using KeeWeb, but have now migrated to 1Password.

Codifly vaults

  • Install 1Password: brew install --cask 1password@7.

  • Open 1Password and log in. You received the account information via mail from HR.

  • Since we are sharing 1 account, you get access to all the vaults. This way everyone can use the passwords shared within Codifly. You will see several vaults, including "Private". However, this is not a personal vault.

    "Private" vault is not private: it is shared with everyone. Don't use it!

To get a personal vault, follow the steps below.

Personal vault

Regarding your personal Codifly passwords, you should create a local vault on your Mac:

  • Go to 1Password 7 / Voorkeuren / Geavanceerd and enable "Sta toe dat kluizen die los staan van je 1Password accounts worden gemaakt".

  • Enter the master password again.

  • Create a vault "Primaire" on your Mac.

  • Go to 1Password 7 / Voorkeuren / Synchronisatie and enable "iCloud synchronisation for your personal vault".

    Using this approach, you have access to your personal vault on all your devices.

  • By going to Voorkeuren / Beveiliging / Wijzig Hoofdwachtwoord you can set a new, personal, password for your personal vault (the default password of your personal vault is that of the shared 1Password account).

After this last step, you can unlock 1Password with your own custom password instead of Codifly's default one! In other words: the password of your personal vault also unlocks the shared vaults.

Computer policy

Device security: hardening the Mac

In this section, we would like to focus on hardening our mac devices. More concretely, in order of importance:

  • User account considerations. Go to System Preferences -> Users and Groups and ensure that: 1) the guest user is disabled 2) a strong password is configured for the main user 3) Automatic login is turned off. Then go to System Preferences, open Security and Privacy, and check Require password immediatly after sleep or screen saver begins. Then go to System Preferences, open Desktop and Screen Saver and select “5 minutes” in the bottom left corner.
  • Hard disk encryption. To prevent unauthorized access to the information on the hard disk (for example, in case of theft or loss of your device), make sure that FileVault is enabled. To enable FileVault, go to System Preferences, then click the Security & Privacy icon, open the FileVault Tab, unlock using the bottom-left Lock icon and click on the button Turn On FileVault.
  • Firewall. Using the MacOS Firewall, allowed incoming (!) connections can be configured on a per-application basis. To enable the firewall, go to System Preferences, then once again click the Security & Privacy icon. Then open the Firewall tab, unlock using the bottom-left Lock icon and click Turn On Firewall. Then click Firewall Options. Here, check Enable stealth mode. When necessary, applications that should accept incoming connections can be added via the + icon.
  • Update software regularly. Old software may be vulnerable...
    • Enable auto update in the App Store. To automatically update MacOS and Apps, open App Store and go to App Store > Preferences. Check Automatically check for updates.
    • Enable auto update for other applications. Applications not related to the MacOS or the App Store may have auto update capabilities. Make sure that these features are enabled for all applications.
      • For Sourcetree, enable Sourcetree > Preferences > Update > Automatically check for updates.
      • KeeWeb has an option Download and install automatically, accessible via the kog icon after log in.
      • For Skype, go to Skype > Preferences… > General and check Always keep Skype up to date.
      • In Chrome, go to Preferences - About and click Set up Automatic Updates for All Users.
      • Also consider other installed software.
    • Frequently update other software manually.
      • To update brew and installed command line tools, run brew update. Afterwards, to update all brew packages, run brew upgrade.
      • Also consider other installed software.
  • Disable all sharing. Go to System Preferences and click Sharing. Here, make sure all sharing services are disabled.
  • Improve Privacy by Disabling Spotlight Suggestions. With Spotlight Suggestions enabled, search queries are sent to Apple. Go to System preferences > Spotlight and deselect Spotlight-suggestions in the list, and uncheck Allow Spotlight Suggestions in Spotlight and Look up. Also open Safari, and go to Safari > Preferences > Search, and uncheck Include Spotlight Suggestions (“Inclusief Safari-suggesties”).

2-Factor authentication for Apple ID

Make sure two-factor authentication is enabled for all Apple IDs used on Codifly devices.

On iOS: Settings > {Fistname Lastname} > Password & Security > Two-Factor Authentication

Alternatively, on Mac: System Preferences > iCloud > Account Details > Security > Two-Factor Authentication.

The screensaver

First of all: always lock your screen when you leave your desk!

Next, go to Systeemvoorkeuren > Bureaublad & Schermbeveiliging, Open the tab Schermbeveiliging, enable the screensaver "Bericht". Click "Schermbeveiliigingopties", and type the following message:

Voornaam Naam
info@codifly.be

Other considerations

  • Do not send private emails with your work account or work-related emails with your private account.
  • Do not share passwords or documents via mail or Teams or other unencrypted channels. Transfer sensitive data between devices using AirDrop. Storage media such as USB keys or CDs/DVDs are never used, unless absolutely unavoidable. In case a transfer of data is required for which you think that USB is the only option, contact Arvid to see if this can be avoided. The data transferred via a storage device must always be deleted after the transfer has been completed
  • For OneDrive users: do not send OneDrive-content as attachment but use links to the specific folder or file.