Am I Secure Checklist

This document contains a checklist that can be used to determine if you adhere to our security guidelines.

General

  • I have 2 factor authentication where possible and enabled for these accounts: (Login with your password and a security code via Keyhub)
    • Google
    • Freedom
  • I have a strong (minimal 12 character) password on my Keyhub account
  • I do not reuse passwords for multiple accounts
  • I use long (randomly generated) passwords for (personal) work accounts and they are stored in Keyhub. Passwords that need to be shared are stored in groups. Passwords for your personal work accounts can be put in the personal vault within Keyhub. NOTE: Make sure to memorize your Google and Keyhub passwords. Do NOT store your Google password in Keyhub
  • I will report to the Security circle when any device (laptop, phone, USB sticks etc.) with company data on it is lost or stolen.
  • I only use USB sticks that are ours. Never use USB sticks that are given by companies/conferences and alike. And I only use a USB key if it is absolutely necessary (because they will get lost, always. It’s a murphy's law thing).
  • I only share Passwords via the password manager and not in any other way!
  • In the context of security incidents, the organization reserves the right to claim your device for research purposes.
  • This is also documented in the loan and usage agreement (bruikleenovereenkomst) you signed when you got your contract.

Laptop

  • I have Eset antivirus software installed (Linux excluded)
  • My laptop is protected with a password (no 4-digit pins!)
  • My screen locks after no more than 2 minutes of inactivity
  • 🔑
    Full Disk Encryption
    is on
  • My SSH key is passphrase protected.
  • My laptop is kept up to date with the latest software.
  • I don’t do anything illegal with the laptop, again documented in the loan and usage agreement.

Smartphones/other devices

This part is only relevant if you have ANYTHING work related on your phone (2-factor token apps excluded).

  • I have a lock screen on my smartphone
  • I log out when I no longer need to use accounts on my phone (mail/slack excluded)
  • Make sure encryption on your phone is on (Android: settings, security, Encryption)
  • I have enabled encrypted calling on my deskphone/Webphone/Voys app (manual [NL])
  • I only use company accounts on devices that receive security updates