Wednesday Playbook
Our Services
  • Welcome to our Playbook
  • What we do
    • Our Services
      • Catalyse - For companies looking for staff augmentation services
      • Launch - Startups and Early Stage Companies
      • Control - Fast-paced tight-deadline projects with moonshot ROI potential
      • Amplify - Scaleups and Hyper-Growth Companies
      • Do's and don'ts
      • Ceremonies
    • Our Partner Programs
      • Agency Partner Program
      • Advisor/Consultant Partner Program
      • Investor Partner Program
      • Developer Tooling Partner Program
  • Employee Handbook
    • How We Work
      • Our Values
      • Our Dream Team
      • Our Leave Policy
      • Out of Office
      • Communication
      • Security Practices
      • Hiring Philosophy
    • Employment Policies
      • Equal Opportunity Employment
      • At-Will Employment Policy
      • Code of Conduct
      • Employee Privacy
      • Compensation
      • Performance Appraisal Policy
        • Timeline for each appraisal cycle
        • Guidelines for Self, Manager, Peer & Colleague Reviews
    • Starting at Wednesday
      • Your first day
        • Onboarding Checklist
      • Becoming a permanent employee
      • Getting Paid
      • Dress Code
      • Work Hours
    • Benefits and Perks
      • Holiday List
      • Paid Time Off
      • Group Health Insurance
      • Conferences
      • Hardware & Software Licenses
  • Engineering Playbook
    • Introduction to Our Engineering Playbook
    • System Architecture & Design
      • Templates
    • Release Engineering
      • Git-flow
      • Code reviews
      • Commit Messages
      • Pull requests
      • Continuous Integration and Delivery
    • Careers in Engineering
      • Hiring Engineers
      • Career Growth
  • DESIGN PLAYBOOK
    • Introduction to Our Design Playbook
    • Who we are
      • Our Journey
    • Why Us
      • Our Values As Designers
    • Careers in Product Design
      • Hiring Designers
  • Project Management Playbook
    • Introduction to Our Project Management Playbook
    • General Guidelines
      • Checklists
        • Internal Checklist
        • Customer Onboarding Checklist
    • Our Approach
      • Agile Ceremonies
        • Sprint Planning
        • Standups
        • Retrospectives & Demos
      • Stakeholder Management
        • Documentation
      • Team Management
    • Careers in Project Management
      • Career Growth
  • Communications
    • Introduction to Our Communications Playbook
    • Content
      • Channels
      • Process
        • Articles
          • Article Structure
            • Introduction Section
            • Instruction Sections
            • Getting Started Section
            • Theory Section
            • Reference Sections
            • "Where to go from here" section
          • Choose your topic
          • Write your outline
            • Research the topic
            • Create your article outline
          • Sample project
            • Follow the four commandments
            • Create a starter project
          • First draft
            • Think of the reader as a beginnner
            • Stay in limit
            • Make it scannable
            • Explain Code
          • Polish your draft
            • Use Hemingway
            • Review as a reader
    • Brand Assets
      • Wednesday
      • The Wednesday University
      • The Wednesday Show
  • Legal Templates
    • Client Contracts
      • Fixed Cost
        • Master Services Agreement for Fixed Cost
        • Statement of Work for Fixed Cost Projects
      • Time and Material
        • Master Services Agreement for T&M
        • Statement Of Work for T&M Projects
    • Personnel Contracts
      • Internship Offer & Intent to Hire
        • Internship Offer Template
        • Annexure 1 - List of Documents for Interns
        • Acknowledgment of Receipt of Playbook for Interns
        • Letter of Intent to Hire
      • Offer cum Appointment Letter for full-time personnel
        • Offer Cum Acceptance Letter Template
        • Annexure 1 - List of Documents for Personnel
        • Acknowledgment of Receipt of Playbook for Personnel
      • Contractor Agreement
        • Contractor Agreement Template
        • Annexure A
  • Elsewhere
    • Our Products
    • The Wednesday Show
    • Wednesday University
Powered by GitBook
On this page
  • Enable "Find My Mac"
  • Use a Password Manager
  • Two-Factor Authentication
  • Enable FileVault (encryption)
  • OWASP Guidelines

Was this helpful?

Edit on Git
  1. Employee Handbook
  2. How We Work

Security Practices

Security practices that all of us follow.

PreviousCommunicationNextHiring Philosophy

Last updated 2 years ago

Was this helpful?

Enable "Find My Mac"

Apple’s iCloud service has a feature called Find My Mac which lets you see the location of your Apple device. As long as your lost Mac isn’t in sleep and is connected to a Wi-Fi network or tethered to a personal hotspot, you can locate it on a map. If it’s connected to the Internet via Ethernet, Wi-Fi, or a personal hotspot, you can play a sound on it, lock it, or erase it completely.

This location is not very precise, but it can be a useful piece of data if you accidentally leave your laptop somewhere. You should enable this for all your Apple devices, even MacBooks and iMacs.Find My Mac

Find My Mac

Use a Password Manager

Given the current state of internet security, sensitive data leaking all the time is not even breaking news. This means the security of your data, although should be the concern of the service, is also slightly in your hands. You must ensure it is as difficult as possible for someone to get access to your data.

One way to do this is to use different passwords on every website, and let them be completely random — and unrelated to your date of birth, first pet, aunt’s name, first crush, etc. To do that entirely in your head and remember them all, is obviously impossible. The answer? A password manager!

Once you change all your passwords to lengthy random ones, the only password you need to remember is the “master” password of the manager itself. This means that if a service gets hacked and passwords get leaked, only the password you used on that particular website gets compromised. All other passwords remain safe!

Two-Factor Authentication

2FA lets people use a second factor for authentication. Indian banks and cards use SMS OTPs as a second factor all the time. It ensures that the user must know the full details of a card, and must also possess the phone-number registered against the card. Similarly, popular services like Gmail, Github, Slack, etc. allow a randomly-generated number to be used as a second factor, just like a bank's OTP.

Enable FileVault (encryption)

Our devices (computers, phones, tablets, etc.) contain a lot of private and confidential data belonging to us and our clients. If you’re logged into your Wednesday accounts (email, drive, remote servers, etc.) on any device, you must take extra precautions that the data remains safe. As a general rule, you should try and limit the number of devices that have any work-related data.

Most modern Android and iOS devices support hardware encryption of data and have it enabled by default. However, macOS computers do not have encryption enabled by default and you must enable it yourself — you should do this as soon as you get your computer!

In macOS, open System Preferences. Go to Security and find the tab called “FileVault” — that’s what Apple calls full-disk encryption. Once you enable it, the system will generate a decryption key that you should note down (ideally a physical medium; definitely not on the same computer!) and store somewhere safe. If this key is lost and you ever forget your password, it will be impossible to recover any data. The encryption process should take less than 30 minutes to finish, and you can keep working while it happens.FileVault in macOS Mojave

OWASP Guidelines

The OWASP foundation works to improve the security of software. It's community-driven and has hundreds of chapters worldwide.

If you're working on a web or mobile application and don't know about the top 10 OWASP guidelines for that platform please get in touch with Mac.

Password managers like , , and let you generate and store random complex passwords — for example, 30 characters, mixed case, with numbers and symbols! Some of them also allow storing credit cards and personal identification details. Pretty much all the popular ones also let you auto-fill the relevant details in the login form of a website. Magic!

Whenever possible, you should use for logging in to services. Normally, you only need a Username (or an email) and a Password to login to a service. Usernames are fairly easy to guess -- most people repeat email addresses and usernames across services, and many of those services publicly display this data. When it comes to passwords, most people repeat those too and (unfortunately) use something that is fairly easy to guess. Organisations have historically been bad at keeping user data safe. Passwords are stored using insecure methods, databases get hacked -- these are now normal occurrences in the news and it doesn't even surprise us.

A very popular, free of cost, OTP generation app is . Authy has helpful guides to set up 2FA on most services, and you should turn on 2FA for every service. It benefits you!

FileVault on macOS Mojave
1Password
LastPass
KeePass
two-factor authentication (2FA)
Authy