Security Best Practices

Nowadays, security and privacy are very debated subjects, and new regulations appear and get applied frequently all around the world.

In order to keep your online testing activities (and not only) as safe as possible we strongly recommend to follow the below best practices:

• limit the physical access to an electronic device;
• use automatic updates to install patches and updates regularly;
• use Operating System version supported by Vendor;
• use strong passwords (8 characters minimum length, contains the following items: Uppercase Letters, Lowercase Letters, Numbers, Symbols) and MFA (Multi-Factor Authentication) if applicable;
• change password every 6 months or every time you suspect that has been compromised;
• use a password without personal information (username, first or last name, birth dates, etc);
• do not compose password of names or other terms easy to guess or generate automatically (such as any dictionary entry);
• do not adopt passwords that are easy to use even when changing from QWERTY and AZERTY to other keyboard layouts;
• use a unique password from the previous passwords used;
• do not share or disclose a password with anyone nor written down;
• do not disclose your password;
• store password within an approved password manager application;
• do not use the same password for multiple accounts;
• do not transmit passwords in plain-text;
  use encryption (full disk encryption must be enabled (Mac, Windows, Linux: Ubuntu, Fedora, etc.);
• use firewall, antivirus, and antimalware software with activated automatic updates;
• use a different account for work and another account for private use;
• prevent a screen view with Confidential Information to the unauthorized person;
• log out from all systems or locking the screen with a password when leaving workstation / laptop or other electronic devices;
• do not use automatic login to electronic devices;
• do not print any Confidential Information;
• do not install any software from unverified source;
• do no use insecure WiFi or public WiFi without additional security measure (e.g. VPN);
• do not backup testing data on a private cloud or insecure devices (e.g. without strong encryption and authorization);
• secure delete all testing data from all devices not later than 7 days after you upload it to the Service;
• be aware of social engineering attacks and phishing attacks.

Let's stay safe in the online sphere!