Nowadays, security and privacy are very debated subjects, and new regulations appear and get applied frequently all around the world.
In order to keep your online testing activities (and not only) as safe as possible we strongly recommend following the below best practices:
- limit the physical access to an electronic device;
- use automatic updates to install patches and updates regularly;
- use an Operating System version supported by Vendor;
- use strong passwords (8 characters minimum length, containing the following items: Uppercase Letters, Lowercase Letters, Numbers, Symbols) and MFA (Multi-Factor Authentication) if applicable;
- change the password every 6 months or every time you suspect that it has been compromised;
- use a password without personal information (username, first or last name, birth dates, etc);
- do not compose the password using names or other terms easy to guess, and do not generate passwords automatically (such as any dictionary entry);
- do not adopt passwords that are easy to use even when changing from QWERTY and AZERTY to other keyboard layouts;
- use a unique password in comparison with the previous passwords used;
- do not share or disclose a password with anyone nor write it down;
- store passwords within an approved password manager application;
- do not use the same password for multiple accounts;
- do not transmit passwords in plain text;
use encryption (full disk encryption must be enabled (Mac, Windows, Linux: Ubuntu, Fedora, etc.); - use firewall, antivirus, and antimalware software with activated automatic updates;
- use a different account for work and another account for private use;
- prevent a screen view with Confidential Information to the unauthorized person;
- log out from all systems or lock the screen with a password when leaving your workstation/laptop or other electronic devices;
- do not use automatic login on electronic devices;
- do not print any Confidential Information;
- do not install any software from unverified sources;
- do not backup testing data on a private cloud or insecure devices (e.g. without strong encryption and authorization);
- secure delete all testing data from all devices not later than 7 days after you upload it to the Service;
- be aware of social engineering attacks and phishing attacks.
Let's stay safe in the online sphere!
Comments
0 comments
Article is closed for comments.