Jason Fried Quote

Security is a big and serious deal, but it’s also largely a solved problem. That’s why the average person is quite willing to do their banking online and why nobody is afraid of entering their credit card number on Amazon. At 37signals, we’ve devised a simple security checklist all employees must follow: 1. All computers must use hard drive encryption, like the built-in FileVault feature in Apple’s OS X operating system. This ensures that a lost laptop is merely an inconvenience and an insurance claim, not a company-wide emergency and a scramble to change passwords and worry about what documents might be leaked. 2. Disable automatic login, require a password when waking from sleep, and set the computer to automatically lock after ten inactive minutes. 3. Turn on encryption for all sites you visit, especially critical services like Gmail. These days all sites use something called HTTPS or SSL. Look for the little lock icon in front of the Internet address. (We forced all 37signals products onto SSL a few years back to help with this.) 4. Make sure all smartphones and tablets use lock codes and can be wiped remotely. On the iPhone, you can do this through the Find iPhone application. This rule is easily forgotten as we tend to think of these tools as something for the home, but inevitably you’ll check your work email or log into Basecamp using your tablet. A smartphone or tablet needs to be treated with as much respect as your laptop. 5. Use a unique, generated, long-form password for each site you visit, kept by password-managing software, such as 1Password.§ We’re sorry to say, secretmonkey is not going to fool anyone. And even if you manage to remember UM6vDjwidQE9C28Z, it’s no good if it’s used on every site and one of them is hacked. (It happens all the time!) 6. Turn on two-factor authentication when using Gmail, so you can’t log in without having access to your cell phone for a login code (this means that someone who gets hold of your login and password also needs to get hold of your phone to login). And keep in mind: if your email security fails, all other online services will fail too, since an intruder can use the password reset from any other site to have a new password sent to the email account they now have access to. Creating security protocols and algorithms is the computer equivalent of rocket science, but taking advantage of them isn’t. Take the time to learn the basics and they’ll cease being scary voodoo that you can’t trust. These days, security for your devices is just simple good sense, like putting on your seat belt.