Security Best Practices

This page outlines the best practices for software security at SKAI Technologies. Protecting our company data and systems is everyone's responsibility. By following these guidelines, we can minimize the risk of security breaches and ensure smooth operations.

  1. Strong Passwords: A strong password is your first line of defense against unauthorized access. Follow these guidelines when creating and managing your passwords:

    • Complexity: Use longer passwords(min 12 characters) with mix of uppercase and lowercase letters, numbers, and symbols (!@#$%^&*).
    • Uniqueness: Never reuse the same password for multiple accounts. Avoid Personal Information: Do not use easily guessable information for passwords or security questions.
    • Password Manager: Consider using a reputable password manager (e.g., Bitwarden) to generate and securely store your passwords. This allows you to use complex, unique passwords without having to remember them all.
    • Regular Updates: Change your passwords at least every three months, or more frequently.

  2. Two-Factor Authentication (2FA): 2FA adds an extra layer of security to your accounts. Even if someone guesses your password, they will still need a second factor to gain access.

    • How it works: 2FA typically involves something you know (your password) and something you have (a code from your phone or a physical security key).
    • Recommended 2FA App: Ente: We recommend using Ente for 2FA. It's secure, open-source, has backup so that we dont loose 2FA codes if we loose our phones, and above all - we can share the 2FA codes with our colleagues if they need access to same account.
    • Setting up Ente:
      • Download and install the Ente app on your smartphone.
      • Open the Ente app and follow the instructions to create an account.
      • On the website where 2FA is needed, look for the "Two-Factor Authentication" or "Security" section.
      • Enable 2FA and follow the on-screen instructions. This will usually involve scanning a QR code with the Ente app. If the website shows only a secret, enter the secret manully in Ente App
      • The Ente app will then generate time-based codes that you will need to enter when logging in.
    • Importance: Enabling 2FA significantly reduces the risk of unauthorized access, even if your password is compromised. This is highly recommended for all employees.

  3. Identifying Phishing Emails: Phishing emails are designed to trick you into revealing sensitive information, or stealing money from you or your account. Be cautious and look for the following red flags:

    • Suspicious Sender: ALWAYS Check the sender's email address. Does it match the organization it claims to be from? For example: an email saying it is from SBI bank but the sender's address is sbi@xyz.com.
    • Generic Greetings: Phishing emails often use generic greetings like "Dear Customer" or "Dear User" instead of your name or Organization name.
    • Urgent Requests: Phishing emails often create a sense of urgency, asking you to act quickly before something bad happens. Be skeptical of such requests.

    • Suspicious Links: Be very careful about clicking on links in emails. Hover your mouse over the link to see the actual URL. If it looks suspicious, do not click it.

    • What to do if you suspect a phishing email:

      • Do not click any links or open any attachments.
      • Report the email to your IT department immediately.
      • Delete the email.

  4. Identifying and Handling Spam Calls: Spam calls can be a nuisance and sometimes even a threat. They can try to trick you into revealing personal information asking for money, etc.

    Here's how to identify and handle them:

    • Unfamiliar Numbers: Be wary of calls from numbers you don't recognize, especially those with unfamiliar area codes or international prefixes.
    • Automated Messages
    • Pushy Sales Tactics
    • Spoofed Numbers: Spammers can spoof phone numbers, making it appear as a legitimate.

    How to handle spam calls:

    • Don't Answer
    • Hang Up Immediately: If you do answer and suspect it's a spam call, hang up immediately. Don't engage with the caller.
    • Don't Press Any Buttons
    • Register with DND
    • Use Call Blocking Apps

  5. Mobile Device Security:

    • Lock Screen: Always lock your mobile device when not in use.
    • Strong Passcode/PIN: Use a strong passcode or PIN to protect your device.
    • Software Updates: Keep your mobile operating system and apps up to date.
    • Install Apps from Trusted Sources: Only download apps from official app stores. If apps from other sources are required for your work, acquire prior approval.

  6. Account Recovery Information: Adding recovery contact information to your online accounts is crucial for regaining access if you forget your password or your account is compromised.

    • Email Address: Provide a valid and regularly checked alternate email address for account recovery.
    • Phone Number: Add a mobile phone number that can receive SMS messages for verification codes.
    • Security Questions: Choose security questions that are difficult for others to guess but easy for you to remember. Avoid using easily accessible information like your birthdate or pet's name.

By adhering to these security best practices, we can collectively protect SKAI Technologies' valuable data and systems. If you have any questions or concerns, please contact the IT department.

Discard
Save
Draft
Edit Page New Page Revisions Page Settings

Previous Page

Left

Next Page

Right

On this page

Review Changes ← Back to Content
Message Status Space Raised By Last update on