Skip to content

Cyber Security Guidelines

The following security guidelines apply to everybody working for, at and with Power Partners: employees, contractors, interns, directors.

Incidents Reporting

  1. If you suspect a security incident, report it to the Security Officer immediately.

Passwords

  1. Do not share your passwords with anybody.

  2. Use a password manager to store your passwords. You get a free licence for 1Password, and you can use it for personal use as well.

  3. Use a password generator to generate strong passwords. Do not use your own passwords. Do not use weak passwords. Do not use a password for more than one service.

  4. Do not write down any passwords to post-it, notebooks, word files, or similar. Only store passwords in your password manager.

  5. Do not use the same password for multiple accounts.

  6. Use MFA (Multi-Factor Authentication) whenever possible. Using the OTP (One-Time Password) from 1Password is OK.

Windows

  1. Lock your computer when you leave your desk.

  2. Configure your computer to lock automatically after 5 minutes of inactivity.

  3. Do not share your Windows Account with anybody, not even temporarily.

  4. Use a strong password for your Windows Account. Using Hello is OK.

  5. Use a virus scanner. Windows Defender is recommended. Never turn off the virus scanner.

  6. Use a firewall. The Windows Firewall is recommended. Never turn off the firewall.

Networking

  1. If you are using a public or semi-public network (such as a guest-network of a client), use a VPN. You can use the company VPN (hide.me) for professional use.

  2. If you are working from home, use a strong WiFi password. Use WPA2 or WPA3. Do not use WEP.

File and System Access

  1. Always use a As-Necessary-Access approach. Do not give access to files or systems unless it is necessary. When you create a MS Teams team, give only access to the people who initially need it. Do not give access to the whole company, and do not give access to people because they might need access in the future.

Department-Specific Guidelines

Delivery

  1. Do not share client credentials with anybody, internally or externally. Instead, if you feel that somebody needs access to a client system, raise it with the Security Officer, so he can give the person access.

  2. For each task, use the service account with the least privileges possible. For example, to write to a DWH database table, you do not need an administrator.

  3. Never send client credentials via email. Instead, use a secure channel, such as https://onetimesecret.com/

  4. Do not store client credentials in your code, and do not check it into github. Instead, use Azure Vault.

Finance

  1. Do not share access to bank accounts.

  2. Do not share access devices.

  3. Do not share bank and credit cards.