Remote: Office Not Required

by David Heinemeier Hansson

At 37signals, we’ve devised a simple security checklist all employees must follow: 1. All computers must use hard drive encryption, like the built-in FileVault feature in Apple’s OS X operating system. This ensures that a lost laptop is merely an inconvenience and an insurance claim, not a company-wide emergency and a scramble to change passwords and worry about what documents might be leaked. 2. Disable automatic login, require a password when waking from sleep, and set the computer to automatically lock after ten inactive minutes. 3. Turn on encryption for all sites you visit, especially critical services like Gmail. These days all sites use something called HTTPS or SSL. Look for the little lock icon in front of the Internet address. (We forced all 37signals products onto SSL a few years back to help with this.) 4. Make sure all smartphones and tablets use lock codes and can be wiped remotely. On the iPhone, you can do this through the “Find iPhone” application. This rule is easily forgotten as we tend to think of these tools as something for the home, but inevitably you’ll check your work email or log into Basecamp using your tablet. A smartphone or tablet needs to be treated with as much respect as your laptop. 5. Use a unique, generated, long-form password for each site you visit, kept by password-managing software, such as 1Password.§ We’re sorry to say, “secretmonkey” is not going to fool anyone. And even if you manage to remember UM6vDjwidQE9C28Z, it’s no good if ...