Device Checklist

Before starting, gather a list of all devices to audit that are used for Lullabot work:

With each device, validate:

All computers and mobile devices have a screen timeout set to no more than 10 minutes.
"Find My" or equivalent is enabled, if the team member wants it on.
All operating systems are up to date.
Browsers that you use are up to date.
1Password is installed, with browser extensions.
An adblocker (uBlock origin lite, AdGuard) is installed in the default browser.

Computers

All computers have a complex password, at least 16 characters long. If you add your passwords to 1Password, 1Password will tell you the strength of the password; try to get "excellent" strength. Do NOT use guessable patterns like: family names, birthdays, the word “lullabot”, etc.
All computer hard drives are encrypted with FileVault, BitLocker, or equivalent.
Firewall is enabled. When needed, allow apps through the firewall without disabling it. Document work tasks that require customizing the firewall; share with security@lullabot.com.
No guest accounts are enabled.
No remote access is enabled (SSH, file sharing). Document work tasks that require remote access; share with security@lullabot.com.
Automatic updates are enabled.
VPN app (Proton VPN) is setup.

If computers have a backup system in place, backups should be encrypted.
Optional, but nice to have: backups support versioning to protection against ransomware style scams.
If using cloud services for backups, use a private key that only you know. (Store it in 1Password.)

All mobile devices have at least a 6 digit PIN and screen timeout set. Android devices should not use a pattern-style lock. If supported, set your device to wipe all data after a certain number of failed unlock attempts. On iOS, this is under "Face (or Touch) ID & Passcode" in Settings.
If applicable, rooted Android phones and jailbroken iPhones should be treated with care.

After you've finished reading the above, run through these fun scenarios to make sure you're all set!

Please send any questions to security@lullabot.com.

Try running through these scenarios to see how your security and backup setup stacks up!

Make sure you'd be safe in the following circumstances:

For my primary work computer, I put it in my microwave and cook popcorn on it. Once I purchase a new computer, I restore from a local backup without losing any data. This includes work data stored in my home directory (/Users/myname) that isn't already in the cloud like Dropbox or Google Docs.
While myself, my family, and any pets and loved ones are on a wilderness no-technology retreat, a meteor incinerates my house (#rightnow), destroying every computer, phone, tablet, and hard drive I own. After purchasing new devices, I'm able to regain access to my off-site backups and cloud accounts like Google or Dropbox.
At the Lullabot Retreat, I decide to take my laptop fishing. After running into town to replace it, I'm able to restore my data even though I'm not home.

Make sure you'd be safe in the following circumstances:

I place catnip on my laptop keyboard because I love my cat. My screen lock prevents Kitty from viewing or changing sensitive information.
A client puts very important credentials in a Word document I download. I'm not worried about securely erasing the file because my hard drive is encrypted.
I need to move a copy of the Daily Report at a Lullabot Retreat where the internet is totally broken. I can use my USB drive because I've encrypted the drive using FileVault or BitLocker.
I switch from iOS to Android because it sounds like fun. I don't need to migrate my 2FA tokens because they are stored in 1Password.