Computer Security @ TaskRabbit

Transcript

1. Computer Security @ TaskRabbit (and for life!) We trust you.

   Do these things.

2. Philosophy • TaskRabbit is an online marketplace. • TaskRabbit is

   a tech startup. • We only hire smart people • This means that if you work here, you are smart and you know about technology. ◦ We trust you to be safe, and we trust you to know what you are doing. ◦ Your peers are here here to teach you. ◦ Therefore, we don’t need to have heavy-handed IT policies. • Please don’t prove me wrong!

3. Philosophy (part 2) The scary part: • We deal with

   Millions of Dollars every month • Credit Cards, Social Security Numbers, Addresses, Phones number, and more all flow through our systems • We are a famous company with a famous team • Some of our company actions have (and will continue to) upset people We are a very desirable target.

4. Safety Rules: 1. Encrypt it 2. Back It Up 3.

   2FA it If you remember your passwords, you are doing it wrong

5. Disk Encryption: FileVault What: Even with a password on your

   laptop, someone could steal your laptop and plug it into another computer and read everything on your hard drive Solution: Encrypt everything so that only the combination of OSX + your account password can read it At what cost: If you ever forget your password, no one can recover your data (we’ll cover password management later)
6. None

7. Back it up: Google Drive What: Stuff Breaks. This includes

   computers. YOU are responsible for your own backups. Many of the tools we have chosen as a company (Google Docs, Git, etc) already back things up for you. Solution: Backup your stuff! At what cost: None if you set it up properly!

8. Back it up: Google Drive At TaskRabbit you have free,

   UNLIMITED drive space on your Google Drive. Don’t store important files on your Desktop or Documents folder. Store them in your google drive. For bonus points, you can actually delete your Desktop and Documents folder and create Symlinks/Aliases back to similarly named folders in your Google Drive. Visit drive.google.com to get started. Log in with your TaskRabbit account.
9. None

10. Back it up: Google Drive

11. 2-Factor Authentication What: You can have your password stolen. Vendors

    which accept your password can get hacked. People can ruin your lives. Having 2-factor auth means that a second “factor” (your phone) is required to log in Solution: Turn on 2 factor auth. At what cost: It’s annoying to check your phone when you log in. WE ARE TURNING ON 2-FACTOR AUTH FOR GOOGLE APPS/EMAIL/CALENDAR

12. 2-Factor Authentication There are many options for 2 factor auth

    applications: • Google Authenticator (free) Simple, just on your phone • Authy (free) syncs between many phones and your desktop • 1Password ($$) Syncs between many devices (via Dropbox/Google Drive)

13. Password Management What: You can have your password stolen. Vendors

    which accept your password can get hacked. You should use complex and unique passwords every time you need a password Solution: Use a password manager. At what cost: Plugins now exist for all browsers, phones, etc… but you have to be very diligent and make a new password for *every* site you use

14. Password Management • KeyPass (free) The granddaddy; confusing matrix of

    products and sync options • 1Password ($$) Syncs between many devices (via Dropbox)