Best Practice Security Guidelines

Best Practice Security Guidelines for Spinnaker Users and Spiral Clients

To ensure the security of your data and protect against potential threats, it’s crucial to follow these best practice guidelines when using Spiral’s services. Implementing these measures will help safeguard your information and maintain the integrity of your business operations.

1. Strong Passwords: Ensure all accounts use strong, unique passwords and avoid easily guessable information like names or birthdays.

2. Two-Factor Authentication (2FA): Enable 2FA for all accounts to add an extra layer of protection. This helps prevent unauthorised access, even if passwords are compromised.

3. Access Control: If you are a manager on one of our Spinnaker projects. Limit user access to necessary features. Assign roles based on job requirements and regularly review access permissions. Get in touch with us if you are unsure.

4. Regular Updates: Keep all software, including any Spiral related tools, up-to-date with the latest patches and security updates.

5. Encryption: Use secure transfer methods when communicating with us or your trial team.

6. Monitoring and Auditing: Regularly monitor activity within your Spinnaker account, and within any of the tools you use with Spiral, for any unusual or unauthorised actions. Use available auditing tools to track changes and access.

7. Incident Response: Establish and communicate a clear procedure for responding to security incidents within your team. Ensure users know how to report suspicious activity. Check with us to understand how we respond.

8. Secure API Usage: If Spiral provides API access, ensure that API keys and credentials are stored securely and only shared with the relevant developers engaged by you.

9. Data Backup: Regularly take copies of, and back up critical data to prevent loss in case of accidental deletion, corruption, or a security breach.

10. User Training: Provide ongoing training to all users, within your teams, on security best practices, such as recognising phishing attempts and avoiding unsafe downloads or links.