Skip to content
11x Help Center home
11x Help Center home

Security Best Practices

This guide outlines the key security practices at 11x. Following these practices helps protect both company and customer data.

Device security

Keep your device updated

Your laptop must run the latest macOS version and security updates:

  • Security updates install automatically through Kandji

  • You may be prompted to restart your device to complete updates

  • Don't postpone critical security updates

Lock your screen

Always lock your screen when stepping away from your device:

  • Press Control + Command + Q to lock immediately

  • Set your device to lock automatically:

    • Select Apple menu > System Settings > Lock Screen

    • Set Require password after screen saver begins or display is turned off to immediately

Physical security

  • Never leave your laptop unattended in public places

  • Don't let others use your laptop

  • Store your laptop securely when traveling

  • Report lost or stolen devices immediately in #ask-it

Password security

Use strong, unique passwords

  • Use 1Password to generate and store passwords

  • Never reuse passwords across different accounts

  • Minimum password requirements:

    • At least 12 characters

    • Mix of uppercase, lowercase, numbers, and special characters

Enable multi-factor authentication (MFA)

MFA is required for all company accounts:

  • Use an authenticator app (Google Authenticator or Authy)

  • Never share MFA codes

  • Keep backup codes in 1Password

Never share passwords

  • Don't share passwords via email, Slack, or text message

  • Don't write passwords on paper or store in unencrypted files

  • Use 1Password's secure sharing features for team credentials

Data handling

Classify data appropriately

Understand what type of data you're working with:

Type

Examples

Handling

Public

Marketing materials, published blog posts

Can be shared freely

Internal

Company policies, org charts, roadmaps

Share only with 11x employees

Confidential

Customer data, financial records, source code

Share only with authorized team members

Restricted

Security credentials, SSNs, payment information

Highly restricted access, special handling required

Store data securely

  • Store company files in Google Drive (not on your local device)

  • Use shared drives for team files

  • Don't store sensitive data in personal cloud storage (Dropbox, iCloud, etc.)

  • Don't email confidential or restricted data

Share data safely

When sharing sensitive information:

  • Use Google Drive sharing with access controls

  • Use 1Password for sharing credentials

  • Verify recipient identity before sharing confidential data

  • Use expiring links when possible

Email and communication security

Recognize phishing attempts

Be alert for suspicious emails:

  • Unexpected requests for passwords or personal information

  • Urgent requests to click links or download attachments

  • Emails from external addresses that look like internal ones

  • Poor grammar or spelling in official-looking messages

  • Requests to bypass normal processes

If you suspect phishing

  1. Don't click any links or download attachments

  2. Don't reply to the email

  3. Forward the email to it@11x.ai

  4. Delete the email

Safe email practices

  • Verify sender identity before opening attachments

  • Hover over links to see the actual URL before clicking

  • Be cautious with external email (marked with an external sender warning)

  • Don't share internal information with external parties without authorization

Application security

Keep applications updated

  • Allow automatic updates for installed applications

  • Don't ignore update notifications

  • Update browser extensions regularly

Review application permissions

  • Only grant necessary permissions to applications

  • Review permissions periodically

  • Revoke access for applications you no longer use

Network security

Use secure networks

  • Prefer the office network when available

  • Use trusted networks when working remotely (home Wi-Fi)

  • Avoid public Wi-Fi for accessing sensitive company data

  • Contact IT in #ask-it if you need VPN access

Don't disable security features

  • Don't turn off the firewall

  • Don't disable antivirus software

  • Don't modify security settings without IT approval

Working remotely

When working outside the office:

  • Ensure your home Wi-Fi uses WPA2 or WPA3 encryption

  • Don't allow others to use your work device

  • Position your screen to prevent shoulder surfing

  • Use headphones for confidential calls

  • Secure your device when not in use

Report security incidents

Report potential security issues immediately:

What to report

  • Lost or stolen devices

  • Suspected phishing emails

  • Compromised passwords or accounts

  • Unusual account activity

  • Malware or virus alerts

  • Accidental data exposure

  • Security vulnerabilities you discover

How to report

  1. Post in #ask-it immediately with details

  2. For urgent issues outside business hours, email it@11x.ai with "URGENT SECURITY" in the subject line

  3. Don't attempt to investigate on your own

  4. Don't discuss security incidents in public channels

Questions about security

If you're unsure whether something is secure or allowed:

  • Ask in #ask-it before proceeding

  • Review this policy and related documentation

  • Contact the IT team directly at it@11x.ai

When in doubt, ask first.

Related topics

Powered by Plain