_This was extracted from our internal documentation and published as part of [our June 2023 internal cybersecurity course](https://bluedot.org/blog/internal-cybersecurity-2023/)._

## General device security

- Install 1Password, and optionally the browser extension.
- Use 'Sign in with Google' with your BlueDot account for most sites. If you must use passwords or keys, generate unique random passwords in 1Password.
- Activate screen lock on your phone and laptop, so they require biometric authentication or a password to resume from sleep. Your screen lock should kick in automatically within five minutes, and you should lock your device any time you finish using it or take a break.
- Enable disk encryption on your phone and laptop.
    - macOS: [enable FileVault](https://support.apple.com/en-gb/guide/mac-help/mh11785/mac)
    - Windows: [enable device encryption](https://support.microsoft.com/en-gb/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838) (if needed, you can expense Windows Pro)
    - iOS, Android, Chrome OS: no action needed - these are encrypted by default if manufactured in the last 5 years
- Enable automatic security updates.
    - macOS: System Preferences > Software Update > Automatic Updates > ‘Install Security Responses and system files’
    - Windows: Settings > Update & security > Windows Update > Advanced options > Choose how updates are installed > Automatic (recommended)
    - iOS: Settings > General > Software Update > Automatic Updates > Install iOS Updates
    - Android: Settings > About phone > Developer options > Automatic system updates
- Avoid storing data locally. Use cloud services (e.g. Google Drive, Notion, Airtable) where possible.

## Browser security

You probably spend a lot of time both at work and in your personal life working in a web browser. Here are the four easy ways to make your experience much more secure! Each of these should take about a minute.

### Blocking dangerous domains

**Why:** When people run phishing campaigns, or similar attacks, they need to direct users somewhere. Early reporting by well-trained users is key to thwarting these attacks: this helps filters block malicious domains quickly. We can use these filter lists to ensure you’re warned when visiting a domain that is flagged as dangerous.

**How:** To block trackers in Chrome, Brave, Opera, Edge, Arc:

Copy and paste this in the address bar: `chrome://settings/security?search=Enhanced%20protection`

- Enable the safe browsing mode ‘Enhanced protection’ (recommended), and at the very least ‘Standard protection’
- [validation]: Visit [testsafebrowsing.appspot.com/s/phishing.html](https://testsafebrowsing.appspot.com/s/phishing.html), check you get a warning

NB: This setting won’t block inappropriate content or limit search results (that’s Google SafeSearch, a different product). It is solely intended to block actively dangerous sites e.g. ones designed to steal passwords. For more information see [Google Safe Browsing](https://safebrowsing.google.com/).

### Blocking trackers and other third-party scripts

**Why:** Third-party trackers often gather a lot of unnecessary information that is poorly secured. They’ve been the cause of several large scale data breaches, for example the [British Airways data breach](https://en.wikipedia.org/wiki/British_Airways_data_breach) or the [Ticketmaster data breach](https://www.bbc.co.uk/news/technology-54931873). 

**How:** To block trackers in Chrome, Edge, Brave, Opera, Arc:

- Install [uBlock Origin](https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm) (click ‘Add to browser’)
- [validation]: Visit [adservice.google.com](http://adservice.google.com/), check you get a warning

NB: This will also block ads, so you may be able to disable other ad blockers. If you need to disable this for a specific site, click the extension icon and then the power button ([video tutorial](https://www.youtube.com/watch?v=jTb2b8FgNFU)).

### HTTPS

**Why:** A padlock in the address bar means the traffic between you and the website is secure. This doesn’t mean everything is guaranteed to be secure (e.g. they might still take your card details and run with them), but it does mean people can’t listen in.

**How:** You should make sure your browser uses HTTPS where possible. In Chrome, Edge, Brave, Opera, Arc:
- Copy and paste this in the address bar: `chrome://settings/security?search=Always+use+secure+connections`
- Enable the setting ‘Always use secure connections’
- [validation]: Visit [http.badssl.com](http://http.badssl.com/), check you get a warning

### Secure DNS

**Why:** DNS is a system that lets your computer knows which other computers to talk to in order to access webpages (e.g. bluedot.org → computer address 198.185.159.144). By default, it is an insecure protocol. Serious attackers, like nation states, often disrupt DNS to intentionally cause outages of all or parts of the internet. Smaller attackers can listen in on your DNS traffic to track what you’re doing online. DoH and DoT are encrypted versions of DNS (like HTTPS is to HTTP) that protects your DNS traffic from these threats.

**How:** To enable this in Chrome, Edge, Brave, Opera, Arc:

- Copy and paste this in the address bar: `chrome://settings/security?search=Use%20secure%20DNS`Enable the setting ‘Use secure DNS’ and select ‘With Cloudflare (1.1.1.1)’.
- [validation] Check [1.1.1.1/help](https://1.1.1.1/help) says ‘Yes’ to **either** DoH or DoT


Device security steps at BlueDot Impact

Adam Jones • July 15, 2024