At work.flowers, we maintain rigorous security standards to protect our company data, employee information, and digital assets. This document outlines our core security practices and tools.
🔐 Password Management
We use 1Password as our company-wide password manager, ensuring:
- Secure storage of all company credentials
- Strong, unique passwords for each service
- Safe credential sharing between team members
- Audit trails for access and updates
🔑 Multi-Factor Authentication (2FA)
We enforce mandatory 2FA or passkeys for all applications that support them:
- Enabled for all company accounts
- Preference for phishing-resistant Passkeys (e.g. biometric, hardware-backed)
- Backup codes stored securely in 1Password
- Regular reviews of authentication compliance
💻 Device Management
All company-issued devices are enrolled in mobile device management (MDM) software to ensure:
- Centralised configuration and monitoring
- Automatic system updates and patching
- Remote wipe capabilities for lost or stolen devices
- Enforced encryption, screen locks, and app control
🧐 Employee Security Responsibilities
All employees are expected to follow these ongoing security practices:
- Never share passwords or authentication tokens
- Report security incidents promptly
- Keep all systems and applications up to date
- Lock devices after no more than 3 minutes of inactivity
🔍 Access Control
We apply a least-privilege access model:
- Access is granted strictly based on role requirements
- Regular reviews of access levels to minimise risk
- Immediate revocation of access when no longer needed
📂 Client Data Handling
We treat client data with the utmost confidentiality:
- Access is limited to authorised personnel
- Data is only stored when necessary and deleted after engagement completion (unless otherwise agreed)
- All credentials are stored securely in 1Password
Made with Bullet