Security Practices & Policies
At work.flowers, we maintain rigorous security standards to protect our company data, employee information, and digital assets. This document outlines our core security practices and tools.
Password Management
We use 1Password as our company-wide password manager, ensuring:
- Secure storage of all company credentials
- Strong, unique passwords for each service
- Safe credential sharing between team members
- Audit trails for access and updates
Multi-Factor Authentication (2FA)
We enforce mandatory 2FA or passkeys for all applications that support them:
- Enabled for all company accounts
- Preference for phishing-resistant Passkeys (e.g. biometric, hardware-backed)
- Backup codes stored securely in 1Password
- Regular reviews of authentication compliance
Device Management
All company-issued devices are enrolled in mobile device management (MDM) software to ensure:
- Centralised configuration and monitoring
- Automatic system updates and patching
- Remote wipe capabilities for lost or stolen devices
- Enforced encryption, screen locks, and app control
Employee Security Responsibilities
All employees are expected to follow these ongoing security practices:
- Never share passwords or authentication tokens
- Report security incidents promptly
- Keep all systems and applications up to date
- Lock devices after no more than 3 minutes of inactivity
Access Control
We apply a least-privilege access model:
- Access is granted strictly based on role requirements
- Regular reviews of access levels to minimise risk
- Immediate revocation of access when no longer needed
Client Data Handling
We treat client data with the utmost confidentiality:
- Access is limited to authorised personnel
- Data is only stored when necessary and deleted after engagement completion (unless otherwise agreed)
- All credentials are stored securely in 1Password