This is a fun story about how we take your security seriously, using donuts. Nom nom nom.
As part of a recent investment round, we joined the NDRC’s Catalyser program. It’s really great and is already paying dividends from a company perspective. As part of that program we moved our offices into a shared workspace in the city centre. At the start of the company, in true startup fashion, we had worked out of Chris’ attic and since then we had always had our own office so this was the first time we had an ongoing physical security situation (we’re mental about physical security of our laptops while traveling, but that’s for another day).
To be clear: we trust the folks around us at NDRC. Everyone there is really lovely and there haven’t been any security incidents there. We’re a cyber-security company though so we need to make sure that your data and our data is locked down when there are other people around.
Here come the donuts
Vincent, our head of engineering, came to us from Rapid7 and they had a tradition there that we decided to implement – Donut-ing. The idea is pretty simple: If you walk away from your computer without locking it, another one of the team members is free to hijack your machine. If they do, they send out a mail or IM informing everyone that they just got free donuts. Now it’s not cheap “5 for a euro” type donuts. Good donuts or in our case, good cakes from Mannings bakery around the corner.
Our seating arrangement has me sitting beside Dovydas. I was the first to fall. Donuts. “OK” I thought. “I can deal with that. Lesson learned.”
I brought the team in donuts the next day.
The problem is that because of the nature of my job I get distracted frequently. Interaction with the guys from NDRC, phone calls from various sources and what not. Not long afterwards it happened a second time. Then, on the very same day I had to take an important business call and stood up and walked away from my laptop to take it in private. DONUTS TWICE IN ONE DAY!!! I was furious with myself.
Technology to the rescue?
“There has to be a technological answer to this” I thought. And there is….Bluetooth proximity to my phone. We all use Linux instead of Windows or Mac. There’s a really cool tool for Linux called blueproximity. Unfortunately it doesn’t work well with the bluetooth hardware in my Dell laptop.
I know! Facial recognition! So I wrote a script to test whether or not I was at my laptop and lock it within 3 seconds if I wasn’t. It showed good promise but unfortunately wasn’t terribly reliable with the laptop camera.
In the end I just got into the habit of locking my screen. I haven’t been donut-ed since. We’ve now passed this little game on to the guys beside us in EvoPass. Maybe it’s something for you too 🙂