If you are working on a Netflix project outside of your established facility, we recommend that security best practices continue to be followed. Below is our general security guidance for home or remote workflows. If you require additional assistance, please reach out to email@example.com.
General Best Practices
- In the event of a security incident, Netflix Studio & Corporate Security (firstname.lastname@example.org) should be an initial point of contact. We have resources to assist with these matters.
- Users should login to systems using a unique username and a strong passphrase. Non-internet facing systems (offline editorial) should be kept disconnected from the Internet when internet access is not needed.
- In the event a user needs to connect to a remote workstation this should be done through a VPN connection. Remote access to machines should be restricted. See additional remote access considerations on the next page.
- VPN connections should require multi-factor authentication as part of the login process.
- Ensure only persons working on the project can access the content.
- Transfers of materials should leverage an approved secure transfer platform (e.g. Aspera, Content Hub) or encrypted hard drives (Lacie Rugged Secure, Rocstor, Apricorn Aegis--not an exhaustive list).
- Devices should have unique profiles for each user and should require a password to access the device.
- Ensure systems are running one of the last two available versions of the commercial operating system and are configured to auto-update for security patches. The user should check quarterly to verify that the device is patched.
- Enable full disk encryption on the workstation (FileVault for Mac, BitLocker for PC).
- On all Microsoft Windows based hosts, enable Windows Defender with automatic updates enabled.
- Disable remote connections to the workstation and enable the device firewall. Detailed guidance can be found here.
- Secure physical assets (e.g. external hard drives, scripts) in a lockable container like a cabinet or safe.
- Personal machines (system(s) owned by the user) should not be used in place of company-issued machines when available.
- Limit viewing of work in progress content to anyone who is not a part of the project. When working from home we understand that family or partners may view projects, however, they should also keep project information confidential. An NDA can be used if deemed necessary.
- Secure all external entry and exit points where content is stored or worked on.
- Consider a security camera system that covers entries and exits.
- Securely delete content and return external media upon project/task completion or at the request of Netflix.
- Additional remote access considerations:
- If you are being requested by somebody to remote into an external parties desktop ensure you’re using a known remote desktop solution
- Attempt to limit/avoid external parties from remoting into your laptop unless absolutely necessary. Sharing desktop is ideal, avoid if possible giving control to third parties, especially ones you don’t know
- If you do provide remote access to an external party remain active and observant of the session, stay vigilant on what is being done and ensure the session is closed when completed