Access Control
- Named accounts instead of shared logins where possible
- Least-privilege permissions
- MFA wherever available
- Temporary or time-bound access when practical
- Production access only when required and approved
Access & Security Practices
Access Is Treated as a Business Risk, Not a Convenience
Tekmyster does not need unrestricted access to begin most reviews. When access is required, the preferred approach is controlled, documented, and limited to what is needed for the engagement.
Credential Handling
- Passwords should not be sent through plain text email, SMS, or casual chat
- Secure credential-sharing methods should be used when possible
- Credentials should be rotated or removed after work is complete when appropriate
Offboarding
- Remove or reduce access when work is complete
- Confirm remaining access needed for ongoing support, if any
- Document open risks, recommendations, and next steps
Documents and Data
Sensitive by default.
Tekmyster treats client documents, credentials, systems, and business information as sensitive by default. Client information is used only for the purpose of the engagement. Sensitive files, diagrams, exports, reports, and credentials should be exchanged through appropriate channels rather than unsecured email or casual messaging whenever possible.
Confidentiality and Agreements
Handling expectations can be documented.
For qualified engagements, Tekmyster can define confidentiality and handling expectations through an NDA, Master Services Agreement, or project-specific Statement of Work.
Incident or Issue Handling
Clear communication when hidden issues appear.
Technology work can uncover hidden dependencies, legacy misconfigurations, vendor issues, or unexpected failures. When that happens, Tekmyster focuses on clear communication, documentation, practical remediation, and returning the client to a stable position.
Controlled Access
Discuss the issue before sharing sensitive access.
在做出较大 IT 决策、授予供应商访问权限、更换基础设施、购买安全工具或继续临时修复之前,需要高级技术判断时,请使用 Tekmyster。
