[Improvement]: Improve the "Best practices for preventing data leaks in your organization" article (#39591)

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2025-12-19 18:10:59 -05:00 · 2023-07-27 16:09:03 +02:00
parent f87035a89d
commit af8298c344
8 changed files with 34 additions and 7 deletions
--- a/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md
+++ b/content/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository.md
@@ -197,6 +197,10 @@ After using either the BFG tool or `git filter-repo` to remove the sensitive dat

 ## Avoiding accidental commits in the future

+{% ifversion fpt or ghec or ghes %}
+Preventing contributors from making accidental commits can help you prevent sensitive information from being exposed. For more information see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
+{% endif %}
+
 There are a few simple tricks to avoid committing things you don't want committed:

 - Use a visual program like [{% data variables.product.prodname_desktop %}](https://desktop.github.com/) or [gitk](https://git-scm.com/docs/gitk) to commit changes. Visual programs generally make it easier to see exactly which files will be added, deleted, and modified with each commit.
--- a/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md
+++ b/content/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization.md
@@ -28,7 +28,7 @@ The best approach will depend on the type of organization you're managing. For e

 ## Secure accounts

-Security best practices include:
+Protect your organization's repositories and settings by implementing security best practices, including enabling 2FA and requiring it for all members, and establishing strong password guidelines.

 {% ifversion ghec %}- Enabling secure authentication processes by using SAML and SCIM integrations, as well as 2FA authentication whenever possible. For more information, see "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-identity-and-access-management-with-saml-single-sign-on)," "[AUTOTITLE](/organizations/managing-saml-single-sign-on-for-your-organization/about-scim-for-organizations)," and "[AUTOTITLE](/authentication/securing-your-account-with-two-factor-authentication-2fa)." {% endif %}

--- a/content/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization.md
@@ -25,6 +25,10 @@ Organizations using {% data variables.product.prodname_ghe_cloud %} can also res
 Enterprise owners can restrict the options you have available for your organization's repository creation policy. For more information, see "[AUTOTITLE](/admin/policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-repository-creation)."
 {% endif %}

+{% ifversion fpt or ghec or ghes %}
+Organization owners can restrict the type of repositories members can create to private {% ifversion ghec or ghes %}or internal{% endif %} to help prevent sensitive information from being exposed. For more information, see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
+{% endif %}
+
 {% warning %}

 **Warning**: This setting only restricts the visibility options available when repositories are created and does not restrict the ability to change repository visibility at a later time. For more information about restricting changes to existing repositories' visibilities, see "[AUTOTITLE](/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization)."
@@ -34,7 +38,7 @@ Enterprise owners can restrict the options you have available for your organizat
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.member-privileges %}
-1. Under "Repository creation", select one or more options.
+1. Under "Repository creation", select one or more options. <br><br>

   {% ifversion fpt or ghec %}
   {% note %}
--- a/content/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/restricting-repository-visibility-changes-in-your-organization.md
@@ -20,6 +20,10 @@ You can restrict who has the ability to change the visibility of repositories in

 You can restrict the ability to change repository visibility to organization owners only, or you can allow anyone with admin access to a repository to change visibility.

+{% ifversion fpt or ghec or ghes %}
+Restricting who has the ability to change the visibility of repositories in your organization helps prevent sensitive information from being exposed. For more information, see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
+{% endif %}
+
 {% warning %}

 **Warning**: If enabled, this setting allows people with admin access to choose any visibility for an existing repository, even if you do not allow that type of repository to be created. For more information about restricting the visibility of repositories during creation, see "[AUTOTITLE](/organizations/managing-organization-settings/restricting-repository-creation-in-your-organization)."
--- a/content/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories.md
+++ b/content/organizations/managing-organization-settings/setting-permissions-for-deleting-or-transferring-repositories.md
@@ -18,6 +18,10 @@ shortTitle: Set repo management policy

 Owners can set permissions for deleting or transferring repositories in an organization.

+{% ifversion fpt or ghec or ghes %}
+Limiting the ability to delete or transfer repositories helps prevent sensitive information from being exposed. For more information, see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
+{% endif %}
+
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}
 {% data reusables.organizations.member-privileges %}
--- a/content/organizations/managing-organization-settings/upgrading-to-the-corporate-terms-of-service.md
+++ b/content/organizations/managing-organization-settings/upgrading-to-the-corporate-terms-of-service.md
@@ -15,6 +15,8 @@ shortTitle: Upgrade to Corporate ToS

 The Standard Terms of Service is an agreement between {% data variables.product.prodname_dotcom %} and you as an individual. To enter into an agreement with {% data variables.product.prodname_dotcom %} on behalf of an entity, such as a company, non-profit, or group, organization owners can upgrade to the Corporate Terms of Service.

+You can upgrade to the Corporate Terms of Service instead of using the Standard Terms of Service to help prevent sensitive information from being exposed. For more information see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
+
 1. Navigate to your organization's settings and scroll to the **Terms of Service** section.
 1. Click **Read the Corporate Terms of Service**.
 1. After you've read the Corporate Terms of Service, click **Sign corporate terms**.
--- a/content/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization.md
+++ b/content/organizations/managing-organization-settings/verifying-or-approving-a-domain-for-your-organization.md
@@ -44,6 +44,10 @@ After verifying ownership of your organization's domain, you can restrict email

 {% ifversion ghec %}You can also verify custom domains used for {% data variables.product.prodname_pages %} to prevent domain takeovers when a custom domain remains configured but your {% data variables.product.prodname_pages %} site is either disabled or no longer uses the domain. For more information, see "[AUTOTITLE](/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages)."{% endif %}

+{% ifversion fpt or ghec or ghes %}
+If you confirm your organization’s identity by verifying your domain and restricting email notifications to only verified email domains, you can help prevent sensitive information from being exposed. For more information see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
+{% endif %}
+
 {% ifversion ghec or ghes %}

 ## About domain approval
--- a/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-forking-policy-for-your-repository.md
+++ b/content/repositories/managing-your-repositorys-settings-and-features/managing-repository-settings/managing-the-forking-policy-for-your-repository.md
@@ -18,6 +18,11 @@ shortTitle: Manage the forking policy
 ---
 An organization owner must allow forks of private{% ifversion ghae or ghes or ghec %} and internal{% endif %} repositories on the organization level before you can allow or disallow forks for a specific repository. For more information, see "[AUTOTITLE](/organizations/managing-organization-settings/managing-the-forking-policy-for-your-organization)."

+{% ifversion fpt or ghec or ghes %}
+You can help prevent sensitive information from being exposed by disabling the ability to fork repositories in your organization. For more information, see "[AUTOTITLE](/code-security/getting-started/best-practices-for-preventing-data-leaks-in-your-organization)."
+{% elsif ghae %}
+{% endif %}
+
 {% data reusables.repositories.navigate-to-repo %}
 {% data reusables.repositories.sidebar-settings %}
 1. Under "Features", select **Allow forking**.