Welcome to my Education Lounge

Where I write about security and tech how-tos

Home
25 September 2018

Security Tips

I’ve been wondering how I should follow up to the last post so I figured I’d give a few security tips for a working professional. Honestly these tips work for anyone but I’m going to speak directly to corporate people because that is who I’ve spoken to the most so far this year.

Take off your badge for pictures

Most people really don’t pay attention to this important thing. Some companies require that you flip over your badge, but it’s easier to just take it off. Why should one do this? Well a picture of a company’s badge is the first thing that social engineers look for. If I know what your badge looks like then it’s easier to replicate.

Don’t use the same phone for work and personal use

I understand that some people don’t want to have more than 1 phone but you need to just get over it. A lot of people openly let friends and/or family user their personal device. This is fine BUT you are putting your company at risk. If a company doesn’t have resources for everyone to have a seperate device then they should just set up vpn access for employee apps or have a custom enterprise application made.

Use a VPN (preferably on every device)

What is a VPN? VPN stands for virtual private network and it serves as an extra layer of protection when you aren’t on your own private network. Using a vpn when your away from home allows for a little anonymity online so people can’t see what your doing. Picture a vpn as a layer of an onion (with you as the center), the more layers you can add the harder it is to see the center dirrectly.

Ex.

Non-secure activity: I'm doing work work at starbucks. I connect to their wifi and
start working on a super secret client project that isn't supposed to be announced
to the public any time soon. A hacker is close by minitoring the network. My work
looks interesting. The 5 o'clock news has an insider scoop on what I'm working on. 😭

Secure activity: I'm doing work work at starbucks. I connect to their wifi and then
start my vpn to begin working on a super secret client project that isn't supposed
to be announced to the public any time soon. A hacker is close by minitoring the
network. My work looks interesting. The Hacker can't see my information and decides
to go back to their base with no juicy news. 😎

Use a security detection tool

You want one of those security tools that monitor when you have a virus or something on your devices. This is pretty straightforward so I’m just going to list a few for you to check out:

Use a private browser on public computers

I recommend people use a private browser on any non-personal computer no matter what your doing. Just think about logging into google. If you forget to logout in a normal browser someone has access to your email, but if it’s a private browser then it will just deleted everything. Most people think of private browsing just for being sneaky and I can’t say their wrong, but just try to keep that same mindset on anything you don’t own.

Put a passcode on your phone

I think this is pretty straight-forward but I’ll say it anyway, please put a passcode on your phone. People like to do banking and such from their phone and have remember password checked. Please don’t be that person, your personal information begs you.

Get a password manager

A password manager can help those that have a ton of passwords. You can also create new passwords from within your password manager. Most people tend to just use the “password manager” built into Google Chrome or Safari (do people use Firefox and Edge?) but that isn’t all that safe either. Atleast with a password manager you are required to input a master password to get any user information.

Use 2FA when possible

2FA stands for 2 factor authentification and can be thought of as the last inner layer of the onion (that’s why it was last, get it 😁). With 2FA you put in your normal usename and password and then the website/app will ask you for a changing key. This key is a chain of numbers that can come in the form of a txt message, phone call, or a random combination in an app (see image below).

cnet authy screenshot

I hope these tips help keep you secure both personally and at work. Feel free to reach out to me on social media if you have questions on any program I listed in this post.

tags: mobile security - social engineering - tips