![featured image](/content/images/2020/05/authy.png)
I\'ve been wondering how I should follow up to the last post so I
figured I\'d give a few security tips for a working professional.
Honestly these tips work for anyone but I\'m going to speak directly to
corporate people because that is who I\'ve spoken to the most so far
this year.
### Take off your badge for pictures {#takeoffyourbadgeforpictures}
Most people really don\'t pay attention to this important thing. Some
companies require that you flip over your badge, but it\'s easier to
just take it off. Why should one do this? Well a picture of a company\'s
badge is the first thing that social engineers look for. If I know what
your badge looks like then it\'s easier to replicate.
### Don\'t use the same phone for work and personal use {#dontusethesamephoneforworkandpersonaluse}
I understand that some people don\'t want to have more than 1 phone but
you need to just get over it. A lot of people openly let friends and/or
family user their personal device. This is fine **BUT** you are putting
your company at risk. If a company doesn\'t have resources for everyone
to have a seperate device then they should just set up vpn access for
employee apps or have a custom enterprise application made.
### Use a VPN (preferably on every device) {#useavpnpreferablyoneverydevice}
What is a VPN? VPN stands for **v**irtual **p**rivate **n**etwork and it
serves as an extra layer of protection when you aren\'t on your own
private network. Using a vpn when your away from home allows for a
little anonymity online so people can\'t see what your doing. Picture a
vpn as a layer of an onion (with you as the center), the more layers you
can add the harder it is to see the center dirrectly.
Ex.\
Non-secure activity: I'm doing work work at starbucks. I connect to their wifi and
start working on a super secret client project that isn't supposed to be announced
to the public any time soon. A hacker is close by minitoring the network. My work
looks interesting. The 5 o'clock news has an insider scoop on what I'm working on. 😭
Secure activity: I'm doing work work at starbucks. I connect to their wifi and then
start my vpn to begin working on a super secret client project that isn't supposed
to be announced to the public any time soon. A hacker is close by minitoring the
network. My work looks interesting. The Hacker can't see my information and decides
to go back to their base with no juicy news. 😎
- More info about VPNs
[here](https://us.norton.com/internetsecurity-privacy-what-is-a-vpn.html)
- I like using tunnelbear which can be found
[here](https://www.tunnelbear.com/)
### Use a security detection tool {#useasecuritydetectiontool}
You want one of those security tools that monitor when you have a virus
or something on your devices. This is pretty straightforward so I\'m
just going to list a few for you to check out:
- [Malwarebytes](https://www.malwarebytes.com/)
- [Norton](https://us.norton.com/antivirus)
- [Lookout](https://www.lookout.com/)
### Use a private browser on public computers {#useaprivatebrowseronpubliccomputers}
I recommend people use a private browser on any non-personal computer no
matter what your doing. Just think about logging into google. If you
forget to logout in a normal browser someone has access to your email,
but if it\'s a private browser then it will just deleted everything.
Most people think of private browsing just for being sneaky and I can\'t
say their wrong, but just try to keep that same mindset on anything you
don\'t own.
### Put a passcode on your phone {#putapasscodeonyourphone}
I think this is pretty straight-forward but I\'ll say it anyway, please
put a passcode on your phone. People like to do banking and such from
their phone and have `remember password` checked. Please don\'t be that
person, your personal information begs you.
### Get a password manager {#getapasswordmanager}
A password manager can help those that have a ton of passwords. You can
also create new passwords from within your password manager. Most people
tend to just use the \"password manager\" built into Google Chrome or
Safari (do people use Firefox and Edge?) but that isn\'t all that safe
either. Atleast with a password manager you are required to input a
master password to get any user information.
- I personally use [1Password](https://1password.com/)
### Use 2FA when possible {#use2fawhenpossible}
2FA stands for **2 factor authentification** and can be thought of as
the last inner layer of the onion (that\'s why it was last, get it 😁).
With 2FA you put in your normal usename and password and then the
website/app will ask you for a changing key. This key is a chain of
numbers that can come in the form of a txt message, phone call, or a
random combination in an app (see image below).
- I personally use [Authy](https://authy.com/) and schools use
[DUO](https://duo.com/)
![cnet authy screenshot](/content/images/2020/05/authy-1.png)
I hope these tips help keep you secure both personally and at work. Feel
free to reach out to me on [social
media](https://www.instagram.com/keheirathadev/) if you have questions
on any program I listed in this post.