Start with these 3 Simple Security Tips to Up Your Security Game!

“Whether you’re a one man army or a team of professionals, in today's business environment you need to up your security posture when your on the move.”

Now days, most people work off their laptop and/or cell phone or in combination. As such, you need to make sure you're protecting your critical assets and customer data at all times. The loss of data can have devastating repercussions for any kind of business. I’ll cover a basic setup I use, which can be considered a starting point that can be later tailored and enhanced to your work habits as you see fit. I’ll stick with the bare minimum to setup. Doing just these common sense things should give you a reasonable expectation that you are doing the minimal actions necessary to secure the use of your devices. Like anything, you can harden a device in a multitude of ways, the point to this is to not get overly burdensome or complicated with the setup and to practice what I call good security hygiene. 

“These opinions are based on my experience. They represent the minimal steps I feel every person should do when using a laptop and cell phone for business.”

My standard setup for my laptops are...

Laptop Encrypted Entire Drive

• Windows10: Use Microsoft BitLocker.
• Macbook: Use FileVault to encrypt the entire drive.
• Chromebook: Do nothing, Chromebook is encrypted by default.
• Linux: Use LUKS and encrypt the entire drive. Don’t encrypt home directory, no sense double encrypting something.

This affords a reasonable amount of protection against data loss/theft if your laptop is lost or stolen. Also, it’s critical you setup a backup schedule and stick to it. Sounds simple enough, but many people fail to do this. All it takes is getting burned by this once and you change your tune pretty quickly. If your a small business owner like myself, you should be using some form of backup on a daily basis. Either through a cloud provider/service and/or local backup drive to do differential backups. I also recommend turning on secure UEFI boot, depending on if your laptop supports this feature.

Virus Scanning Software

• Windows10: My opinion, Windows Defender works just as good as other virus scanning software and its free. I know some organizations like to layer these virus scanning software packages together to get better coverage, I wouldn't do it.
• Macbook: To begin with, you should not allow the installation of third-party software unless it’s from the App Store or identified developers, as per the Security & Privacy settings. Sometimes things sneak into the app store that have nasty surprises within them. With anything, be careful with any software you install and have backups available of your data. Macs are getting targeted more and it makes sense to put antivirus software on your Mac. I leave this up to the user to decide for themselves, I'm still on the fence with this one.
• Chromebook: Save your money, you don’t need an antivirus program for your Chromebook. Google has it built into the OS.
• Linux: Just for my own peace of mind, I use ClamTK. Do I need it, probably not, but at this point, I don’t think it really hurts anything. Just a personal preference. Linux distro's can get hacked, but they have some pretty strong defenses built into the OS from the start. To control this risk, I keep a base backup image of my development environment just so if I totally mess something up, I can quickly get back to a working system. If your a developer, you should be doing this as well.

YubiKey + Password Manager

All platforms (Windows,Macbook, Chromebook, Linux), should use 2 Multi-Factor Authentication (2MFA) whenever possible. Make it a habit going forward!

• Using a YubiKey is instrumental in stopping numerous hacker attack scenarios. I use two of them, I keep one with me at all times and the other as a backup in case the primary YubiKey becomes inoperative. Word to the wise, I’ve had a couple YubiKeys just stop working on me, so always have a backup that’s stored someplace safe. You can configure your Password Manager usually to handle more than one YubiKey at a time. Otherwise you have to go through an account recovery process for your Password Manager, try to avoid this if possible. NOTE! For the Yubikey 5 NFC is easy to put it in the USB slot the wrong way, please be aware of this.
• Allow your Password Manager to generate the passwords, do not attempt to generate them. Humans are terrible creating and remembering passwords, don't do this. Let the password program do the remembering for you.
• Regarding encryption for your phone, save your money. Almost all phones are encrypted by default these days, you don’t need to buy a secondary encryption program for your phone.
• I use a password manager integrated with the YubiKey on my laptop and phone. This combination is highly effective because it does 2 things very well. It places you with your YubiKey in proximity to the device you are trying to access. Rather than using just a cell phone running an Authenticator software app on the phone, the YubiKey is used to generate a OTP (One time passcode) to get access via 2 factor authentication to unlock the password manager, the physicality of the token coupled with the integration with the password manager is highly effective in securing your devices. This is a must have requirement, it eliminates a long laundry list of security attack vectors too numerous to mention. What it can’t protect you against is social engineering attacks, and that topic is itself worthy of being covered in another article by itself.
• When not in use, turn off Bluetooth and NFC on your devices. These are avenues that a good hacker can leverage to get into your system and accounts, don't let them.

So, my hope is this helps some users use this as a good basic starting point to protect themselves when working and traveling on the go. Again, this is a starting point, you can always lock things down further depending on your circumstances to increase your operational security posture.