Chris Brenes, Director of IT and Security
Chris is responsible for all aspects of Entech’s internal technology, IT security, and providing IT security to clients. He focuses his time and talent on our organizational security/policy, and he’s often called upon as a subject matter expert speaker in the areas of cybersecurity and compliance. In combination with his technical expertise, Chris also provides executive leadership and oversight.
He also serves as a fractional CIO for several of Entech’s clients, and is called on frequently to provide design, analysis, and cybersecurity troubleshooting to firms throughout Southwest Florida.
Cybersecurity should be a recurring conversation in your business, no matter your size, location or industry. In honor of the National Cybersecurity Awareness Month, I want to share with you my top 5 tips to protect yourself and your business from cyber threats.
Tip 1: 2FA
Let’s talk authentication. Most people have heard of multifactor authentication (MFA) and two-factor authentication (2FA). In both, there are a few factors to prove your identity:
- Knowledge – something only you would know (a password or the answer to a question)
- Possession – something only you would have (a one-time password or a key)
- Inherence – something only you are (fingerprint or face scan)
The main difference between the two is that 2FA always uses two of these factors, and MFA could involve only one or even all three. It just depends on the type.
You should avoid SMS (text) 2FA if possible, but if it’s the only option, it’s better than no 2FA at all. The reason that this is a concern is because of the possibility of a SIM swap, which is when hackers trick carriers into porting a phone number to a new device. Then, when the 2FA is sent to verify your identity, it would go to their device instead of yours then they will have access to your account immediately.
Tip 2: Password manager
Use a password manager and never save passwords in your browser. Select a password manager that allows you to set options to automatically log you out after a period of idle time, and/or when you close your browser, for added security. You should definitely secure your password manager with 2FA so if someone does get your master password, they still can’t get into your account.
For more info on password best practices, click here.
Tip 3: Use a VPN
Use a VPN when using Wi-Fi away from work and home. Avoid public Wi-Fi if possible, but if you find yourself having to use such Wi-Fi networks, be certain to use a VPN. Free options for VPN are available for casual or light use and can be used on your different mobile devices (laptop, phone, tablet).
You can also use a VPN to avoid a man-in-the-middle attack, which is a concern specifically for public areas. This is when someone can intercept your communications without you knowing and send you to a fake site to enter login credentials so that they can use them on your actual account. A VPN can protect you from this because all your information is encrypted.
Another thing to keep in mind is that a VPN is helpful for accessing internet in other countries. For example, if someone often travels out of the country to places that may have censorship to their internet, a VPN would allow them to bypass the restrictions to get where they need to go but also have privacy while using it.
Tip 4: Log out of everything
Take advantage of the security and privacy features modern browsers make available to you. Close out your browser and log out of any applications when you’re done using them. For example, if you’re using Chrome and you’ve logged into your Google account, it’s the gateway to all your Google applications (Gmail, Google Drive, etc.). If you leave your browser signed in, anyone with access to your computer has access to those accounts as well because you did not log out of them.
Tip 5: Encrypt your devices
Both Android and iOS devices support encryption, but the encryption methods will vary depending on the device you have. For example, if you are using a computer with Windows 10, you will have different encryption standards for business and home licenses. As for your mobile devices, some of the newer ones may already come encrypted, so check that first. If they’re not, taking the extra step to do so is very important.
How do we help?
If you are a client of ours, please reach out to your Partner Success Manager to talk about how we can improve your cybersecurity strategy. If you are interested in developing a plan around cybersecurity to protect your business, please contact us today!