Q & A with a Cybersecurity Expert: Work Securely from Home

Meet Michael Silbernagel, CISSP; he’s one of our in-house cybersecurity experts at SysGen. Michael is a lifelong technology enthusiast and is passionate about cybersecurity, cloud computing, IoT and blockchain. We spoke to Michael last week about the recent evolution of COVID-19 events, the increase of people working from home, and the potential risks to our data and security. Read on to gain insights into how to work securely from home with our in-house cybersecurity expert, Michael!

 

Due to recent COVID-19 events, more and more people are working remotely. Most of us know that it’s not as safe as working in the office for our data and devices. As a cybersecurity expert, what do you think we can do to work securely from home?

Yeah, I agree. Home environments don’t have the same security mechanisms in place to store data safely and out of prying eyes. So, to mitigate these risks, I think it’s a good idea to create a work from home plan. First and foremost, you should decide where you’re going to work. You should pick a spot where it’s secure, safe, and a private environment (e.g. home office, bedroom, etc.) The second thing you should do is to structure your workday accordingly. Don’t forget to take breaks, start and end work hours at the same time every day, eat your lunch, and find that balance between work life and home life; it’s very important.

Another thing you can do is to ensure your data and devices are secure; talk to your IT staff and ask for help. You should also make sure to store your devices (e.g. laptops) in a safe space. I highly recommend that you don’t store your devices in your cars, as they have a great risk of being stolen.

Additionally, you should choose what is acceptable for your means of communication. So, for example, you can establish that using Microsoft Teams and your work phone are great ways to communicate with your clients and coworkers. I don’t recommend using social media platforms or a public forum unless they are a part of your job.

Also, it’s a good idea to know the specific requirements and policies your company has in terms of remote work, data privacy, data breach, and so on. If you can, find out whether your company has a business continuity/disaster recovery plan, and if you are an executive, you can help set it up by defining roles and responsibilities, and set expectations with your staff. This ensures all staff can work securely from home.

Great! Thanks for sharing these great tips for employees and executives on how to mitigate the risks. What advice would you give the work-from-home staff to protect their data and devices from cyber threats?

Well, first, you should secure all your devices using complex passwords. Ideally around 8-10 characters long, no dictionary words, and keep it as complex as possible by using a combination of upper- and lower-case letters. Try not to use the same passwords on multiple websites, do this is to prevent sprinkling attacks, which is when a bad hacker uses known credentials on lots of different websites to compromise additional accounts. Use multi-factor authentication (MFA) to keep your devices and your online accounts secure. Use biometrics whenever you can, and don’t write passwords down on notebooks or share them with anyone.

So, securing your devices and accounts with complex passwords is important, but whenever you can, try to enable multi-factor authentication. Having a combination of two or more factors is ideal, and these are classified into three types; Type 1 is what you know (such as using a password). Type 2 is what you have (a token, or using text messages with verification codes), and finally Type 3, which is what you are (using biometrics, such as fingerprint, and facial recognition).

Train your staff to watch out for online scams, phishing emails, and other kinds of suspicious activities. When you see strange emails, report them to the security team. Most importantly, you should practice good computer hygiene. This means deleting unnecessary data, clearing temporary internet files and history, and disabling autocomplete in your web browser, etc. Keeping your operations systems up to date is also a good way to make sure your data and devices are protected.

As a cybersecurity expert, would you elaborate more on how to secure our home networks and devices?

For your home networks, it’s better to avoid sharing your home wireless key with strangers. It’s also a good idea to change your wireless keys periodically. Always work behind a firewall, such as enabling Windows Firewall on your home PC. Your home routers should be up to date with the latest software. This ensures you can protect your data and work securely from home.

Oh, so there are lots of things you can do to ensure your home networks are safe. What about this; how do you work around the risk of other people in the house using your devices, such as your kids?

Very easy; you should always lock your computer when you’re not using it, even when you’re just going to grab a snack or going to the bathroom. You should also practice shoulder-surfing when working with other people at home.

Shoulder surfing, like shoulder checking when you’re driving?

Yeah! Make sure no one is hovering by your work area; in case you’re working on confidential information. You should also keep your company equipment and data separate from your things. Another option is using screen privacy filters on your screens in order to work securely from home.

What are screen privacy filters?

Essentially, they’re polarized sheets of plastics that you can put over a computer screen, so any other angles wouldn’t be able to see what’s on your screen unless you’re right in front of it.

Cool! So, do you have any last-minute advice you can share with those who are working from home?

Absolutely. At the end of the day, the majority of malware and infections are caused by human actions. We are the first line of defense. C-suites and privilege users such as senior managers, IT admins and financial officers are prime targets by hackers because they have access to a lot of important things. It’s so important that they receive frequent security training and take extra precautions when working from home. It’s also important for your company to have proper cybersecurity in place. Consider implementing managed security services if managing cybersecurity is important to your organization, but you don’t have the expertise on hand to do it in-house.

Security is everyone’s responsibility; awareness and communications are paramount to cybersecurity. Be aware of the potential dangers, take precautions, communicate with your coworkers and staff. These should help minimize the risks of cyberattacks while working from home.

 

Get to know Michael, our cybersecurity expert at SysGen!

Michael Silbernagel

Michael Silbernagel, CISSP is a seasoned and experienced IT and cybersecurity expert with almost 20 years of experience, and 11+ years working with SysGen Solutions Group in various roles. Michael holds a Bachelor of Science degree in Computer Information Systems and is a Certified Information Systems Security Professional (CISSP) – the international gold standard in cybersecurity certifications.

Fun fact: Michael is the father of two young children. In his spare time, Michael enjoys going to the movies, the arcade with his kids, hanging out with friends, playing pool, golf, and bowling.

 

Find SysGen’s IT support and managed IT services in Calgary, Edmonton, Red Deer, Vernon, and Kelowna. Learn more about SysGen’s cloud offering, cybersecurity services, managed security, and digital advisory team. Click here.

Contact Us To Find Out More

 

Headshot of Michael Silbernagel

Michael Silbernagel, BSc, CCSP, CISSP

Senior Security Analyst

Michael is a lifelong technology enthusiast with over 20 years of industry experience working in the public and private sectors. As the Senior Security Analyst, Michael leads the cybersecurity consulting and incident response (CSIRT) teams at SysGen; he is the creator of SysGen’s Enhanced Security Services (ESS), our holistic and comprehensive cybersecurity offering that focuses on people, technology, policy, and process.