Mariner Security Bulletin – The latest updates from Mariner’s security practice lead Anthony English
Hope you enjoyed part one of the Mariner Security Bulletin dedicated to cyber safety in the home office. Check out some additional ‘work from home’ tips from Anthony:
- Video conference safely: If you have not heard of Zoom yet, then you may want to check out some recent news about this free videoconferencing software. It might be free to use for 40 minutes at a time, but it is has several security issues that make it a poor choice to use for work and it is also not a good option for social use unless you activate various security features in it (e.g., waiting room, requiring a password to enter, etc.). Zoom is not the only free web conferencing/webcasting tool out there with security issues so, before you use a free tool like this, do your research:
- Does the tool require a strong password when they are required?
- Does the tool do end to end encryption of your conversation/webcast?
- Does the tool record your conversations or webcasts?
- Clean your tech: Yes, you can safely clean your keyboards, touch screens, tablets, and smartphones. I recommend using either a disinfecting wipe designed for electronics (Canadian Tire carries a product called “Celluwipes” that are good and they also have a web site for these, celluwipes.com ) or you can use a damp (not wet!) disinfecting wipe but keep a dry lint-free cloth (microfibre is best) on hand to wipe immediately as you wipe down your device and avoid getting moisture inside your device.
- VPN is good: a Virtual Private Network is a way to connect from your home to your office network in a secure manner. Basically this technology creates a secure encrypted link directly between you and wherever you are connecting to and prevents some random person sitting in a car outside your house or at another nearby computer or in the Internet from intercepting your communications from your computer, smartphone or tablet and reading whatever it is you are doing (or maybe even tricking your device into allowing them to take control of it). If you are self-employed or if you do not use a VPN at your place of work, you can also buy your own VPN for a nominal fee (I bought for $29 per year from my antivirus program manufacturer). It is tech that you can use anywhere to protect yourself online.
- Want extra privacy when online?: Duckduckgo is an online search tool similar to Google but duckduckgo provides anonymous web searching. Google tracks what you search for online but Duckduckgo never will and it has some other cool features, too! Brave is web browser (similar to Firefox, IE, Chrome and Safari) and Brave was just voted as number one for protecting your privacy online.
- Take frequent breaks: It is crazy to me how fast time flies when I work from home but getting up from your workspace to stretch or walk about a bit every half hour or so is a good idea; if you have a standing desk, then all the better!
Hope this helps you work from home (or telework) safely!
Cyber Safety for Your Business. To assist your organization in assessing potential threats our security team has made available their Remote/Teleworking Risk Assessment Tool. An integral part of the Mariner Risk Management Program this tool will provide a quick snapshot of your organization’s current security situation and help identify gaps that may leave you vulnerable.
ANTHONY ENGLISH Vice President, Mariner Security Solutions
PCIP, C|CISO, MCSE, CISSP, CISA, CISM, CGEIT, CRISC, CBCP, CIPP/C, ISO 27001 Master, CTT+, A+, HiTrust Certified CSF Practitioner, ISO27033 Lead Cybersecurity Manager
Anthony is one of the top cybersecurity professionals in Canada with extensive Canadian and International experience in cybersecurity covering risk assessment, management, mitigation, security testing, business continuity, information security management systems, architecture security reviews, project security, security awareness, lectures, presentations and standards-based compliance. He sits on the Standards Council of Canada (SCC) IT Security Techniques committee (MC/ ISO/IEC/JTC 1/SC 27), the Disaster Recovery Institute Canada (DRIC) Certification Committee, Cloud Security Alliance committee on the security of health care data in the cloud and is an Exam Development Volunteer for ISC2. Anthony has worked in utilities, law enforcement, consulting, education, health care, lottery and gaming, auditing and the financial sector.