Yes, I Work From Home logo Yes, I Work From Home logo

 Episode 16 

 the work-from-home e-mail security guy 

Multiple ways to enjoy the podcast:

Read the show notes     |      Read the transcript

Listen/Subscribe on your favorite podcast app:

                      Click to open on Spotify!                     pngkey.com-stitcher-logo-png-2671980.png 

                   

Show notes 

Dan Wheeler is a professional services consultant who has been in the IT industry for over 25 years but has focused on information security, specifically email security, for the last 6 years. He's been working from home for 2 years now after spending his entire career with an at-work desk job. He tells the story of how he ended up rather unexpectedly changing jobs after a casual conversation with someone, saying that Proofpoint, sounded like a great place to work. He obtained a remote work job with this email security company and appreciated how his company invested time into training him and adding slowly to his workload over the course of the year, something they do in an effort to help employees avoid burnout.

In this episode, April and Dan talk about how some entrepreneurs and small business owners might not be aware of some of the security risks that email can pose. On the contrary, employees of larger corporations might have more protections in place, including having attachments scanned for viruses or campaigns and trainings around the topic of email security such as phishing awareness. Dan breaks down several different measures that peope who work from home can put into practice to keep their computer, their data, and their company more safe to avoid becoming an entry point for a data breach. These include things such as hardwiring as often as possible, keeping work and personal tasks separate, not opening personal emails on a work computer, and using strong passwords as well as multi-factor authentication, etc. 

Check out Dan's blog Email Security Guy at https://emailsecurityguy.tumblr.com/

You can also find Dan here:
Email: dan@teamushd.org 
Twitter: @geekydanw

back to top

Transcript  

April Malone 0:03
Hello, hello. My name is April Malone, and I'm with Yes I Work From Home, and this is the podcast. Today I have Dan Wheeler from North Carolina with me, and Dan, you're just gonna have to tell people what you do because I don't think I caught all of that.

Dan Wheeler 0:17
Yeah, not a problem. Good morning, everybody. My name is Dan Wheeler, and I am a professional services consultant for a company called Proofpoint. I like to think they are the number one rated email security company in the world; Gartner certainly rates us pretty high. But professional services consultant is just a really fancy way of saying that I am essentially an implementation engineer; I get our customers from when they purchase the product to the point where our products are completely in use and configured the way our customers like them. I am also something of a troubleshooter. I am given a lot of odd tasks and random jobs to help our customers out with.

April Malone 0:55
So is that like integration, kind of like Zapier, where you put the pieces together and make them run smoothly?

Dan Wheeler 1:02
Very, very much like that yes. Proofpoint's main product is an email security system that essentially sits between the internet and our customers' email endpoints, ie, their Exchange servers, their Outlook inboxes; so we intercept email from the internet, and if it's bad, we block it; if it's good, we let it through.

April Malone 1:24
So do you work with some of the big hitters as far as like big companies and it's kind of like that--I think when I worked for Mayo Clinic we had some service like that where if it found an attachment or something like that it would...

Dan Wheeler 1:37
That is precisely what our products are doing. We have other products as well, but that is what our focus is.

April Malone 1:44
Right, okay. So Dan and I have a mutual friend, and I had just interviewed Jen Huish a few ago. Her episode was probably just a couple before yours, but we don't know each other in real life; we just have a mutual friend, and I'm thankful that you're able to come on here today because we actually need to know more about internet and email and all of that sort of thing security from home because a lot of people work for an organization, and they just take care of all of that. And then you've got the entrepreneurs and the people who are starting their own small business, and there's probably a lot of scary open things that people aren't thinking about. Like for instance me. You know, once I turned in all of my equipment to Mayo Clinic when they downsized my department and I decided to go ahead and move on, I basically turned in my Cisco box, and they had, you know, the VPNs and all the things that was security, and now I don't have that. So, teach us.

Dan Wheeler 2:42
So, you bring up an interesting point when you mentioned this "Cisco box." That sounds to me like sort of either a VPN encryption system or a way to connect to a specific network. And that is one of the most important things you can have security wise if you are working from home: either a dedicated network line or a VPN which stands for virtual private network. VPN is a method where you set up a public and private encryption key pair--and I'll get more on that in just a minute--and you talk to a server on your corporate environment while encrypting that communication traffic. Public and private key pairs come from a mathematical solution that was discovered in the late 70s where, essentially, you have two different mathematical problems, and one of them is reversible only via the other. So essentially you have what is called a private key, and if you encrypt information with this private key, the public key can decrypt that information, but nothing else can, and the reverse is true as well; the private key can decrypt information from the public key, and nothing else can. So it is essentially a way of sharing something with a another party and saying, "When you talk to us, use this to hide or encrypt the information, and we're the only ones that can decrypt that then."

April Malone 4:14
Okay. I appreciate your bringing it back to layman's terms. That's not my field of, you know, knowledge.

Dan Wheeler 4:22
Not a problem. I'm happy to do that. And in fact, sometimes that is part of my job. The technical expertise of my customers spans the gamut from, "Yeah we're in IT, but we barely know anything," to they might even be at least as good as I am if not better.

April Malone 4:37
Right, okay. So talk to us a little bit about how you started working from home. Because, I mean you have been.

Dan Wheeler 4:46
Absolutely, I have been working from home 100% since I joined Proofpoint. I worked for a mid-sized bank before that, and I was commuting every day; I was driving about 10 miles, so 20- to 25-minute commute, and the company that I worked for was actually a customer of the company I work for now.

April Malone 5:04
Okay.

Dan Wheeler 5:04
Our sales representative and I were talking just very casually one day after a meeting, and almost jokingly, I brought up, "Do you guys have an office in the area? You seem like a fantastic company to work for," and he completely serious said, "Well, most of our positions are work from home these days," and directed me to a website and lo and behold three months later I was working from home 100%.

April Malone 5:29
So who recruited who there?

Dan Wheeler 5:31
Yeah, exactly. Well, funny story, the position that he had directed me to was actually not one that was a good fit, and it turns out that a coworker I worked with in New York City back in the late 90s actually worked for the same company as well, worked for Proofpoint, and he directed me to the position I eventually got, and it turned out to be a boom for him because he got a referral bonus.

April Malone 5:57
Oh, right. Yep.

Dan Wheeler 5:59
So, it turns out they're a fantastic company to work from home for. They have corporate offices all around the world actually; we are a worldwide organization, but working from home turned out to be a fantastic transition. I was very nervous about it because I had never worked from home full-time before. They happened to have a stipend where they helped me buy extra monitors and a desk for my home office, and--

April Malone 6:29
Not everybody gets that.

Dan Wheeler 6:30
Yeah, yeah. There was a big packet of information that was sent to me. I got sent a laptop with most of the security tools built in, and the first week was essentially orientation where we would sit on Zoom sessions and work with IT to configure our equipment to the point where it was usable for work.

April Malone 6:48
Right, and obviously it would need to be very secure because you're in the business of security.

Dan Wheeler 6:53
Yes, absolutely. So I sign on to a VPN every morning, and that uses what is called two-factor authentication. We use two-factor authentication with a physical token. I can actually show you a video of that right here.

April Malone 7:10
You know, when I worked for Mayo Clinic they mailed out one of those to everybody, and for whatever reason, I think my department didn't end up having to use it, but it was there and ready.

Dan Wheeler 7:23
So this physical token generates a random number every 60 seconds that is required to log into our company servers. In addition to that, we obviously keep extremely strong passwords. We are encouraged to use fairly complex passwords, and finally, in order to access anything sensitive, I have to have a combination of my normal login, this security token, and--remember how I mentioned just a few minutes ago the public and private key pair?

April Malone 7:55
Yeah.

Dan Wheeler 7:55
I had to generate my own private key, and my public key is actually living out there on our corporate network and confirms, with yet another method, I am who I say I am.

April Malone 8:05
So this sounds like three-factor authentication.

Dan Wheeler 8:08
It is actually, yes.

April Malone 8:09
Did I say that right?

Dan Wheeler 8:11
No, no, you absolutely did. Essentially, the more factors you add, the more secure you are, assuming those factors are unique.

April Malone 8:20
Okay.

Dan Wheeler 8:21
There is a recent study that shows two-factor authentication, if it is on the same device, essentially is useless. If that device is compromised, it really doesn't matter if you have two-factor authentication because threat actors/bad guys can can get to that device by one stop and they have--

April Malone 8:39
That's why they text you on your phone or call your phone.

Dan Wheeler 8:41
Exactly.

April Malone 8:43
But if your phone is dead or lost, then you're kind of up the river.

Dan Wheeler 8:46
Exactly. No, no, that is correct. If your primary access point is compromised, it doesn't matter if you have multi-factor authentication if all of those factors live in the same point.

April Malone 8:58
Okay. Well, that gives me a lot to think about. Why don't you just keep talking.

Dan Wheeler 9:04
Not a problem. So I got started out working from home, and it was extremely different from the normal butt-in-desk job that a lot of folks have. First off, I was trained for almost three months before I first started to engage with customers.

April Malone 9:26
Wow.

Dan Wheeler 9:27
I was doing what we called shadowing other people in my role pretty much full-time for the first two months, and then I had to pass certification exams and tests, and at that point, I took my first customer call, and let me tell you I was extremely nervous. This was a new setup for me. I had never worked from that side of the chair in implementing customers, and it was fairly nerve wracking those first few sessions where I was live; I was leading a meeting; I was walking customers through our product to configure them, working with them to get their organizational needs built into that configuration. And now almost two years later, my schedule, as I mentioned earlier, is pretty much completely full. I have a minimum of 32 hours of customer-facing time a week, and those are all hard scheduled to the point where I don't think I have a free hour before the end of November--

April Malone 10:29
Wow.

Dan Wheeler 10:30
--at this point in time, and that's fairly typical for me.

April Malone 10:34
Do you generally do like conference calls or phone calls, or do you do face-to-face like Zoom sessions and stuff?

Dan Wheeler 10:41
Both. It is always audio of some sort. My direct boss encourages us to use video conferencing just because it is a level of reassurance for people that they can see you; they can know that you are a real human on the other end rather than just, you know, some guy sitting in a blank office wearing a headset who's just a voice on the phone.

April Malone 11:03
Okay. Yeah.

Dan Wheeler 11:05
But in addition to that, very often people are sharing out their screens, and I am directing them to make certain changes.

April Malone 11:13
Okay.

Dan Wheeler 11:15
On rare occasion, a customer will share out their screen, and I will ask for permission to control their computer. Typically, this is because if I have to log in with a higher-level security account or if I'm typing out a very complex command and I just don't want to spell it out over the course of a minute, it's much faster for me to just type it.

April Malone 11:35
Right. I'm curious: Do you use Zoom; I know that there's a lot of security concerns with that platform, or do you use something different?

Dan Wheeler 11:45
Proofpoint's default corporate communication method is Zoom.

April Malone 11:49
Okay.

Dan Wheeler 11:50
We have our own dedicated Zoom, what is called an instance, meaning that we have preset security keys; we have a certain license package, and we have been guaranteed that all of the computers we are using are going to be in the continental United States.

April Malone 12:04
Okay.

Dan Wheeler 12:05
But we will absolutely use any other telecommunication product at a customer's request assuming it's easily available.

April Malone 12:13
Teams and stuff?

Dan Wheeler 12:13
Typically that's going to be teams or Webex, yes.

April Malone 12:15
Got it. Okay, so you said that continental US. So that means you can work from home, but you can't work from Hawaii or abroad.

Dan Wheeler 12:24
You absolutely can; you would just be connecting to telecommunication centers in the US.

April Malone 12:28
Okay, so as long as you use that VPN, you can live abroad?

Dan Wheeler 12:32
Precisely, or in this particular case, if you are signing in with your corporate account, it is associated with a Zoom center that they have guaranteed is in a certain data location.

April Malone 12:42
Okay, I get it. So this is about Zoom, not so much about where you are.

Dan Wheeler 12:46
Correct.

April Malone 12:46
Okay. Sorry, I get confused easily.

Dan Wheeler 12:50
No worries. Not a problem at all. We are a worldwide organization. We have offices all around the world. Some of the bigger ones are in Israel, Belfast; I believe--yes--Sunnyvale is our corporate headquarters. We have a very large office in Salt Lake City and others all over the U.S. and Canada.

April Malone 13:09
Interesting. Alright, so let's talk about those first few months. You were learning a completely new skill set, or were you able to take anything that you knew from the bank industry into this new corporation?

Dan Wheeler 13:23
So when I was working for the bank, I was an IT expert. I've actually been working in IT since the late 90s.

April Malone 13:28
Okay.

Dan Wheeler 13:29
I started out right out of college. Actually, the day after graduation, I was very lucky in that Johns Hopkins University had seen my resume; I had applied for a position, and they flew me down to Baltimore on their dime for an interview.

April Malone 13:44
Nice.

Dan Wheeler 13:44
And then immediately after that, I drove across the country with three of my best friends from college. We spent about a month just driving all over, and I think about three weeks in, I called home just to check up on my parents and--you know, being a college kid hadn't really thought to let them know I was still alive--they let me know that Johns Hopkins had called back and essentially offered me the job, so I had a job waiting for me when I got home from that post-graduation roadtrip.

April Malone 14:09
Was this before cell phones?

Dan Wheeler 14:11
Yes, it was, so we were looking for payphones. We had phone cards.

April Malone 14:15
So they couldn't be like "Hey, you got the job." They were waiting on you.

Dan Wheeler 14:20
I've essentially just given away at least how old I am.

April Malone 14:24
That's okay, I'm right with you.

Dan Wheeler 14:27
So I was extremely lucky to have a very good job right out of college. After that, I ended up working on Wall Street; I was actually right in the heart of New York City, and I was about a block away from the World Trade Center on 9/11 in addition to that.

April Malone 14:41
Oh my goodness.

Dan Wheeler 14:44
Because of that, that started some dominoes falling to where I moved to North Carolina. I worked for the state government of North Carolina and then this bank, and now here I am with Proofpoint. So I've been in IT since college.

April Malone 14:59
Okay. You've watched it transform.

Dan Wheeler 15:03
Yes, absolutely. It was very much a desktop support/occasional application support kind of situation at the very beginning to the point where I help other organizations set up their IT essentially. But the bank skill set translated very well. I was the primary what is called messaging administrator for the bank. I handled pretty much everything email, and because of that, it was a very nice skill set transition to Proofpoint.

April Malone 15:36
So, we'll get back to Proofpoint in a little bit, but I want to talk a little bit about your transition. Like you said it was a little nerve wracking for you to have that customer service experience as far as like being online. Can you talk a little bit about just the transition to working from home. They gave you some of the equipment that you needed. Did they give you everything you needed?

Dan Wheeler 15:58
In a way, yes; everything physical, everything equipment wise. The biggest thing I missed absolutely in that transition was being able to pop my head over a cubicle wall and just ask a coworker, "Hey, how do you do this?" What is normally a 10- to 20-second conversation with a coworker, when you are working from home becomes, "Let's see. I need to email this person," and if it's the wrong person, they get back to you, and they might know who the right person is, and through a chain of emails maybe two hours later, maybe even two days later, you finally get the answer you're looking for.

April Malone 16:31
Yeah.

Dan Wheeler 16:32
So essentially, every little problem becomes a really drawn out process when you first start working from home. Every organization has what I like to call tribal knowledge, where it's not written down in a handbook, but you need to ask, "Hey, I want to change my direct deposit account. How do I get in touch with HR?" If you're working in an office, like I said you pop your head over the cubicle wall, you ask your coworker, and they tell you; if you're working from home, you toss something out in Teams, and if somebody doesn't answer, then you send an email, and if somebody doesn't answer, then you send another email.

April Malone 17:07
Yeah. I think my husband deals with that more with his line of work. He's an engineer. And when you can physically see someone, like he sits across the way from his manager, and like he could just turn his head and just say, you kno--or as soon as his manager stands up and like walks out towards him, he can just like pop that question in 20 seconds, but now you know it is a little cumbersome you know; you're never sure if that person is available or the right person.

Dan Wheeler 17:39
There's an old joke from when I used to work in an office. It's called prairie dogging when you see somebody stand up over the cubicle wall, just because that's how they stand up out of their holes in the ground out there in the Midwest.

April Malone 17:52
Yes.

Dan Wheeler 17:53
So when somebody is prairie dogging, folks tend to look at that person and, "Hey, do you have a question?" is the kind of expression you have on your face at that point in time.

April Malone 18:02
That's pretty funny. It made me think of a very different visual there. Have you seen that movie? What is it--sunshine something...I can't remember.

Dan Wheeler 18:13
It does sound familiar.

April Malone 18:15
Everyone else that's listening will know. Anyway. Yeah, that's a real thing. Did you miss the actual like interaction that you would have had in the office, or were you more of an introvert that didn't really care.

Dan Wheeler 18:29
So if you put stock in the Myers-Briggs personality type, I am definitely on the introverted side of things which is ironic because here I am on a podcast sharing myself.

April Malone 18:40
Hey.

Dan Wheeler 18:41
But I did miss that interaction where if you were having a stressful day you could go to a coworker that you bonded with and vent for a little bit. It is a much more difficult process here. I have--so my organization is a large organization; we're talking about thousands of people. However, I have what I call a clique on Teams where seven of us have bonded. We all come from similar backgrounds. We are able to talk and share experiences, and most of the time, we are discussing work and helping each other out, but fairly often we are also talking about real life, and we've become friends essentially through this, and it has taken the place of a trusted group of coworkers, essentially where you would be sitting in an office, and you have the folks around you that you probably get along with--You don't always; you can't guarantee that. One of the interesting things about working from home is, if you don't get along with one of your coworkers, it is much easier to just ignore them and pretend that you're not getting along.

April Malone 19:50
Or just not be available.

Dan Wheeler 19:52
Exactly, yes. Unfortunately, part of my job is being available for almost any situation. I am a subject matter expert (SME) for a few different areas, so unfortunately, if people ask me questions on those areas, I'm obligated to answer.

April Malone 20:08
Right. So when I interviewed Jen, our friend, she would talk about as a manager she would, I think she has weekly meetings, where she just asks people to, you know, talk about the problems that they're having and also just real life stuff. Does your organization have something like that in place? Because when I worked for 17 years, well 10 of those years I think were from home, we didn't have anything formal like that other than a Christmas party once a year, a holiday party. What do you guys do?

Dan Wheeler 20:37
So, I am in an overall group that is about 50 people total; I would say 37, 38 of us are highly technical. We have a small layer of managers and then some support staff that are essentially indispensable traffic cops. They route things, they get things to where they need to be. We have a weekly meeting on Thursdays that is typically technical problem solving or training, but very often the last few minutes of that meeting is reserved for essentially venting if you need to. In addition, I am part of a smaller organization that focuses on extremely specific technical areas. We meet every Friday, and that group of a dozen of us--excuse me--we absolutely use that Friday time to to discuss real world problems, help each other out with anything. For example, my water line between my house and the city water line broke about two months ago.

April Malone 21:44
Oh dear.

Dan Wheeler 20:54
And I ended up having to get a plumber out to essentially shut off the city water, dredge my yard, put in a new water line, and throughout this experience, some of my coworkers who have experienced this sort of thing before or knew enough about plumbing said, "Oh, make sure they do..." blah, blah. You know, "When you talk to the plumber, make sure that they're going to use this type of piping," or something along those lines. So just anecdotally, that is a way where on this hour long call every Friday we were able to assist each other outside of work in a very similar fashion to if we were working in an office.

April Malone 22:20
Yeah. I like it. I think that it's good when people have that opportunity because not everyone would make that for themselves. But do you think, like as an introvert, that that feels forced, or does that feel very natural for you?

Dan Wheeler 22:34
It's difficult to do. I often have a hard time giving a full story just because, as an introvert, I think part of my introversion is what I call "getting into my own head too much."

April Malone 22:47
Yeah.

Dan Wheeler 22:48
Where I start to worry about what other people will think, so I filter or sanitize my thoughts to what I think they want to hear.

April Malone 22:55
Okay.

Dan Wheeler 22:57
So that is an interesting point that you bring up because working from home, especially if you're communicating over a text-based medium, that problem tends to compound itself, where I will start to type, and then I'll delete everything that I typed because I think that's not what people want to hear--

April Malone 23:16
Too much, yeah.

Dan Wheeler 23:16
--rather than what I really need to say.

April Malone 23:18
Mhmm. So I am on the other end of the spectrum. My husband is very introverted, and he is a man of little words in public; at home, you know we're fun and hilarious, we share all the things. But it's interesting to see him like in that kind of setting and, you know, kind of keeps it to a minimum. I don't think he chit chats, you know, at work really. He probably is reading the news on his lunch break kind of thing. He's actually onsite this week; every seven or eight weeks, he has to go on site and physically be there when he's on call. He was there 100% of the time for the first four years or whatever it was that he worked there, and then with the pandemic, they all came home, and they gave them a stipend; they gave them a desk and a chair and a monitor and things. And you know, he was allowed to bring some equipment home, so he's been home with us, which is great for us, but he has to go onsite every so often. There's not very many people on right now. They're actually increasing his onsite presence to once every four weeks right now; they have a team that rotates that's on call, and that number of people has shrunk. They've had a few people out for different reasons. So it's really interesting for me to have to try to like think about well if I had a Friday meeting where I could vent, I'd be like there with my party hat on. Like I'm ready to go. This is like my life. You know, I crave that interaction, and I know for him it would probably feel very uncomfortable.

Dan Wheeler 24:45
There are varying levels of comfort depending on who is in this meeting; as I mentioned earlier, my overall group is somewhere in the mid-40s personnel wise. The group I tend to interact with is about a dozen people. I would say all but a few of those I would be okay discussing just about anything with, and then again, I've kind of fallen in on Teams where we've set up our own little chat room where it's typically five of us, and those guys I could say anything to.

April Malone 25:15
Right.

Dan Wheeler 25:15
And by "guys," there is one female in there, so those "folks" I should say to be proper here. So yes, I am perfectly fine sharing anything with that particular smaller group.

April Malone 25:31
Mhmm. Do you feel like your company encourages that kind of interaction, like it's not exactly work related. Like, overall, do you think that has a benefit for the organization to let people have that hour to talk about other things, or are they kind of like top down like "You need to be productive and focused all the time."

Dan Wheeler 25:52
On that hour meeting, there is often a manager, so if they feel that we need to be talking about work things, they'll direct the conversation in that direction. But very often a manager will join that Friday call, and they'll just simply let us vent knowing that is a helpful situation. One of the things I love about my company very much is that they are extremely cognizant of the work-life balance.

April Malone 26:16
Yeah.

Dan Wheeler 26:18
One of the reasons I'm talking to you here today is because we were given what is called a wellness day.

April Malone 26:23
Good.

Dan Wheeler 26:24
The reasoning behind it essentially from HR was, "We know COVID is a huge pain in the rear for so many people or actually a financial hardship for others. Take this day off to get your life in order," essentially.

April Malone 26:37
Wow.

Dan Wheeler 26:38
I find that extremely progressive and extremely helpful. In addition, our company absolutely encourages us to contact our manager. If you are getting burnt out, let your manager know before you ever even get to that position. About a week ago, I mentioned in a very large chat with that whole group of 45 people that I was pushing 50 hours for this week, and I had a manager that I very rarely speak to send me an email about 20 minutes later saying, "Hey Dan. How are you doing? Do you want to have a 1:1 meeting. I'm a little bit worried about your workload. I don't want you to get burnt out."

April Malone 27:18
Right.

Dan Wheeler 27:21
In addition to the three-month ramp up time when I first started where I was actually starting to be useful to my employer, I did not get to what they call 100% load, where I was taking 32 customer hours a week, for about a year after I started. So it is a fairly significant investment for them, and if I get burnt out after just that one year, it's really not worth it. When I first interviewed for Proofpoint, I went through seven Zoom interviews, and it was a fairly extensive process, and each of those seven interviews was a good hour long. They feel that they can teach technical skill, but the right personality and attitude is absolutely detrimental in the hiring process. If they don't think you're going to be a good fit, if they think you're just looking for a quick pay boost, they won't hire you.

April Malone 28:16
Was that all in one day, the seven interviews?

Dan Wheeler 28:19
No, no. This was drawn out over two, maybe even three, weeks.

April Malone 28:24
Oh my husband had an interview--he didn't get that job--it was his very first interview out of grad school, and it was seven interviews in one day on site. He drove there, and it was a significant drive--he could have flown--but it was back to back to back to back to back. And he started with one guy; he went to, you know, five other people, and then he came back, so the seventh interview was like a wrap up with that original person. Woo. Intense, intense. So you feel as though they had a really nice transition for you from working your corporate job into--

Dan Wheeler 29:03
There were some pain points. One thing I can highly encourage any organization seeking to have a work-from-home workforce is document to the point where it seems like you're over documenting and, if at all possible, have all of those documents be set up in a logical and ordered fashion because there is nothing more frustrating--

April Malone 29:23
Documenting what?

Dan Wheeler 29:24
Everything. HR processes, different team handbooks, different position handbooks; anything that could possibly be documented, have them in a specific area where somebody could easily look that up just because of the whole tribal knowledge thing. When you are working in a corporate environment in an office, tribal knowledge doesn't become that big of a deal because, as I've mentioned before a few times, you can just pop your head over the cubicle wall and ask somebody; when you are working from home, especially if it is a time-sensitive issue, it becomes very anxiety ridden. "I need to find this out, and I need to find it out by tomorrow," and trying to track that down becomes a drawn out process where it could be 5 to 10 minute interactions with five or six people, and then all of a sudden, that's a full man hour of work. In the corporate world, that matters.

April Malone 30:20
Yeah, right. Did you have any paper copies of any of the most crucial things for like your setup, or was everything something you had to access online?

Dan Wheeler 30:29
Everything was something I had to access online with the exception of the initial instructions that came with the laptop. Basically, I got a nice box from Dell. I opened it up, and there was a stack of papers of, "Here's how to get online to the point where you can access everything else."

April Malone 30:44
The rest of it. Yeah. I remember we used to have to have a manual, like literally a manual, and it was paper copies for the event of like if your internet goes down, if you get disconnected, if you have to switch out your equipment, but then they constantly have to like try to send us new copies of that, and they didn't expect us to have a printer to print it, so they would be mailing us all these revisions all the time, which kind of seems silly, but at the same time, when you got disconnected and you couldn't get reconnected, it was important to have, you know, the phone numbers of the, you know, the line of command that you would be calling for the IT support and things that you might not have saved on a Post-it note or something like that.

Dan Wheeler 31:28
That brings up a very interesting point actually. When you were working from home, there is a single digital pipe between you and everything else. So I can't encourage people enough: have some sort of backup available if your primary ISP, your internet service provider, goes down. I am lucky enough in that I have a phone that allows me to tether, so if my internet goes down, it's a minute later I'm back online; even though it's much slower, it's still fast enough to handle my workload.

April Malone 31:59
I have used that. I teach English online as my kind of side gig now; well it's been my main gig for two years, but I'm transitioning again into making this my business, but when I worked for Mayo Clinic, I was not allowed to use a laptop. Like I couldn't just go to the coffee shop. I had to be literally in my home office because of the security systems; we were working with, you know, confidential information, patient information, and they were very picky about. They actually were very slow to let people work from home because they wanted to make sure they had that security element in place, and then that transitioned over time, like they went from like the VPN or the virtual computers and the physical--you know they did all these different things. Over the 10 years, we probably had to reconfigure everything about five times. When I started teaching online, I could, if my internet dropped--I had never used a hotspot, and I had to learn what that was. And, you know, I learned a few tricks like you can use the WiFi version of the hotspot or you get the cord and, like you said, you can tether. Is that what you meant by tether, like get your phone connected to your computer?

Dan Wheeler 33:12
I think tethering technically just means using your phone as essentially a hotspot for your computer, but you can physically plug it in and use that connection instantly. Absolutely.

April Malone 33:22
I feel like it's faster than the WiFi version.

Dan Wheeler 33:26
One of the interesting things about the difference between wired and WiFi is that wired is almost always going to be faster although technology is constantly changing. In addition, wired is always more secure.

April Malone 33:37
Okay.

Dan Wheeler 33:38
With WiFi, you know, theoretically there are signals going; you never know quite how far they are going to go, and they can be intercepted. Wired communication can be intercepted as well, but we're talking about CIA level of hacking there.

April Malone 33:53
Okay, right.

Dan Wheeler 33:54
I actually use wired connections for everything in my house.

April Malone 33:58
I try to, yeah.

Dan Wheeler 34:00
You know, here's a good old network cable right here--

April Malone 34:04
Yep.

Dan Wheeler 34:04
--sticking out of the back of my computer that I have if I need, but I have a switch sitting right next to my laptop; there is a cable going underneath my house all the way back over to the other side of the house where the ISP comes in, and I'm extremely lucky in that I have Google Fiber in my area.

April Malone 34:21
Oh.

Dan Wheeler 34:22
They're inexpensive, and they are ridiculously fast.

April Malone 34:26
I can only dream until the day. I have something similar. Here in the Phoenix area, we have an internet provider they call Gigablast; it's like their equivalent or their wannabe fiber-level speed.

Dan Wheeler 34:41
You need to look for advertising royalties for both Gigablast and Google now that we've both mentioned them.

April Malone 34:46
Yes, yes, and check into that. I think our internet--the internet provider that I use here is called Cox, and it's cable. I think I've gone through the transition from the DSL--is that right?--DSL to the cable, and the fiber would be the next thing. But my company always required that we had internet, the router box in the same room as we worked because that seemed to make it better. But I know some people that will, you know, basically run that Ethernet cable all the way through their house, which to me I'm like "Just have your internet people punch the hole into the wall and get it into your room are you are."

Dan Wheeler 35:27
Yes.

April Malone 35:28
If I need a reset, I don't want to have to run across the house. I don't want to have to run across the house to see if the light is blinking or not.

Dan Wheeler 35:35
For sure.

April Malone 35:38
So let's keep going. Tell us more about what we could do to make our home office more secure, especially for those of us who are in the more entrepreneurial world; like, you know, my corporation told me what I had to do, but now I have to figure it out for myself.

Dan Wheeler 35:55
Well to add on to what we were just discussing, if you have the opportunity to use wired network over wireless, absolutely use that. It is a couple hundred bucks' worth of hardware and a few hours reading to figure out how to intercept signals from WiFi, but again, it basically requires CIA levels of hacking if you were going to intercept signals from a wired communication format.

April Malone 36:23
And from a security standpoint it's better, but it's also better for speed.

Dan Wheeler 36:27
Absolutely.

April Malone 36:28
Like especially if you're doing Zoom; you know, my kids often are watching Netflix downstairs via WiFi, and so when I have my Ethernet connection, I'm not compromising as much of my speed and the quality of our call. So there's two reasons you should do this.

Dan Wheeler 36:49
One thing I see very often is that people will use their work computers for personal reasons. I can't encourage enough to 100% segregate your work life from your home life when you are working from home. If you have a work computer, you should not be using that for anything but work. Anything personal that you do on that work computer, that is a chance where that work computer could be compromised.

April Malone 37:16
Like such as?

Dan Wheeler 37:16
So in interacting with with so many customers throughout the day like I do, I will very often have a customer sharing out their screen so that I can guide them through configuration processes, and I will see them with browser tabs in the background on Reddit or ESPN or something like that. And if you are going to these websites, at the end of the day, you don't know where those servers live. You don't know, even if it's a perfectly legitimate website, if they've been compromised and everything you type is being recorded or if that website is dropping cookies on your computer, and those cookies are tracking your information.

April Malone 37:20
Interesting. So I think when I worked onsite, like over time they kept, you know, taking away things from us. After a while, they'd be like, "You can't use Facebook on your work computer." Understandable from a productivity standpoint. And then news; they actually said, "You can't check the news anymore when you're at work on your work computer," because when Michael Jackson died, apparently we broke the internet; like, you know, Mayo Clinic wasn't working at full capacity because so many employees were checking the news. When 9/11 happened, you know, everyone is just checking and checking and checking--and for good reason of course--but now that we have smartphones, it's a little tricky, you know; like you want people to be productive and also secure.

Dan Wheeler 38:46
That's an interesting point. My personal viewpoint on that is I have worked jobs where I didn't have enough to do, so I was essentially sitting at my desk bored, and I despise that. I would far rather be over busy than not busy enough. That is my personal viewpoint. From a corporate viewpoint, if you were working at home with a work computer in the vast majority of situations, you don't own that work computer, your business does, so they absolutely get to tell you what you should and can do on that computer. They can tell you you can't browse to news sites. They can tell you you can't go to your personal email or Facebook. In addition, personal email sites are one of the biggest threat vectors, meaning your personal email, your Gmail because it is a freeware site--you are not paying for it--it has limited security compared to your corporate email in most situations. So it is much easier to send through a well-crafted phishing email that may convince you to give up your credentials or click on a link that all of a sudden infects that computer. If that's your work computer, all of a sudden you are now the entry point for a hack, as we've seen with so many organizations--Equifax a few years ago. That is a huge deal, and most organizations are not big enough to survive what happened to Equifax. They're lucky in that there's only three companies in the world that do what they do. So the fact that they messed up that bad, and there's only a few of them allowed them to survive.

April Malone 40:22
Oh yeah, I would not want to be that person.

Dan Wheeler 40:26
It is an absolute proven fact that email is the number one threat vector for information security these days.

April Malone 40:32
Does your organization do that thing... I know my husband just the other day he was like--he's in our bedroom, and I'm in the closet through the bathroom actually--and he goes, "Aha!" or something like that, and I was like, "What?" And he was like, "Oh, I just, you know, I just reported a phishing email," and it was part of their like, "Congratulations, you didn't get deceived by the phishing email." You know, you're helping prevent it, yeah.

Dan Wheeler 41:00
Yes, that's called threat simulation, and my company absolutely does that. Proofpoint actually bought a different company called Wombat Security back in 2018, and Wombat's entire business line was creating simulated phishing campaigns so that you could test your employees as well as offering training material to teach your employees how not to fall for those things. So we have fully integrated that into our products at this point in time, and on rare occasion, they do that even to us who are considered the experts.

April Malone 41:32
Wow.

Dan Wheeler 41:33
It's funny. I've had a few coworkers actually click on those links and fall for it, but nobody in my specific security area.

April Malone 41:41
Right. I definitely was a little bit more suspicious of those kinds of emails when I was at work when they were being sent to me because I'm like, "Aha," and they weren't always that great; they probably are more sophisticated now than they had been in the past, but so are the hackers and the phishers or whatever you want to call them, the scammers, more and more and more sophisticated.

Dan Wheeler 42:04
Industry wide, the bad guys, hackers, scammers, phishers, whatever you want to call them, the technical term is actually threat actors, and we will very often abbreviate it, and different threat actors actually have different assigned numbers, and those numbers are typically constant across organizations. So even our competitors will use the same acronym, so it will be TA578, for example--I'm picking an arbitrary number there--but that could represent one of the major threat actors from Russia or North Korea are one of the not-so-friendly countries that love to cause trouble with other countries. They have widely known names to the point where industry experts if you mentioned TA597, everybody goes, "Oh, they're one of the bad ones." You know, a reaction like that.

April Malone 42:54
I remember in the past, I'd be like, "Well you can usually tell because like their English might not be very fluent sounding," and now I'm like, "I think their English probably will be fluent sounding because they'll just hire someone to, you know, proofread it for them first."

Dan Wheeler 43:08
Or they may be fluent in and of themselves. We tend to be moderately spoiled here in the United States and typically do not have that strong of a grasp of a second language where everywhere else in the world, they pretty much always are fluent in at least two languages.

April Malone 43:27
True, true. Yeah, absolutely. Absolutely.

Dan Wheeler 43:32
In addition, with the internet there are no geographical boundaries anymore. Very often I will be working with a customer, and they'll say, "So we want to block all emails that aren't coming from the United States," and I will bring up the point with, you know, "What's to stop a Russian threat actor who's compromised somebody's credit card from just buying or renting a server in the United States?" Usually they'll ponder and go, "Oh yeah, good point."

April Malone 43:58
It's not that easy anymore.

Dan Wheeler 44:00
Yep. There are no geographical boundaries on the internet.

April Malone 44:04
So, so far you've said, try to be hard wired, use multi-factor authentication--I feel like I'm saying that word wrong.

Dan Wheeler 44:12
No, no, absolutely, you've got it right.

April Malone 44:13
What else?

Dan Wheeler 44:17
The whole separating your work computer from your personal computer life, and be cognizant that email is the number one way in which a threat actor will try to get you to click on a link or respond. There are three different types of emails that we see most often that are going to compromise you somehow. The first is basically called malware; that is typically in the form of a web link where you click on it and you go to a website. And with the way that modern web browsers work, they can theoretically push a bad file to your computer, or they can disguise a good link as something that is going to harm your computer where once you've clicked on that link, you've infected yourself. You've downloaded a file; that file will do really bad things. It might steal your credentials; it might start to cryptographically encrypt your organization's files and then ask for ransom; ransomware, it's called these days.

April Malone 45:18
I have like this big gulp because we've got three kids who are online during school, and they're doing research, like they're researching, you know, my son is writing a paper about bees, and my daughter is learning about the electoral college, you know. Just different things, and even my kindergartener is--I'm helping her--but she wants me to print out coloring pages, and I feel like--I don't know--but now that I'm looking for these coloring pages, every once in a while I'll click on one, and I'll be like, "This site seems a little bit suspicious," but she wants that coloring page so bad I'm going to click on it, and then it doesn't do anything, and I'm like, "Crud. What just happened?" You know and like I haven't always been super savvy and maybe should learn a lot more about like even just putting like everyone thinks about like the protection that you put on your computer. Can you talk about that at all?

Dan Wheeler 46:08
Yeah, absolutely. So most computers these days have, at the very least, virus protection; McAfee, Symantec, Kaspersky, those are some of the more popular ones. Keep in mind that viruses in modern times represent an extremely small percentage of attacks on your computer; viruses have not changed since the late 1980s when they were first basically invented, when computer viruses became a thing. And the way to detect them has not even changed since the 1980s, so those are not the biggest threat. So getting the warm and fuzzies just because you see Symantec in the bottom right corner of your computer is not a good thing. You need to be aware of where you are going and what you are clicking on. In addition, if you get any kind of suspicious feeling from an email, it is always better to try to reach out to who the originator purports to be rather than clicking on reply.

April Malone 47:05
Right. Okay, so find a different way. Like when people, it looks like their Facebook account has been hacked and someone's impersonating them, instead of just trying to message them, I will text them and be like "Hey, did you know...?"

Dan Wheeler 47:21
Keep in mind that that text point might be the entry point with which their system got hacked in the first place.

April Malone 47:26
Oh gosh. Ah.

Dan Wheeler 47:30
No, no, you have the right idea. Basically try to validate them through different means. But in the corporate world when we're talking email, it is typically safe to assume that your corporate email has not been compromised yet, so if you do get an email that purports to be your boss, and it looks even just slightly suspicious, hit your boss up on Teams or email them directly; don't click reply, and ask, "Hey, did you send this to me? It looks just a little bit suspicious." That tiny bit of human spidey sense, as I call it, can go a really long way in protecting you from your computer being compromised, your work computer being compromised.

April Malone 48:11
Wow. So when your boss emails you and you click reply or hover, usually you can see where the sender is coming from, but like how well can they mask that?

Dan Wheeler 48:23
So typically, there are two methods in which, you know, somebody is sending you an email. Email actually is very analogous to postal mail in that when somebody sends you a letter, there are two spots where you can see it's from them. One is on the envelope in the upper left hand corner; that's the return address. The other is inside when you open up the letter, either at the very top of that letter or at the bottom where their signature is; so email has what is called an envelope sender, that is actually part of the communication when the email is being transferred from their servers to yours. And in addition, there is the message header "from." Think of that as the signature inside on that letter. The envelope sender is very difficult to spoof, in most situations; the message header FROM is extremely easy to spoof. Even Gmail will allow you to change the message header FROM field on email, so if you are worried, don't click links in that email. If you click reply, it's going to go typically to the envelope sender and not the message header FROM. So you can very often see after you've clicked Reply, "Alright, is this going to who it says it's going to?"

April Malone 49:33
Right. So as long as, if I click reply and I look at that, I haven't necessarily--well I opened the email--if they can see that I've interacted with an email, but I didn't click a link, and I didn't actually reply to them with any information, when I'm just looking at that sender reply. Help me out, throw me a bone.

Dan Wheeler 49:56
No, no, no. You are on the right track, absolutely. So hovering over links is a fairly tried and true method, keep in mind there are ways of hiding links of where they're going to.

April Malone 50:08
Oh like rerouting them and stuff.

Dan Wheeler 50:10
Or going to like Bitly.

April Malone 50:13
Oh yeah.

Dan Wheeler 50:13
If you've ever seen the really short links.

April Malone 50:15
Oh yeah.

Dan Wheeler 50:16
I never trust a Bitly link.

April Malone 50:17
Right.

Dan Wheeler 50:18
But yes, hovering over something to see if it's actually going there. Microsoft does not make it easy to look at what are called email headers, but they can be fairly cryptic and fairly technical. If you have the ability to view headers, that is good. Gmail, just their basic product, will show you if messages are coming from who they say they are coming from. There are what are called authentication protocols that allow you to verify a senders ID in the email world.

April Malone 50:47
Okay. So all this talk, I have this little window that I keep hiding; it's my McAfee alert, and sometimes I don't know what to do with them, and so I just hide them, so they don't keep popping up. And I don't know how long I've been doing that. I'm not exactly sure how secure my computer is right now. What do you recommend for someone like me who is like probably should do something now after having this conversation, I'm like, "Next step."

Dan Wheeler 51:17
That's an excellent point you bring up of information overload, especially from security products. If McAfee or Symantec keeps bugging you that there's, you know, a tiny little problem, you will train yourself essentially to ignore everything they say. It's pretty much a common human experience, and we are seeing this in the real world today to the point where we're having this second COVID wave just because so many people have started to ignore the warnings. If the warnings continue for such a long time, they become part of our daily life, and they're no longer warnings; they're annoying.

April Malone 51:51
They don't feel urgent.

Dan Wheeler 51:51
Exactly. In the same way, in the computer world, you're going to get that same type of information overload where if your security products are constantly telling you, "Hey, you've got a problem here," you're going to eventually ignore it, and when they do actually present you with a legitimate problem, you are not seeing it. It's very much a Chicken Little sort of situation, "The sky is falling. The sky is falling." Well, I'm going to ignore you from now on.

Right. I'm going to check my message again. I think this one is just a popup that says, "Allow us to load our software from the security and privacy pane so we can set up your protection," so I don't know if I'm even protected with McAfee. I have no idea who's protecting my computer right now. I feel like there's more than one.

I am afraid I cannot speak to that because I am not an endpoint security expert; I tend to be an overall corporate security expert focusing on email, so I don't want to give you any bad advice when it comes to McAfee. I can tell you, in general, typically rebooting your computer is never a bad thing. You are essentially wiping your memory clean; you are bringing it up from a known starting point. There's a reason why when you contact helpdesk, the very first thing they ask is, "Did you reboot yet?" Because that does solve a large variety of problems.

April Malone 53:04
That IT crowd, did you turn your computer on and off? I can't remember the exact quote. But I restart my computer every day, but I don't like shut it down--

Dan Wheeler 53:13
That's fine.

April Malone 53:14
--and turn it back on. Which one is rebooting?

Dan Wheeler 53:18
Rebooting is essentially the act of getting back to that initial startup screen, whether you do a restart or actually physically power it off, wait, and then power it back on. They essentially have the same effect. Some computers have what's called a nonvolatile RAM, meaning that it will hold information between boots--otherwise, how is it going to reboot--but typically, a restart is just as good as a power off and power back on.

April Malone 53:41
Okay, good to know. I use a MacBook Pro, and it's a SSD so the--how do you call it, solid--

Dan Wheeler 53:48
Solid State Drive.

April Malone 53:50
Solid State Drive, and so it's very fast. I can reboot/restart within maybe 90 seconds, and I love it because my computer just works better; like I am not a tech person, but I know if I'm struggling with my connection, basically restarting my computer will probably fix that problem. It's a really real amazing thing.

Dan Wheeler 54:13
So interestingly enough, we've been focusing on the actual physical computer on the last few topics that we've dove into. At the end of the day, most of these extremely visible corporate hacking events--I'm trying to think of some of the most recent ones. What was it Travelocity back in March was was the big, big one. One of the hotel chains got hacked, and a millions of customer data got leaked--every one of those situations was not the result of a computer hack. Even the big Twitter hack a couple of months ago; I don't know if you remember that where they actually compromised--

April Malone 54:50
You're more aware of all this than I am.

Dan Wheeler 54:53
They actually compromised some pretty famous people's Twitter accounts, but all of those were through what is called social engineering.

April Malone 55:01
Oh yes, I've heard of it.

Dan Wheeler 55:02
Meaning they tricked the person into thinking that they were a trusted person within that same organization. Typically, it is going to be those social engineering attempts that gain the most leverage essentially because all you have to do is a few hours' research, you can easily track down the corporate, the work chain of any given organization and find out, "Hey, blah blah is this person's boss, and he's their boss. So let me contact this person three people down the chain, pretend to be this person high up. If I can successfully impersonate them. I'm in. I can convince them to do things at that point in time." So really beware of social engineering which is why I say, if you receive anything even slightly suspicious, find a different method to contact that next higher up in the corporate chain to verify the message came from who it said it is.

April Malone 55:58
I saw a video, and I can't remember who did it, but it was basically, "maybe you can't hack someone's computer, but I just checked your Facebook, and I could see that you had checked into a hotel, you know, a year ago. You know your location showed where you were, or that you like checked in, and I called"--this girl was like, "Yeah I called"--and I think she even used like voice transformation software or something like that--and basically called up and sounded like the dude, and said "Hey, you know I have this flight coming up or"--I can't remember if it was a hotel or a flight; I think she did both; I think she changed his flight ticket, she put him from like an aisle seat into like the back in the middle seat, and then she like changed his hotel reservation just by calling up the company, and so like we're not really talking about Internet Security right now, but like it's very easy for people to still impersonate you in multiple ways, and I think that would be a way that you could probably hold someone ransom as well.

Dan Wheeler 57:05
Yep, social engineering. In fact, social engineering has discovered that they can go directly to the source, where high-profile targets (celebrities, people who handle Bitcoin and internet currency) they have had their phones compromised because somebody calls up AT&T or Sprint or whoever, pretends to be that person, and with just a tiny bit of information (a birthdate, last four digits of social) basically requests that their SIM card on their phone be swapped out, and at that point in time, if you tell them "Alright switch my SIM card to this one," you essentially have their phone. And what do people keep on their phone? Two-factor authentication, their passwords. All they have to do is reach out to a company and say, "Alright, send me my password," and very often that'll be via text.

April Malone 57:54
Okay, tell me how you feel about things like 1pass or LastPass or whatever they're called--1password? LastPass?

Dan Wheeler 58:02
LastPass, 1Password, yep password management systems. They tend to be an excellent way of organizing passwords, that is, assuming the master password is extremely secure. So things that the IT world has learned about passwords over, I guess it's been about 30 years since they started being a thing, you really need a minimum value. You want at least eight characters in your password because now that modern computers have a ton of processing power, they can essentially attempt what is called a brute force hack, where they're literally trying to guess your password 100 times a second, and they will eventually guess it if it's less than five or six characters. It takes only an hour or two to guess a password throughout all of the different combinations if you are less than five or six characters. The other is don't use anything that even remotely identifies you. Never use your birthdate. Never use your kids' names. Never use your pets' names. I personally use a method where I am taking the first letter of words from certain sentences that are memorable to me and applying numbers and punctuation at key points that I will specifically remember.

April Malone 59:19
So it's a system that you learned but not easily replicated.

Dan Wheeler 59:24
It gives me a mnemonic device, but it does not give an easy entry point to try to guess what that is.

April Malone 59:29
Right. I definitely have like a structure, you know, that I can remember, but I have more and more been using the randomized ones, but then I let my computer remember it because how could I?

Dan Wheeler 59:52
So my personal recommendation for those password managers is do not keep a copy of the password manager on your phone.

April Malone 1:00:13
Okay.

Dan Wheeler 1:00:00
Keep them only on your computer. However, keep the two-factor authentication on your phone, that way you have essentially split up the access to that password manager. If somebody ever compromised your computer and they wanted to access your password manager, if they have not compromised your phone, you are still secure.

April Malone 1:00:14
Okay. Woo. This was a lot of information but good stuff.

Dan Wheeler 1:00:20
I appreciate the time to allow me to speak about that. If I can help even one person out there, I will feel good at the end of the day.

April Malone 1:00:27
I think we can help a lot of people with this because these are not things that everyone thinks about, like you do but you know a lot of people, it's just like a bandaid, like "oh well I have virus protection on my computer, so what else would I need?" You know, and I think that obviously people are becoming more and more savvy as information gets out, but I think it's podcasts like this or, you know, that video that I watched about social engineering that really like you have to kind of get hit in the gut to take it seriously.

Dan Wheeler 1:00:57
Absolutely.

April Malone 1:00:57
Or like we were talking about earlier that information overload where you just kind of get lazy about it. It's like you turn it off, and like I said I've been ignoring this little thing which maybe is nothing, but maybe it is something that I should probably like make sure that I have something turned on. Alright, Dan. I usually ask at the end of my podcast: Is there anything that you have learned along the way that you think might be helpful that we haven't already talked about. It could just be a device like a physical piece or program or something that has just been helpful to you over the years, or that you've discovered along the way that might be helpful for people who are just getting started.

Dan Wheeler 1:01:40
Since we have been focusing on working from home and information security today, I can only say never take anything for granted. Always assume, unless you are 100% sure, that something is suspicious. There is an old phrase that tends to be more of a comedic one than an actual serious phrase which is "Just because I'm paranoid doesn't mean they're not out to get me."

April Malone 1:02:05
Whoa. Right.

Dan Wheeler 1:02:08
But, yes. So, take it all serious, and I think of everything that we've talked about today, the biggest is keeping your work and your your home computers separate 100%. Never ever open up anything personal on your work computer.

April Malone 1:02:25
I think that's good advice, and honestly, even if it's not the hackers who are trying to come out and get us, as employees people who work for a corporation, I remember every single time I logged in, it said, "This information is not private, you know. Your managers or whatever could access, you know, your email," and I mean like basically what you say is not private. What you search is not private, and so even for that reason...

Dan Wheeler 1:02:57
Yeah, no, no. Unless you are on a corporate VPN, assumes somebody is watching you.

April Malone 1:03:01
Yes.

Dan Wheeler 1:03:03
That is an excellent point.

April Malone 1:03:04
Right. Alright, Dan. Thank you for this time. I appreciate it, and I think it's time to go.

Dan Wheeler 1:03:12
Thank you, I appreciate the opportunity that you've given me to let me speak.

April Malone 1:03:16
It's been fun. And thanks to Jen for introducing us.

Dan Wheeler 1:03:22
Absolutely.

April Malone 1:03:22
This is April Malone with Dan Wheeler, and this is Yes I Work From Home. Take care.

Call to action