Host: George Firican | LightsOnData
Guest: Monica Kay Royal | nerdnourishment
On this special edition episode of the Lights On Data Show, my guest, Monica Kay Royal - Founder & Chief Data Enthusiast at nerdnourishment, will dive into Data Security.
We'll see what it is, why companies should pay attention to it, as well as tips and tricks and best practices that we can all follow.
This was a very brief introduction to Data Security but the amount of participation from the audience got me excited to start talking about the topic even more. So more to come, but for now here is a summary of what we discussed during the show.
What makes you knowledgeable in Data Security?
I started my career as an IT Auditor, so I was responsible for things like reviewing processes and systems within a company to make sure that they operated as intended while also being secure and meeting compliance regulations.
What is Data Security?
Data Security is the practice of protecting company information from unauthorized access, loss, disclosure, corruption, theft. Bascially any information that leaves the company, whether it was intentional or unintentional. This can be done through the creation of security policies and procedures and making sure that everyone in the company knows the rules.
Should we care about Data Security as employees?
Absolutely, each and every employee has the responsibilitiy to keep company data safe! Data Security is not a company problem, it is an everybody problem because the weakest link is really the human being. In fact, internal threats pose the most risk to companies. Furthermore, the risk comes more from those that are unintentionally sharing data through things like social engineering and phishing attempts rather than those disgruntaled employees intentionally taking data.
What are companies doing about the increase in phishing attempts?
Most companies have security departments that include training and phishing campaigns for their employees to educate on the structure and affects of phishing emails.
What are some other best practices companies can do?
Aside from impelmenting these phishing campaigns, companies should also be educating on other risks such as social engineering. Social engineering is similar can be a more targeted attack where someone gets you on the phone and starts asking specific questions they found out from social media or the internet to try and get more information from the employee.
Any other tips and tricks to secure?
Another way to secure your digital assets is to create a secure passwords. Consider using a passphrase, rather than a simple 'password123'.
Do you have any Data Security horror stories to share?
I have many... but one that I shared during the show was also related to passwords. In my audit days, I was tasked to do walkthroughs around offices to test things such as clean desk policies. During these walkthroughs, I would find that people would write their passwords on sticky notes and have the sticky note right on their monitor. Some people thought they were slick by placing it under their keyboards, but that is still far from being secure.
How do you get into the Data Security field?
You can start by joining different communities like ISACA and Cybrary and think about fields such as IT, audit, and cybersecurity.