3 Data Security Myths – Stop blaming IT

Highlights include: 02:50 Learn about Linda; what it takes to be a part of the International Association of Privacy Professionals and how she became a Certified Information Privacy Manager.05:25 In business is a security breach or possible breach the concern of the IT department only?
What other departments play a role in keeping personal information secure?

06:58 Why your sales department needs to understand privacy, security and what is considered confidential information.

08:00 Security Data Myth – Is hacking the number 1 way data is breached?

What is the number one way that security is breached at a company?
What percentage of company security breaches are actually caused by hackers?

09:02 Who caused the security breach at Morgan Stanley?

Can employees accidentally give out customer confidential information?

13:23 What is the number one type of information hackers are after?

Why do hackers want medical records?
Can an independent contractor be held liable for leaked private information?

19:42 What is social engineering and how does it play a role in information breaches?

Hear how hackers can ask “everyday” questions and use that info against you.

26:25 Where does the information leak start 40% of the time and what is the solution?

27:25 Examples of how information can be stolen by employees right in front of your face.

You can read it below, too. WOW! It can happen so easily through a “friendly” conversation. People want to reach out and connect to others. It’s human nature. That’s what the weasels prey on.

A gift from Linda to help you get started:

Linda Zimmer is a certified privacy manager by the International Association of Privacy Professionals. She is also the President of MarCom|Interactive – specialize in digital marketing
The biggest myth:
It’s all about technology and we have to be paranoid and pour a ton of resources into our it security.
Data breaches come from a lot of different areas within the business.
It’s a brand issue, a reputation issue and a financial issue.
The IAPP makes several certifications available. Linda encourages ANYONE wanting to embellish your career.
The certification she currently has is CIPM: Certified information privacy manager.
It is the foundation in data security concepts.
How do we operationalize security and privacy within our organizations?
This will help you develop the processes across the organization
It will create a culture of security and privacy throughout the organization.
It’s a big hit in the decision of how they shop and where they shop.
It isn’t just a marketing thing.
If marketing and sales don’t have at least a degree of this knowledge, it’s difficult to weave into your online plans, marketing strategies.
It gives you bird’s eye view of the organization.
Probably using CRM or SalesForce – very silo-ed, this is the information they own. BUT they may use it to transact and record financial transactions which means that credit card info resides within SalesForce or the CRM so there is overlap with finance and sales. 
Sales has the most access to the most important asset a company has: their customer database. It is all connected. Where does our data sit, where is it stored and what happens to it when it’s on the move.

Myth 1:

Hacking is the number one way data is breached.


40% of all data breaches come from employee mistakes, stolen laptops, negligence with sign-ons, flash drives, external storage.
25% comes from hackers.

Myth 2

Data security is the job of IT
Be careful when you purchase data, Check the reputation, ask the security questions. 
Be careful when you do a friend a favor by sharing data. It may be with good intentions, but that data you share, may get commingled with other data and then possibly, that gets sold or hacked. Did you have the permission to SHARE that information with any other company? Do not betray your customers and lists.
Be aware of HIPA compliance. This is the number one thing hackers want: Medical Records for medical identity theft. If you work with a company who has to follow this compliance, you need to as well. They should require it of you, as well.
Consultants and marketing firms:
We can be held LIABLE for who we hire to handle data.
Need to review the contracts you have with your vendors and be sure that your contact obligates them to follow all of the data and privacy laws. That will go a long with the regulators. The FTC is broadening their scope. There are about two dozen guidelines we have to all be compliant with.
Social engineering is the way our data is compromised most frequently.
Someone using known, easily available information to defeat your security systems and protocols.
Security analysts love to go into a company and say, “I can hack into your company.”
A security expert, Chris Hadnagy, comes in to pitch a CEO of a large firm. CEO is complacent and brags about how tough their IT dept. is on security, it’s all locked down, etc. Presenting guy accepts this with a wry smile. He leaves and proceeds to look up public information about the CEO. He finds out his favorite team, learns he’s a cancer survivor who promotes a specific charity and goes into action…
He calls the CEO pretending to be from that charity. He asks for a donation and says that for this campaign only, if he makes a donation they are giving donors pair of tickets to – get this – a game played by his favorite sports team! WOW ! How fortuitous… It gets better.
Then, the fake caller (sales guy demonstrating how easy it is to hack into their company) says he wants to send this CEO a flyer with the info. He want to make sure the CEO can view it in his version of Acrobat Reader and asks him which version. The CEO gives the information gladly and the fake charity guy emails him a PDF. The PDF when opened, launched malware that grabs all access to all network computers the CEO can access and all of his passwords since the fake charity guy knew which version of Acrobat – it told him which operating system, too.  He knew where to hunt for the digital keys to the company. 
This sales guy was making a point, but you can see how easy it is to get information through a seemingly innocent conversation. BE CAREFUL what you tell to strangers. A stranger is someone that you would not invite to your house for a BBQ. They are not an acquaintance. You don’t know them, their face, or if they are whom they say they are!
These are the NEFARIOUS folks. Don’t let them in. 

About Linda Zimmer:  LinkedIn Google+ | Twitter