Interview on diversity and security

Companies should record video calls when doing so poses an obvious business benefit, the participants have consented to it, and there are adequate controls in place to limit access to the resulting video to only authorized parties, Kayne McGladrey, security architect at cybersecurity consultancy Ascent Solutions, said.

To ensure accessibility,companies should also strongly consider using closed captioning on call recordings, McGladrey added.

To reduce the risks of an accidental or intentional cybersecurity incident, companies must deploy an effective data loss prevention and associated data retention strategy across endpoints and data storage locations, including cloud services, noted Kayne McGladrey (@kaynemcgladrey), Security Architect at Ascent Solutions LLC.

“Many data breaches would have been less extensive and severe if organizations had automated data disposition schedules, as threat actors cannot steal what companies are not storing,” he continued. “Data covered by one or more regulatory or statutory requirements should be automatically labeled where possible so that controls (like encryption) follow the data regardless of storage location.”

You receive a text message or an email notification from your mobile carrier about an account change you didn’t make and, thirty minutes later, your cell phone has no signal, even after a reboot. You can’t log into your email. You’re locked out of your bank account.

Sharing information about threats can help boost overall cybersecurity by alerting others to those risks, as well as providing successful ways to counteract them, said Kayne McGladrey, national cybersecurity expert, director of security and information technology for Pensar Development, and member of the Institute of Electrical and Electronics Engineers.

“They could actually see a reduction in those threats that are commodity threats — threats that are crimes of opportunity [vs. targeted attacks],” he said.

“It should be a strategic choice for a company to transfer certain business risks associated with cybersecurity threats, which exceed an acceptable level of risk, to an insurer,” says Kayne McGladrey, a senior member of the IEEE. “The expectation is that the insurer will help lessen the financial impact of significant cyber incidents or data breaches.”

However, this approach assumes companies maintain risk registers with clear definitions and measurement criteria for various risk categories, he notes. “It also presumes they use compliance operations to continuously assess the effectiveness of their current controls in reducing or mitigating these risks.”

McGladrey advocated for “persistent engagement” with employees on cybersecurity risks as well as testing. Testing can include fake phishing attacks to see what “your users are susceptible to,” he said. The IRS has warned that phishing attacks are a top HR threat.