Data privacy and data security are not the same

While data privacy is becoming more regulated every year, it is still a matter that, today, largely comes down to trust, said Kayne McGladrey, a cybersecurity strategist at Ascent Solutions. As the backlash in the wake of the Cambridge Analytica scandal shows, what people expect from the companies they do business with is just as important as the laws that govern the use of their data.

“Today’s data privacy is primarily concerned with the processing of personal data based on laws, regulations, and social norms,” McGladrey said. “Often this is represented by a consumer ignoring an incomprehensible privacy policy (that would take nearly 20 minutes to read) before clicking a button to acknowledge their consent to that policy. Their acceptance of the policy allows the organization to handle their data in documented ways, such as using it to show them targeted advertising based on their inferred interests. However, if that organization sold those personal data to another organization to do something unexpected (like using it to suppress protected free speech) without the consumer’s consent, that would be a breach of privacy, either by regulatory control or by a violation of social norms.”

What Is The Most Cogent CISO Reporting Structure?

“Ultimately the CSO should report to the Chief Risk Officer, the CRO- because ultimately cyber security is about managing risk at a technical level and at a regulatory level. The natural alignment is with risk. Also maintain a very healthy relationship with internal counsel- especially if there’s chief counsel. Have a coffee every once in a while. And have a healthy relationship with the CIO.”

Video: Futureproofing Now (Season #2, Ep. 11) – Cybersecurity & Cybertrust – Predictions & Implications

“Bob Gourley emphasized that despite the dark topic of cyberthreats, we all leave with optimism. Carol Tang addressed the importance of continuous learning as part of a business leader’s proactive approach to mitigating risk and providing safety for customers. Kayne McGladrey emphasized the dual responsibility of today’s corporate decision makers with regard to cybersecurity: understand the complexity but act with transparency and specificity. It’s important to integrate cybersecurity awareness into the fabric of the organization, not sequester cybertrust solely within the domain of technology.”

Although 2020 is the year of the crisis, only one is new

People may aptly sum up 2020 in a single word: crisis. An inadequate response to the COVID-19 pandemic has led to the deaths of hundreds of thousands of people globally. The underlying data are more tragic, as the pandemic has disproportionately affected communities of color that have lived with the daily existing threats of shrinking economic mobility and racism. At the same time, both public and private organizations have struggled to mount an effective defense against cybercrime, which represents not only one of the largest transfers of wealth in human history but also threatens public trust in democracy and civil society. This article provides context and actionable steps to begin to dismantle the underpinnings of these long-standing crises; however, this article is not the solution. Only sustained action will lead to meaningful change.

A 10-point plan to vet SaaS provider security

“The SaaS vendor should be upfront about data sovereignty and optional localization,” McGladrey adds. “While this is particularly important for multinational organizations selecting SaaS solutions, those organizations bound to a single geography would likely want to avoid awkward situations, such as [personal information] for Americans being intentionally processed and stored in a foreign data center.”

10 ways to get more from your security budget

For years, security budgets seemed to go only one direction: up. As recently as February of this year, some 62% of organizations said they planned to increase their cybersecurity spending for 2020, according research by analyst firm ESG.

But that was then.

Like their C-suite peers, CISOs today are being asked to do more with less – and probably will be for some time, as the world continues in these uncertain economic times.

Could Artificial Intelligence Solve Cybersecurity Staffing Shortages?

AI can also help improve retention rates by making entry-level cybersecurity jobs “less dull,” says Kayne McGladrey, CISO and CIO of Pensar and a member of the IEEE. “We get people out of school, and they are excited to be on the team. Then, on their first day, they’re handed a checklist: here’s the things you will do and the order in which you will do them.”

Post Pandemic, Technologists Pose Secure Certification for Immunity

“Businesses and organizations would need to … educate their workforce on how to validate that a certificate was correct,” he says. “And there would need to be a substantial educational investment to combat the inevitable phishing campaigns that’d spring up, such as fake websites to collect personally identifiable information and fake security alerts associated with these digital certificates.”

How to Keep Your Video Conferences Secure From Intruders

As the world adjusts to a “new normal” of remote education and work, video conferencing services have surged in demand as people take to these platforms to connect digitally. Yet, these platforms are susceptible to a variety of intrusions that could lead to the theft of private and company data or inappropriately distracting calls and meetings that leave participants feeling they have no control. To protect your students, employees, families and yourself from these types of cyber disruptions, we asked IEEE Member Kayne McGladrey for cybersecurity tips for safe video conferencing.

Give Tax Time Phishing Attacks the Slip

Phishers want taxpayers’ refund money. “The emails may say that you must immediately file your taxes via e-File, using a link to a website that looks like the real IRS website,” says Kayne McGladrey, a member of IEEE and director of security and IT at Seattle-based product design and engineering firm Pensar Development; “Then the fraudsters file taxes on your behalf, but with a different mailing address for the refund check.”