The Security Fundamentals Episode

Introduction to the Guest and Topic:
Host Allie Krings introduces Veryl White, a Senior Privacy Auditor. The conversation focuses on the fundamentals of data privacy. Veryl shares his background, explaining that his journey into information security began when he was an IT director helping elderly individuals stay safe online during the early days of the internet.

What is Data Privacy?:

Data privacy is about protecting your personal data and ensuring you remain in control of it. This means you decide what specific information is shared, who it is shared with, and for what purpose. It’s about establishing trust and ensuring data is only used as intended.

What Does Data Privacy Look Like Up Close?:

• For Individuals: It involves protecting both physical data (like credit cards and driver’s licenses) and digital data. Veryl advises using strong passcodes instead of simple 4-digit PINs on phones and enabling features that lock the device after multiple failed login attempts. He also stresses the importance of never leaving devices unattended.

• For Companies: Employees should adhere to the “Golden Rule” by protecting customer and company data with the same care they would want for their own. This includes practices like maintaining a clean desk policy, where sensitive documents are put away in a secure location (like a locked file cabinet) when the employee is away from their workspace.

What Are the Biggest Gaps in Compliance?:

The rise of the “work from anywhere” culture has created significant compliance gaps. When employees work from public places like cafes, the physical security of their devices is compromised. A common mistake is simply closing a laptop, which puts it into sleep mode but does not offer the full protection of a complete shutdown, leaving it vulnerable.

How Should We Assess Our Personal Data?:

• Check Your Credit: Individuals should check their credit reports at least twice a year to look for fraudulent activity. Veryl also strongly recommends running credit checks on children, as their identities are often targeted for theft and can go unnoticed for years.

• Be Cautious with Information: Identity thieves only need about three data points (e.g., name, age, and zip code) to begin targeting a person. It’s important to be mindful of sharing personal details in public or casual conversations.

• Secure Your Passwords: For security questions (e.g., “What was the name of your high school?”), Veryl suggests providing false answers that only you would know. This prevents attackers from finding the real answers on social media or through other public sources.

How Can Companies Ensure Compliance?:

Compliance begins with creating written policies. Veryl emphasizes the auditing adage, “If it’s not written down, it doesn’t exist.” These policies set clear expectations for the workforce. The organization must then develop and enforce procedures to support these policies. Because the industry changes so rapidly, these policies and procedures should be reviewed at least annually to ensure they align with current best practices.