On September 22 the SLO Chamber of Commerce brought together three leading minds in cybersecurity to talk not only about the importance of protecting your company or nonprofit’s data from hackers but how to change the culture within the organization to ensure the safety of your most important information.
From training to password protection to the Cloud, cultural changes that need to be made both in work and personal lives, the panel touched on the issues that most small business managers don’t have the time nor the resources stay on top of.
Bill Britton, director, Cal Poly Cybersecurity Center, Michael Hanson, vice president of I.T. Security, MINDBODY and Thomas Lebens, partner at Fitch, Even, Tabin & Flannery LLP joined moderator Amy Kardel, director of Clever Ducks to discuss implementable strategies for small businesses to consider and execute to help further protect themselves.
“The problem with a computer is it doesn’t have that same caveat that a human does ,” Britton said. “We have discretion, but a computer doesn’t. if you ask it a question not only will it tell you what you asked but it will tell everything it knows about what you ask. But because we personalize that thing (the computer), we allow it to protect us at the same level, but it can’t.”
“This is a social issue as much as it’s a technology issue. So if you can get the social awareness part within your employees and yourself up, then you can start asking the right questions. Which is how do I stop that train of thought and move to a protected environment?”
Britton, Lebens and Hanson talk about air gapping computers, using two-factor identification and the importance of determining what information is the most vital and finding ways to protect it.
“The first thing you need to do is figure out why you are protecting something to begin with,” Britton said.
Britton and Lebens talk about the considerations that a small business should look into when storing information on the Cloud.
“You absolutely do not reduce or limit your liability by shifting your data to a cloud provider, and nothing that gives you permission to bury your head in the sand and say. ‘well we sent it to them’,” Lebens said. “You are responsible for that data everywhere so you need to explore what that cloud provider is doing to take care of your data.”
Britton, talks about the importance of training your staff and family on cybersecurity and offers tips on places to look for training for all budgets.
“Does that mean that my three-year-old daughter who is playing on my iPhone should be in a cybersecurity awareness class? The answer is, absolutely,” Britton said.