SANTA MONICA – Be security savvy, said experts at our first Digital LA – Cybersecurity panel at the new WeWork Santa Monica, held during National Cybersecurity Awareness Month
Our expert speakers gave insights on making sure your startup, big company and personal data is secure. They collectively have experience on cybersecurity projects at Sony Pictures, Summit Entertainment, Tinder, TeleSign, Rand Corporation, movie and TV consulting, and the United Nations.
7 Cybersecurity Tips
Startup to Big Company
1) Get Security Structure. Your startup should be security minded from the beginning. Your CTO / IT should make sure consumer data is secure, from profiles to credit cards. Hire an outside security firms to conduct external third party audit checks of your security. Security breaches have put some online companies out of businesses. “It’s not as expensive as you think,” said Matt Bogaard, who has done security management with DreamWorks. Breaches should focus less on “getting the bad guy hacker” and more on protecting your security, changing passwords and access, moving data to secure servers, etc. Some bad hackers want to sell your data on the black market; others just want to prove a point for geopolitical reasons.
Do a risk assessment to list your data security so you list the Threat, Vulnerability and Impact. This will help you prioritize your security efforts focusing on threats with the most impact, said Lily Ablon of the Rand Corporation.
2) Adopt security behaviors. Create a a security minded workplace; gamify security. During employee orientation, emphasize importance of security, changing passwords, not leaving laptops / computers open / not password protected while you’re at lunch. Gamify good security workplace. For example, if you change your password frequently, you get a free lunch or prize.
3) Breach Plan. Your company should have security action plan and drills for what to do if you have a security breach. Big companies have more resources to pay for security checks and audits, but are often more complicated administratively.
“It’s often the CEOs that have the weakest passwords, and they have the keys to the kingdom,” said Ilanna Bavli of Stroz Friedberg.
4) Turn on two Factor Authentification (logging in online AND with a cell phone text confirmation) is an easy way to add security to your gmail or other account, said Ryan Disraeli of TeleSign
5) Passwords: Use multiple passwords or easy-to-remember phrases rather than 1 super strong password across all your accounts.
6) Movies and TV need to improve their portrayal of cybersecurity so the public understands basic security. Ralph Echemendia, who’s often hired as a tech script consultant, said shows like Mr. Robot do a good job portraying tech, hwile CSI Cyber could do a better job portraying cybersecurity. He said in one script, the hacker character said “You can see the malicious code in red.” But code isn’t red. “If they had just added a line ‘I wrote a script to make the malicious code appear red, it would have been OK,” Ralph said.
7) Keep up to date on security hacks. Your CTO / IT department and you can keep up to speed on hacks, fishing breaches, etc. by following Cyberwire @TheCyberWire, said Lily Ablon.
THANKS to WeWork Santa Monica Broadway for hosting us!
Thanks to our speakers for a great discussion!
– Ilanna Bavli, Stroz Friedberg, Vice President. Strozfriedberg
– Ryan Disraeli, TeleSign, Vice President and Co-Founder. @TeleSign
– Lillian Ablon, RAND Corporation, Researcher
– Ralph Echemendia, The Ethical Hacker
– Matt Bogaard, Bogaard Group International, CEO
– Tim Villano, Artemis Global Security, President and CIO