In the digital age, we all know that one wrong click can create a lot of damage but we rarely ask ourselves, “How much security do we really need?” On Tuesday, January 12 at Data I/O in Redmond, the WTIA hosted a“Trends in Cybersecurity” discussion in which the panelists tried to answer that question. Despite the bad weather, over 40 people attended.

Panelists included Steve Tabacek, co-founder and CEO of RiskLens; John Farley, Vice President and Cyber Risk Practice Leader of HUB International; and Timothy Wallach, leader of the Cyber Task Force at the Seattle Office of the FBI. Adam Cecchetti, Founding Partner and CEO of Deja vu Security, moderated the event.  RiskLens, HUB International, and Deju vu Security support the tech industry as WTIA members.

The discussion brought up many interesting perspectives I wasn’t aware of before. It turned out that the digital world can be much more dangerous, and all online systems can be more vulnerable than I used to think. We can no longer count on keeping the hackers out. We need to also ensure we are protecting ourselves better from cyber attack.

 

Don’t just leave it to the IT department

To establish a strong security plan, we need to be aware of the non-technical aspects of managing risk and compliance.

John Farley said, “Cybersecurity is everyone’s responsibility. If you click on the malicious links or open attachments, you can be the one to introduce risk to the company’s system and database. That causes damage and costs a lot to fix.”

More risk management training programs should be conducted to ensure that the employees are capable of addressing the specific cyber threats, and dealing with the increasing frequency of attacks. One more crucial point to take into account is that risk is changing all the time, so companies must continuously update their risk management plans to keep pace with the emerging security threats.

 

Look into third-party risk management

Outsourcing data can pose significant security risks and the number of vendor-related incidents of security breach is rising. Because almost all companies hire vendors, they must understand third party security risk and create a responsibility plan for all stakeholders. Many companies are applying the same risk management level to all the vendors rather than identifying and classifying them depending on what kind of data they have access to. The companies need to take proactive measures such as writing security measures and penalties into contracts with vendors. This may include requiring an attestation of security or confidentiality agreement and posting incidents of regulatory penalties.

 

Social media puts your personal information at risk

Our panelists shared the fact that more than 20 billion devices will be connected to the Internet in 2015. People tend to expose more personal information on many social media platforms: Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and others. Consumer interest in mobile and online payments will lead to a rise in significant cybercriminal attack. If you don’t take cybersecurity seriously, you will likely put both yourself and others at risk. The private and public sectors should join together to raise the awareness and change consumer behavior on risk management.

Steve Tabacek said, “Individuals need to look at cybersecurity from the risk perspective. Some online accounts have less risk but some will matter a lot if they are compromised.”

We normally have a habit of thinking of our banking passwords as our most important authentication informations, but, in fact, the security of your email account should be treated with the same care. As someone who has started to use social media a lot less over the past few months, I think we are not willing to admit the risk of social media as we are addicted to and attached ourselves to those digital platforms. We, however, have to be more cautious about the threats of social networking when sharing any personal information or pictures and choose the appropriate privacy setting for all online accounts. Here are some tips from the panelists on how  to secure personal information:

• Set “hard-to-guess” and different passwords for different accounts and don’t share them with anyone.
• Pay close attention to website URLs
• Be suspicious of unknown links or requests sent through email or text message regardless of who the sender appears to be.

After the panel, I have received some good feedbacks from our audience. The cozy and casual event atmosphere was just “right” for sharing information and experiences as well as learning practical ways to implement cybersecurity measures and prevent data breaches.  

If you were not able to make it, check out our events page for more upcoming events at the WTIA! We hope to see you real soon!