What are the latest trends in Cyber Security and what do we need to do?
Welcome to episode 180 of my podcast The Executive Edge. This week's guest is Terry Ziemniak
Terry has over 25 years of experience in the information security field, with work ranging from technical, compliance, and executive leadership. His most recent positions include 10 years as Information Security Officer for multi-billion-dollar healthcare organizations across the United States. This includes working as VP of Cybersecurity at Atrium Health.Terry has achieved the CISSP and FACHE certifications and earned a master’s degree in information security from DePaul University.His main purpose in coming on the show was to talk about how small business migrate information and what is important in protecting your data. It’s easy to think modern systems have enough protection built in but Terry really does know the risk business take when they don’t appreciate what could happen. His experiences have helped him work out how to build, execute and improve security in this field.
What does Terry do now?
He mostly finds himself working as a part time cyber security expert with businesses that need him for singular projects or regular work but are small in size. I asked him what a small business with approx. 10 employees should need to think about? He feels the starting point isn't’ their size, it’s the question of how secure they need to be. What are you dealing with, credit card information, employee information and clients. So no matter how big or small, it’s important to protect the people who work for you and with youSecurity in theory isn’t hard. You can make technology work for you relatively easily but the issue is as much about what you don’t care about. So the ‘other stuff’ isn’t useful to us and we don’t want to receive emails or superfluous data.You don’t need to design your own system or tools, these exist already. But, knowing what to use and how, is really the key. So, a one hour a year effort to follow the security recommendations of LinkedIn and email providers is likely to pay off.The bigger SME’s have a volume of data going through their systems and you would think this might need more, or different protection. But Terry feels the starting point is much the same. “How secure do they need to be”? “What would happen if they had a data leak” and lots of us have been sent an email from a very big organisation telling us their data was hacked. So even the multi-nationals are not immune to this kind of attack.Medical practices need their client data protecting. Sales companies need to be able to sign contracts and verify they are secure, so this is all important. Otherwise, you’re giving over your personal information but to someone you’ve never even met!The larger organisations are not immune. As they grow larger it’s tempting to think they have it taped but Terry knows people make mistakes and it’s these errors that can cost us dear. Exposing information, however accidentally, is often at the root of these errors. Governance over our data is the next key. Before we ‘contract’ or engage with a company we expect to see people know what they are doing! Is their sufficient firewall protection; do they set their phone to a VPN (very private network), before taking our payment details. I’ve had someone talk to me before now and expect me to give them my card details and I was in a public place, on a train! So, if it wasn’t for my quick thinking response, I’d have got my card out and told the world all my information!It's not a minefield but you do have to be savvy and cyber security experts like Terry are here to help you be so. You can find out more about him here: https://www.linkedin.com/in/terryziemniak/My thanks to Terry for coming on the show and I do hope you enjoy this interview.