On Episode 11 of The Cyber Security Matters Podcast we spoke to the incredible Dr. Rebecca Wynn about how we can all manage our privacy online. Dr. Wynn is an experienced global CISO and privacy expert, often named as one of the top women in Cyber Security. She has led large security teams in the investment and medical sectors and is currently consulting enterprise clients on their security strategies.
Can you tell us about the challenges covid posed for the healthcare sector from a security perspective?
Before covid we had a centralised workforce that was covered by certain policies and protocols within the business. Once people started working remotely, and in some cases in other countries, that situation changed. We were outsourcing our data protection and people didn’t have the same protections at home. People started working in shared spaces with people outside of the organisation. With these new conditions, companies need to look at how they are protecting their sensitive information, as well as that of their clients.
One thing I did is look at cyber liability insurance. I met with external certification organisations, and we identified the safeguards I could put in place. I took our top 15-20 clients and walked them through our findings, and the majority of them asked me to quickly rebuild their security with a strategic plan, technical plan, and operational plan. It was a long process, and it cost me a lot of sleep, but we’ve helped protect people now.
When you talk about the changes we’re seeing from covid, we’re still seeing fallout from leaders who didn’t realise the additional residual risks that they were accepting. One thing I do notice consistently, is people not sharing the information that you need to know or telling colleagues what their blast radius is in the organisation. It’s all about managing risk. That’s the one thing I still see from a younger generation, they don’t know how to communicate that risk and things along those lines. CISOs don’t want to be the scapegoat officer, so we need to be more watchful than we were before.
How do you see the concept and the practical application of privacy evolving in this data-driven society?
One of the biggest problems with data privacy is developing a global set of privacy regulations. There’s so much red tape that you have to get through at the moment because everywhere has different legislation.
Another challenge is that data is being created but it’s not tagged. Does it have sensitive information in it? We wouldn’t know. If we could tag information with expiration dates and a level of privacy, we could handle it better. If you’re talking about healthcare, you should be able to say ‘it’s printed on this day, and it will absolutely expire in seven years’. The other thing is that once that data is created somewhere, it’s in your environment. Data gets shared through companies’ internal systems, which is a massive problem unless you can embed some sort of privacy key. If you could do that it would act like a GPS signal in your database. You could follow that, expire it or see if the data went to someone who’s not supposed to get it. That’s the kind of thing you need to do if you want to get a handle on privacy.
One of the scariest things right now is when people are creating avatars and stuff like that. To do that you upload 23 of your pictures, and then your biometrics are out there. People aren’t thinking about where their data goes when they do that.
It’s really hard to be invisible in the world today. Even if I’m not personally on social media, if someone takes my picture and tags me in it, I’m there anyway. They’re commingling their data with mine, and so on. It’s scary how much of our data is out of our control.
To hear more about how our data is being used, tune into The Cyber Security Matters Podcast here.
We sit down regularly with some of the biggest names in our industry, we dedicate our podcast to the stories of leaders in the technologies industries that bring us closer together. Follow the link here to see some of our latest episodes and don’t forget to subscribe.