By Jennifer Greene, Enterprise & B2B Marketing Manager
I recently had the pleasure of being asked to participate in a panel for a Women In Cybersecurity (WiCyS) event, which took place October 3. The focus of our discussion was “Privacy vs. Cybersecurity,” which is particularly timely with not only CCPA looming, but 14 other states poised to pass data privacy laws.
The group itself is a community meant to encourage, support, and inspire women in cybersecurity. The San Diego chapter of the Southern California affiliate group is new, having only started in September 2019, but that hasn’t stopped the group from rapidly growing in size! The leader, Jennifer Cheung, has been coordinating events for the group and is instrumental in the support and engagement to be found in the SoCal chapter. The October 3rd event had over 30 attendees ranging from privacy specialists, STEAM community leaders, and cybersecurity experts in various industries.
The panel was opened by 2B Advice’s VP of Marketing, Kathleen Glass, who introduced herself and the other panel members.
The panel consisted of:
Reem Allos, Manager at KPMG: Reem has an impressive legal and privacy background, which led to insightful and helpful commentary on privacy and practical implementations. With her specialization in privacy, Reem had
Kayla Garcia, Business Customer Success and Support Manager at ESET: Kayla has years of experience at all levels of computer information systems management and support, along with a large team she was able to draw on for additional information for the panel.
Marsha Wilson, CEO and Co-Founder of ScaleSec: Marsha’s experience in guiding startups and growing companies to compliance implementation and improved cyber hygiene drove a lot of lively discussion during the panel.
Justine Phillipes, Partner at Sheppard Mullin Richter & Hampton: Specializing in cyber law, Justine brought extensive experience in the realities of the legal landscape for enterprises. She had a strong perspective on the actions that companies and individuals need to take ahead of the law.
And of course, myself, Jennifer Greene, Enterprise & B2B Marketing Manager here at ImageWare.
Takeaways from the event:
- Audit your data. Know what you’re collecting, why you’re collecting it, and how it’s being processed, stored, and otherwise managed. Marsha drew attention to the number of businesses that tend to collect anything and everything possible about their website visitors, clients, and prospects, without having a plan in place for that data. Reem also mentioned that there’s not just the data in the CRM to worry about – you’ll have to be sure you know where it all is, including informal places such as spreadsheets, on someone’s desk as a post it, or being emailed around.
- Create a plan for what to do. Every single panelist chimed in on the essential nature of having a roadmap or plan for improving transparency in data collection and processing. There is no company that will be able to comfortably or easily become fully compliant with CCPA requirements without a plan. Kayla had an easy to understand and helpful CCPA guide handout that many event attendees took with them.
- Be sure that you’ve educated your entire organization about why the data privacy and collection rules are being updated or changed… Reem brought this up as well – if you haven’t educated your entire office, you’ll still be stuck with people who don’t realize why the change matters, and will potentially jeopardize your organization’s security. Justine brought up that part of what CCPA will heavily penalize is “intentional” noncompliance. Your company could be at risk of this if you haven’t made any effort to train your employees in cyber hygiene or basic security practices.
- …because a data breach could cripple or even bankrupt your company. Justine spoke multiple times to the fact that cybersecurity is where the law “has teeth”. You have a right to privacy, but companies are obligated to be secure, and where you don’t meet that obligation, the judicial system will come down on you hard. This is where ImageWare shines; 80% of data breaches are due to a compromised password. If you move to a passwordless environment, you remove a significant area of risk from your enterprise.
- GDPR compliance does not at all mean CCPA compliance. Justine described the crucial difference between the two sets of laws as “GDPR requires you to opt in to any data collection, while CCPA requires you to opt out – but you can only opt out of the sale of your data.” In that respect, CCPA is actually less comprehensive than GDPR, but it still has incredibly harsh penalties, as well as a significantly expanded realm of data types that it covers.
- Privacy compliance and security is a rapidly growing industry, and hungry for professionals to join its ranks. Multiple resources were available for people interested in becoming privacy professionals, as well as certification recommendations. With the number of states passing privacy laws, there’s a ton of opportunity, particularly for recent college graduates or those looking for a career change.
The panel lasted 90 minutes, and was fast paced and busy the entire time. There was a ton of networking before and after the event, with plenty of opportunities for business connections as well as hiring inquiries for those attending to job hunt.
The event was a blast to be a part of, and I’m already looking forward to the next one. If you’re not local to Southern California, you can learn more about WiCyS as a national organization. The Southern California affiliate group has a dedicated website, and is extremely active in San Diego, Orange County, and Los Angeles.
If you’ll be attending a WiCyS event and would like to say hi, you can either let the team know directly through email, or tweet at us – @ImageWareInc!
See you at the next event!