Securing Data in the Cloud

Secure Cloud Data! Large organizations buy cloud services that provide storage on servers and other devices and connect with computer networking equipment throughout the world. So, how are they securing the data? Experts Lee Neubecker and John Blair say start with knowing what data is being stored.

What steps do organizations need to take when securing data in the Cloud?

The Cloud is digital storage that is physically secured and stored on big servers owned by big companies and made accessible through the internet. These big companies are connected with other computer networking equipment throughout the world. Does this sound too big to secure? Experts say there’s no time like today to understand where your data is stored and how it’s secured.

Today on the “The Lee Show”, Forensic Expert, Lee, and his guest John Blair who is cyber governance and information technology expert, explores the complexities of cloud-based security and storage. John suggests starting with obtaining a holistic inventory of your organization’s data and most of all be aware that some employees bring their own applications and use their own personal device to store organizational data. Check out this video on securing data in the cloud to learn more about cloud storage and cyber risk.

Part 1 of our 2-Part Series on the Securing Data in the Cloud

Part 1 in our 2-Part Series on Securing Data in the Cloud

The Video Transcripts on Securing Data in the Cloud follows

Lee Neubecker: Hi, I’m here today with John Blair. John is a cyber governance and information technology expert. He’s on the show here today with me to talk a little bit about securing your data in the cloud. Thanks for being on the show again, John.

John Blair: Hi Lee, good to be back, thank you.

LN: So we’re talking about cloud cyber risk. What do organizations need to be looking at to help secure their data in the cloud?

JB: I think first and foremost, you need to understand where is all the data and how do people get data in and out of their environment? There’s a lot of things typically called Shadow IT, where certain departments or certain users might you know, for example, start sending things to Dropbox to sync data amongst themselves to make it easier for themselves. But they might be syncing confidential information that’s not on Dropbox and the organization has no idea about it. You know, that scenario plays itself out over and over and over again, where there might be departments that actually use applications in the cloud that thus obviously, are processing data as well that the organization might not know about either. So you need to get an inventory of data. Where is it from a holistic point of view?

LN: And today you have the Bring Your Own Cloud, BYOC,

JB: Yes

LN: Many employees are bringing various apps with them that they’re used to using from their prior employers, and they’re wanting to use these apps. Sometimes they’re putting them on their smartphones and whatnot.

JB: And that’s driving a lot of the corporate action towards that. The cloud for first and foremost is a cost-savings for the most part. But what people are not realizing is that along with those savings comes certain responsibilities. And, from a user perspective, you know, people are used to as you said, people are used to certain applications, they’re used to certain things on their phone, or on a tablet or they’re used to working in a certain way with certain applications. And then you get in a corporate environment and those applications or that way of working might not be available. And so people start voicing that, and it becomes, you know, somewhat of a problem for corporate to adapt and keep up.

LN: So organizations, especially healthcare-related organizations, as well as financial services and other organizations that depend on intellectual property have a real risk here, don’t they with people bringing apps?

JB: They have a very big risk. Both of those sectors are heavily regulated. Data needs to be very tightly controlled. Breach notifications in the event that it happens become a very big deal, very public. And if you can’t explain where the date is, and where you know, who has it, then you have a problem.

LN: So isn’t there also risk not only faster dissemination of intellectual property and trade secrets, but what if the information becomes compromised by malware or a hacker to morph the data or destroy the data?

JB: Yeah, your only recourse at that point is to have really, really good backups. Because otherwise, you have no actionable direction to take. If you don’t have a backup of that data, you know, you have no ability to recover. It still might be considered a breach, a lot of times, and certain organizations or certain regulations. So you still might have to report it, even though the data has never left your organization, the fact you’ve lost control of it might be considered a breach. So that might be something you’d have to consider with your legal teams. But it’s not, it’s still a very big deal because you no longer are able to use it.

LN: So don’t you have a risk though, that if your backup is online, that the attacker could compromise your primary source and then your backup drive attached to your server?

JB: Well, hopefully, they haven’t gotten that far. But if generally speaking, your backups are always in the separate physical location, and not necessarily on the network.

LN: So you rotate them?

JB: and they’re separate, you know, media and things like that, but yeah, if you’ve gotten to the point where they’ve corrupted your database, they’ve encrypted your database, and they’ve also encrypted or destroyed your backups, you’re, in a very bad way.

LN: So knowing that hard drives sometimes fail, if you’re using a physical hard drive to write the data to, what do you think most organizations should be doing to ensure they have a certain number of versions that they can restore to?

JB: Well, normally backup systems are version controlled and so you do backups based on frequency. You do daily, you do hourly, you do you know, on the spot, so there point in time, a lot of times where there’s a lot of people, organizations, that can afford it have failover data centers, for example, that are mimicking the primary data center. So there is no loss of processing. but that’s very, very expensive to do. But yeah, you should definitely have you know, off-site storage of data. But those are all historical, and things that are not necessarily online that you can immediately refer to those lesser compromised to your point. LN: So when you’re considering bringing in a cloud provider to your organization, is it an official, non-shadow ware operation? What are some of the questions you ask of your vendors and things that you look for to help secure, ensuring those cloud providers are secure?

JB: Right. First and foremost, do they have some sort of testations with respect to the services you’re going to use for that provider? Cloud providers have hundreds and hundreds of services, not all of them are audited by an independent auditor, not that that guarantees anything, but at least if it’s the services you’re going to use or the applications you’re going to use. or the locations you’re going to use with that cloud provider, then you have something to point to say, you know, we did our due diligence, and they have these SOC 2’s or whatever form it might take. But you have to do something on them to ensure that, because the cloud is half their responsibility and half of yours, and you have to make sure they’re doing their half.

LN: So what other things do you think that organization should look for if they’re using data in the cloud, how to maximize the security of that data?

JB: First and foremost, I think they need to within their own organization, block these drop boxes and the Google drives and all that sort of stuff like that, so that people individually can’t make you know, downloads for example, from the database and then upload it to Dropbox or Google Drive or whatever, and then go home and look at the same documents. You know, from a personal perspective, that’s very convenient, it’s very nice to have to be able to sync and you know, you can use one, one central source of the information, but from a corporate perspective, that isn’t your data. It’s a corporation’s data. And so, you know, the corporation needs to be responsible and know where that data is going, and how to prevent it ideally, from getting there. It’s very easy to drop, you know, to block Dropbox at a network level, you know, but the problem is that there are hundreds of those types of things to block. And so you know, you need to do a lot more care from a corporate perspective internally to make sure that your users aren’t putting data someplace where you lose control of it.

LN: And are there any, any other things that you’d recommend adopting if you’re going to use these cloud platforms to help ensure that hackers don’t get access to user accounts?

JB: That’s an interesting one because as yours been, you know, almost all those user accounts have been hacked at one point or another. And so the only thing protecting me at this point is a password. I think multi factors in you know, bio authentication type of actions are the only thing you can do to improve your chances of those accounts not being used by inappropriate people. Because the accounts themselves are basically public knowledge, you know. Your, you know, your username is public knowledge, the only thing protecting it is a password.

LN: And so, you know, the multi-factor authentication actually addresses and requires that you have to have three factors. Something you know, something you are, or something you have.

JB: Right.

LN: So, for instance, many people know their password. They might have a thumbprint or they might have their cell phone.

JB: Right.

LN: That is something that they have. So you know, having that second factor makes it less likely that someone can simply get the password and get in.

JB: Right, where they send like to your point the phone, they send a code to your phone, you enter the code into the application–

LN: Exactly.

JB: And then you gain access. Until then you’re simply at the network border.

LN: So on our next video, we’re going to be talking a little bit more about, again about the cloud, cyber risk security and specifically we’ll talk about some of the legal and compliance issues that arise. Thanks for being on the show.

JB: Thanks, Lee. My pleasure.

Other related articles about securing data

National Institute of Standards and Technology on Securing Data in the Cloud

https://www.nist.gov/system/files/documents/itl/cloud/SP_500_293_volumeII.pdf

Academia Data Governance Information

https://www.academia.edu/37900938/Information_Governance_Concepts_Strategies_and_Best_Practices.pdf

Please follow and like us:

Responsible Social Media

Experts Lee Neubecker and Dr. Nicole Konkel make suggestions that will help make your LinkedIn profile look attractive to to an employer.

Prospecting for a new career can be a daunting task. Suddenly, you’re overcome by a huge tsunami of anxiety by just knowing a prospective employer will be looking at your social media presence. Take a deep breath, your new career will be within reach after you watch this video.

President & CEO Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel offer responsible social media tips that will polish your LinkedIn profile and make you stand out. Their tips will help you establish a digital resume that will catapult you to a new career.

Part 3 in our Three-Part Series on Social Media Do’s and Dont’s

Responsible Social Media

The video transcript follows

Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational development expert. And I asked her to come on to continue our earlier series talking about social media do’s and don’ts as it relates to being an employee. And so thanks for being on the show again, Nicole.

Nicole Konkel: Oh, no problem my pleasure Lee. Thanks for having me.

LN: So we talked a little bit about some of the things that you shouldn’t do. Can you tell people who are in an active job search mode, hoping to maybe work at your firm or some other firm? What are the things that you would suggest that they do as it relates to making their LinkedIn profile look attractive to an employer?

NK: Sure. So I always will tell people when you’re looking, actively searching for employment, make sure your LinkedIn page is open. I would caution you if you’re currently employed not to have a situation where you are shown as actively looking or actively interested in recruiters contacting you because obviously your current employer can see that. But what I want to make sure of is that your page is professional. Professional means no spelling and grammar errors. Professionalism also means outlining what your accomplishments have been. One of the things that people do when they’re looking for jobs is we want to talk about results, and not just job duties, but results. And so to make a big focus on that on your LinkedIn page.

LN: And certainly not having typos.

NK: Please no typos. No typos, no grammatically incorrect sentences, speak about yourself in the first person. You are selling yourself on LinkedIn, essentially and you want people to read that and say, “I want to contact this person.”

LN: And speaking of contact, what would you recommend people do with regard to the contact information tip?

NK: Well, I really, really encourage people to have a professional email address. So nothing with any sort of sexual innuendos. I would also say nothing that’s related to your birthday. Unfortunately age discrimination is is something that is real. And so we don’t want to have that be out there. And so I would just say my email address is Nicole, my former name [email protected] That’s what I wanted people to see. And so that’s what email I use when I’m in a job search.

LN: Now, what about the photo? What are your thoughts on what you’ve seen with LinkedIn photos, what’s worked, what hasn’t worked?

NK: What doesn’t work is a picture of your dog. What doesn’t work are selfies. I think that in this day and age, we all have the opportunity to have a professional headshot. There is no other type of photo that should be on LinkedIn In my opinion, other than a professional headshot. Even if you have to do it with your own iPhone or Android device, we are able to do that. But you should be in professional clothing, you should look like you are going on a job interview in that photo.

LN: And if you’re on a budget, you can use services like Upwork and find a photographer, that if you’re patient and flexible, you should be able to get a professional headsetset.org or even go to, one of the department store.

NK: Absolutely, I mean, you can easily do a professional headshot for $20 easily.

LN: And the other thing too is you can actually hire people who are professionals in HR to help edit your LinkedIn and give you that critique.

NK: Yes. Yes. I do believe there’s value in that. I do think that you should work with people that are reputable. Not everybody that says that they look at LinkedIn profiles and resumes should be and so I think you should look at some examples of work that they’ve done in the past to see if that’s something that will be beneficial to you moving forward. But in no time should you go into that thinking if this person does my resume or does my LinkedIn page, I’m automatically going to get a job. It’s still putting your best foot forward out there with all different types of aspects that are necessary for the job search.

LN: I’d like to see certification.

NK: For sure

LN: Papers, I especially like to see that the person can write.

NK: Right.

LN: That’s not appropriate for all positions, but it’s helpful.

NK: For sure. Even if there is maybe you’re not the perfect grammatical person, you should be in your LinkedIn profile.

LN: You can get someone who has to check your page.

NK: Yes, exactly. And so there’s really not a reason why that should not be happening.

LN: What are your thoughts about, what’s your opinion when you see an employee that has reviews and how would you advise people to approach the review section?

NK: On LinkedIn?

LN: On LinkedIn.

NK: I honestly as an employer, don’t really pay attention much to the review section. But when I have, I’ve looked at the person that’s actually writing the review. I’ve actually gone in and clicked on their profile to see what role they actually have, how that person has interacted in the past. If it’s a former employer, that’s always good, for you to have a former boss or, supervisor or colleague, but it should definitely be a professional review. If you want to go have your friends to review so make sure they’re professional and they’re talking about work.

LN: I agree with that it when I look at the reviews if the reviews are written from people who clearly were a peer review helps as well.

NK: Sure.

LN: If it’s a supervisory review it means more, but I also look at the quality and caliber of the writing of the reviewers. So you don’t want to have someone writing a review on your page that has grammatical doesn’t really speak well.

NK: Right.

LN: But I also look to see if It’s a review swap. Because essentially, the effective way to get a review is to write one. So I’ll look at the profiles to see that as well.

NK: Right. I think that that’s true. I think the most valuable review is from a former supervisor or a current supervisor that’s talking about your current work. When people are reviewing they should be talking about the results that you’ve done. It’s you know, John is a great person, is great, but it doesn’t tell a potential employer anything about how you’re going to be for them if they hire you.

LN: Something like John came in, took over our factory project, realigned the team, achieved a 20% growth and sales and 10% improvement and profitability that’s kind of action-oriented.

NK: Action-oriented is really what is going to get you noticed. When we’re talking about reviews when we’re talking about your resume when we’re talking about LinkedIn.

LN: Are there any other thoughts you have before we wrap up? NK: I just want people to know that LinkedIn is a great tool. But the best tool for actually getting whatever opportunity that you want and keeping it or being successful is being the best you, whether you’re in private or in social media. And so always keep that in mind. We are always under a radar, somebody is always looking at

NK: And so how do you want that to be viewed in the future

LN: Great. Well thank you so much for being on the show.

NK: Thank you for having me, Lee.

Watch Part 1 and 2 of our Social Media Do’s and Don’t Series

Learn more about how to create a LinkedIn profile

https://www.learnhowtobecome.org/career-resource-center/how-to-create-linkedin-profile/

Careerbuilder.com gives advice

http://press.careerbuilder.com/2018-08-09-More-Than-Half-of-Employers-Have-Found-Content-on-Social-Media-That-Caused-Them-NOT-to-Hire-a-Candidate-According-to-Recent-CareerBuilder-Survey

Please follow and like us:

Social Media Yourself to Your Dream Job!

Hiring Managers are looking at your social media history so candidates should be doing the same. Everyone should be doing their homework. Lee Neubecker and Dr. Nicole Konkel discuss the how to use social media reconnaissance techniques to prepare for your next interview.

Keys to using social media reconnaissance before your interview

Social media is a valuable research tool to discover key hiring decision-makers when preparing to interview for your dream job. Matchmaking for that ideal employer-employee fit is now a two-way street. Hiring managers are looking at your LinkedIn, Facebook and other social media sites. Career seekers should be doing the same to prepare for that next interview. Job seekers are also looking at various websites to get a better understanding of the company’s culture, people and expectations. Performing your own homework including looking at online reviews from current and past employees can provide you a leg up on the day of your interview. Social media sites such as GlassDoor.com, Linkedin.com and even Facebook.com or Twitter.com may provide you with important insights that will enable you to ask thoughtful questions that demonstrate a deeper understanding of the prospective hiring organization.

President & CEO of Enigma Forensics, Lee Neubecker and Human Resource Executive, Dr. Nicole Konkel urge everyone to use all the social media tools to your best ability. Performing advanced social media reconnaissance of your prospective employer’s social media profile as well as your likely interviewers can provide you a leg up when you arrive for your interview. Listen to these important interview prep tips for seasoned experts in HR and online social media reconnaissance.

Preparing For An Interview

Lee Neubecker: Hi I’m back again with Dr. Nicole Konkel who’s an organizational design and development expert.

Nicole Konkel: Sure, yep, hi Lee. Great to be here again.

LN: And glad to have you on. I’ve asked Nicole to provide some insight to people out there on my network, as well as hers, that are looking for a job, in terms of what they should be doing to before they apply to their position, to make sure they’re well-prepared and they get off on the right foot. And that it’s a good fit.

NK: Sure, so Lee, I think it’s really important for you as a job seeker to interview and research the company that you’re applying for or applying to just as much as they’re going to do for you or to you. And so that means looking at social websites which will give you employee reviews and listen and not every review, most people don’t go to reviews to write good things. So we have to look at that and say who is giving this review? But look for patterns, look for employees saying the same things over and over again. That may not be any part of a culture that you would want to be in. Look for trends, look for better business bureau scores. Look for information on their current employees and look them up, look up their leadership teams.

LN: Now, I understand at least from reading that one of the most important determinants of someone’s happiness in a role in the relationship with their supervisor.

NK: For sure. LN: So would you recommend trying to find out who’s hiring for the role you’re applying for?

NK: Absolutely, you should definitely know who your potential supervisor is going to be. You should know if it’s a replacement position, why the last person left. You should ask these questions to every person that you interview with. Because what I can guarantee you is, in job searches that I do, I’m interviewing with multiple executives and companies. And every one of them is going to give you a somewhat different answer. While it may get you to the same place, it’s going to be a different answer and it’s going to give you a lot of insight.

LN: Well, I know too there are premium subscriptions you can sign up for, like in Linked In, that will give you more options where you can do the searching. And it might be helpful for you to know, who’s working at ACME Corp.?

NK: For sure.

LN: If you pay a little bit more you can see the employees you can tell who’s a second-degree connection, a third-degree connection.

NK: Sure.

LN: And if you happen to know someone in common, especially if you reach out to them before

LN: You can get intel on the person or the people working there that can really bolster your chances I’d think.

NK: Right, definitely a connection is going to be a really good step in getting you in the door for an interview. Versus just sending your resume like the other four hundred and ninety-nine people and hope that someone sees it. Most of the time they don’t get past the first 30. So I definitely feel, I don’t necessarily think you have to pay for additional services, I think a lot of that is out there for us to see for free. But definitely some benefits if you have the means to do so to get that additional information.

LN: Well, one of the things that people might not know about is that if you paid for the premium membership then you’ve already applied for a job at ACME Corp. you can see who’s clicking on your profile.

NK: Yes.

LN: And then you can tell who’s likely going to interview you. So without them even having to disclose who’s going to interview you you might be able to find out their interests, what shows they like.

NK: Yes.

LN: There’s a website called PQ, you can dig, you might be able to get details on their social media. The more homework you do, it always impresses people, you just don’t want to creep them out.

NK: Right.

LN: It’s okay to say “I looked online, I’m interested in your company” “I understand you do this and that.”

NK: Right.

LN: But it’s okay to say, “Oh I looked online probably the better that interview will go.

NK: Absolutely, I think it is very important to have details on those individuals are really like, “Oh wow. You looked me up?” Now, I wouldn’t necessarily say, “Hey, I saw it on Facebook “that you and your three kids went on vacation last week.” But I would keep it to the more professional accomplishments. If they have any reviews on Linked In that people have written for them, bring those things up because that only helps you.

LN: I recommend too that everyone consider making their own branded blog, like Dr. Nicole or I’ve got Leeneubecker.com because from time to time you move from company to company or you might sell a firm like I sold my firm, and someone wants to connect with you.
NK:
Exactly.

LN: When that happens, you have to be accessible.

NK: Right.

LN: And sometimes you lose control over your old workplace email, which raises another important point. Do no use your company email on your Linked In account.

NK: Please don’t.

LN: Because you might find yourself suddenly severed from your job and you’ll lose all your connections.

NK: Right, you in any social media that is yours, you should be using your own information, not your company.

LN: That’s right, oh, I think we’ve got a like on our Linked In. Well, thanks a bunch for being on the show, this is great

NK: Well, thank you for having me, Lee.

LN: Thank you.

Please follow and like us: