Jim Parise interviewed by Thrive Global about Cybersecurity and Data Privacy

Jim provided some personal background and shared stories from throughout his career and updated Thrive on what Kelser has been working on recently. He also offered some helpful advice to his fellow IT professionals:

Nothing causes burnout faster in IT than always being in reaction mode and never being able to take a step back and identify proactive steps that can make a huge difference in the long run.

To a question about the most common data security and cybersecurity mistakes he has seen, Jim responded:

Having an incident response plan is often the difference between successfully weathering a cyberattack, and a complete disaster. It’s the sort of thing that’s easy to put off, and hey, you might get away with it, but scrambling with no plan when a cyberattack hits is not something anyone wants to go through. Once an incident response plan is in place, it has to be reviewed and updated regularly.

Having a plan that no one has looked at or thought about in over a year is essentially not having a plan. Personnel and technology are always changing, so the plan needs to be up to date and fresh in the minds of key employees.

 

Jim Parise’s 5 Cybersecurity Things to Know

For the main question of the interview, Jim offered the following five things every company needs to know to tighten up its approach to data privacy and cybersecurity.

1. Fully understand the compliance requirements that apply to your sector or business, whether that’s PCI for companies processing credit card transactions, HIPAA for health care organizations, or CMMC for manufacturing. If there isn’t a standard in place for your industry now, there likely will be soon. Keep track of developments for your industry or adjacent industries and prepare for requirements that may come soon. Despite years to prepare for NIST 800–171 (a compliance requirement in manufacturing that preceded CMMC), many manufacturers failed to achieve compliance before the deadline, and some lost business as a result.
   
   
2. Train on an ongoing basis. Rather than making a single all-in effort to train your team on cybersecurity, it’s more important that you train frequently. This can be done through brief modules employees complete when it works for their schedule. Interactive exercises such as simulated phishing also help the team get excited about sharpening their cybersecurity awareness.
   
   
3. Understand your cyber liability policy. Often, cyber liability policies require certain best practices be in place in order to make a claim. Ensure that you can’t be found negligent by the insurance company if a breach occurs, otherwise your insurance is worthless.
   
   
4. Get inside the heads of hackers. Cybercrime is a business. Just as companies need to understand their competitors’ business models, knowing how hackers operate can better equip you to stop them. For example, companies often don’t realize how valuable the data they have is until they investigate what dollar amount it might fetch on the black market. Knowing the type of payday hackers could expect if they’re able to breach the system motivates companies to keep their defenses strong.
   
   
5. Learn from mistakes. I often think about a business owner I met who had recently experienced a ransomware attack that locked the whole environment and shut the business down for days while the ransom was paid. I asked him what he was going to do to fix the vulnerability and he told me that he thought his company would be safe now because the hackers had already been paid off. The truth is that hackers are opportunists and more than happy to exploit the same vulnerability more than once. Plus, there are many, many different groups of hackers out there and if one was able to get into your system, another one can’t be far behind.

For more on the latest trends in cybersecurity, click here to read the full interview.