Startups
Cybersecurity / Events

These cybersecurity fears challenge ‘bring your own device’ trend

John Masserini closes his twice-monthly mandatory employee awareness sessions on how to protect company data with this reminder: "Don't forget, I look at all of your email."

Left to right: Scott Laliberte of Protiviti, Ron Schlecht of BTB Security, John Masserini of Miami International Holdings and Jeff Gardosh of the City of Philadelphia.
Updated 12/18/13 5:30 p.m.: A previous version of this article incorrectly identified the amount of transactions that MIAX Options Holdings sees per day. The exchange does 1.75 billion transactions in a day. Additionally, the article previously misquoted John Masserini speaking about the amount of staff he has. Masserini was speaking about potential attackers having "five or six rooms full of coders."

John Masserini closes his twice-monthly mandatory employee awareness sessions on how to protect company data with this reminder: “Don’t forget, I look at all of your email.”

Masserini is the Chief Information Security Officer of Princeton-based Miami International Holdings, the parent company of MIAX Options Exchange. It’s a company that will never allow staff to “bring your own device,” no matter how popular it becomes, because it’s required by law to archive every communication on its network, Masserini said at a recent Tech In Motion panel on cybersecurity.

The Securities and Exchange Commission requires exchanges — the financial organizations that manage and process transactions between investors for publicly traded companies — to capture every communication between broker and client, Masserini said, for potential review by regulators. The only device that can do that is a Blackberry, and that’s why he said he has “absolute reliance on Blackberry,” which is one reason Blackberry has stayed alive.

If Masserini’s company eventually switches to iPhone or Android, it will turn off texting capabilities, he said, since those phones don’t allow text messages to be archived.

But back to Masserini reminding employees that he looks at all their email: jokes aside, it’s a reminder for staff to keep their work and personal lives separate, so their children’s photos aren’t archived in MIAX’s files forever.

Here are some more highlights from the panel that took place at Benjamin’s Desk six-month-old expansion to its building’s top floor:

  • How much does a data breach cost? It depends from company to company, the panelists said. Ron Schlecht of Center City security provider BTB Security said he’ll tell clients $200 per record breached, plus any hardware (laptops, etc.) that might need to be replaced, but there are more associated costs, like for legal action and marketing to help fix a sullied reputation.
  • But for other companies, like MIAX Options Exchange, a marketplace for options that sees 1.75 billion transactions a day, Masserini isn’t worried about cyber attackers stealing records. He’s protecting against attackers who are looking at how to exploit MIAX’s systems “so they can drain your E-trade account.”
  • On the other hand, the City of Philadelphia is worried about activists trying to hack the city to make a point, said the city’s Chief Information Security Officer Jeff Gardosh, who’s been with the city’s information security office since it was founded in 2011. It’s a lofty job because the city is the only organization of its kind: It’s not like when, say, Amazon is down, and you can go elsewhere to find what you need, he said.
  • “I presume that a breach will occur,” Masserini said. “We are always behind the curve.” Potential attackers, like nation states, have “five or six rooms full of people writing code,” developing ways to breach data.
  • Employee awareness is important. Miami International Holdings holds twice-monthly mandatory sessions to keep its employees up to speed on how to properly protect their data at work, as well as protect against a cyber attack at home or while they’re traveling, Masserini said.
  • Do you need cyber insurance? If you’re a small startup that works with big companies, it’s a good idea, Schecht said. He said that, more and more, big companies are asking startups if they have cyber insurance. “It’s third-party due diligence.”
  • The City of Philadelphia is moving some of its data to the cloud, Gardosh said. Highly sensitive data, like that for the city’s new cashiering system, will not be kept in the cloud, he said, but if it’s data for a website upgrade, that can go in the cloud.
  • All four panelists are hiring. The recruiting problem is not only one facing startups. “There’s an absolute dearth of resources from where I sit,” Masserini said. The panelists offered advice like, “Certifications that require work experience go to the top of the list” and a culture fit is important when looking for employees, especially in terms of ethics, because employees will have access to secure data.
Companies: City of Philadelphia
Engagement

Join the conversation!

Find news, events, jobs and people who share your interests on Technical.ly's open community Slack

Trending

How venture capital is changing, and why it matters

What company leaders need to know about the CTA and required reporting

The ‘Amazon of science stores’ and 30 other vendors strut their stuff for Philly biotech

Why the DOJ chose New Jersey for the Apple antitrust lawsuit

Technically Media