John Masserini closes his twice-monthly mandatory employee awareness sessions on how to protect company data with this reminder: “Don’t forget, I look at all of your email.”
Masserini is the Chief Information Security Officer of Princeton-based Miami International Holdings, the parent company of MIAX Options Exchange. It’s a company that will never allow staff to “bring your own device,” no matter how popular it becomes, because it’s required by law to archive every communication on its network, Masserini said at a recent Tech In Motion panel on cybersecurity.
The Securities and Exchange Commission requires exchanges — the financial organizations that manage and process transactions between investors for publicly traded companies — to capture every communication between broker and client, Masserini said, for potential review by regulators. The only device that can do that is a Blackberry, and that’s why he said he has “absolute reliance on Blackberry,” which is one reason Blackberry has stayed alive.
If Masserini’s company eventually switches to iPhone or Android, it will turn off texting capabilities, he said, since those phones don’t allow text messages to be archived.
But back to Masserini reminding employees that he looks at all their email: jokes aside, it’s a reminder for staff to keep their work and personal lives separate, so their children’s photos aren’t archived in MIAX’s files forever.
Here are some more highlights from the panel that took place at Benjamin’s Desk six-month-old expansion to its building’s top floor:
- How much does a data breach cost? It depends from company to company, the panelists said. Ron Schlecht of Center City security provider BTB Security said he’ll tell clients $200 per record breached, plus any hardware (laptops, etc.) that might need to be replaced, but there are more associated costs, like for legal action and marketing to help fix a sullied reputation.
- But for other companies, like MIAX Options Exchange, a marketplace for options that sees 1.75 billion transactions a day, Masserini isn’t worried about cyber attackers stealing records. He’s protecting against attackers who are looking at how to exploit MIAX’s systems “so they can drain your E-trade account.”
- On the other hand, the City of Philadelphia is worried about activists trying to hack the city to make a point, said the city’s Chief Information Security Officer Jeff Gardosh, who’s been with the city’s information security office since it was founded in 2011. It’s a lofty job because the city is the only organization of its kind: It’s not like when, say, Amazon is down, and you can go elsewhere to find what you need, he said.
- “I presume that a breach will occur,” Masserini said. “We are always behind the curve.” Potential attackers, like nation states, have “five or six rooms full of people writing code,” developing ways to breach data.
- Employee awareness is important. Miami International Holdings holds twice-monthly mandatory sessions to keep its employees up to speed on how to properly protect their data at work, as well as protect against a cyber attack at home or while they’re traveling, Masserini said.
- Do you need cyber insurance? If you’re a small startup that works with big companies, it’s a good idea, Schecht said. He said that, more and more, big companies are asking startups if they have cyber insurance. “It’s third-party due diligence.”
- The City of Philadelphia is moving some of its data to the cloud, Gardosh said. Highly sensitive data, like that for the city’s new cashiering system, will not be kept in the cloud, he said, but if it’s data for a website upgrade, that can go in the cloud.
- All four panelists are hiring. The recruiting problem is not only one facing startups. “There’s an absolute dearth of resources from where I sit,” Masserini said. The panelists offered advice like, “Certifications that require work experience go to the top of the list” and a culture fit is important when looking for employees, especially in terms of ethics, because employees will have access to secure data.
Before you go...
Please consider supporting Technical.ly to keep our independent journalism strong. Unlike most business-focused media outlets, we don’t have a paywall. Instead, we count on your personal and organizational support.
3 ways to support our work:- Contribute to the Journalism Fund. Charitable giving ensures our information remains free and accessible for residents to discover workforce programs and entrepreneurship pathways. This includes philanthropic grants and individual tax-deductible donations from readers like you.
- Use our Preferred Partners. Our directory of vetted providers offers high-quality recommendations for services our readers need, and each referral supports our journalism.
- Use our services. If you need entrepreneurs and tech leaders to buy your services, are seeking technologists to hire or want more professionals to know about your ecosystem, Technical.ly has the biggest and most engaged audience in the mid-Atlantic. We help companies tell their stories and answer big questions to meet and serve our community.
Join our growing Slack community
Join 5,000 tech professionals and entrepreneurs in our community Slack today!