Heed this cyber pro’s advice on incorporating data care into your daily life

Cybersecurity is a top national priority, even more prominently so after President Joe Biden called it a “core” challenge when meeting with tech and civic leaders on Wednesday.

Biden also cited the growing need for pros who can fight cyber attacks, with 500,000 unfilled cybersecurity jobs across the U.S. That need backs up one Baltimore cyber exec’s case for calling the industry “data care” to make it more accessible. Such a rebranding, former Tenable CEO and investor Ron Gula argues, makes it clearer that anyone can care for their personal data, and also, that the field has many options for employment that aren’t just high-tech.

“Cybersecurity as a name doesn’t inspire responsibility in average people,” Gula told Technical.ly this week. Rather, it creates the idea that “cyber is someone else’s job.” Data care, he said, makes it personal, evoking for a person what they are doing on their own device or account to take care of the data they have.

For technologists like Bella Vista data management pro Eugene Desyatnick, cybersecurity has always been important, and agrees that it’s something everyone can implement in their daily lives.

Desyatnik, whose work includes data governance, architecture, privacy and security, said maintaining data catalogs is a task that has become increasingly difficult for companies as newer data management technologies have arisen.

“Data care is definitely something we can all do” — including in our business practices, he told Technical.ly via Slack.

For the average person trying to better manage their data, Desyatnik recommends “pausing and verifying.” Human error has been the cause of too many notorious data breaches, including some locally. Remember the cyberattack that neutralized SEPTA data operations last August? Or the Philabundance attacker who stole $1 million from the food bank via a fraudulent invoice?

If someone is requesting your personal or business passwords or other sensitive information, Desyatnik said, take some extra time to authenticate their request.

“Consider the impact; consider doing right by those individuals whose data it is. Have they given permission for their data to be shared?” he said. “Be aware that in a virtual landscape with COVID, spear phishing and social engineering attacks through impersonating someone are easier. Text their last known number to make sure it’s really who they say. Check with a colleague if the request makes sense. And when storing new types of information, consider the regulatory impact” — that means the Payment Card Industry Data Security Standard for credit card data, the California Consumer Privacy Act for personally identifiable information, etc.

You can also consult your company’s infosec or legal department, if it has one. And be careful of clicking on suspicious links when facing invoice requests.

“Two nonprofit boards I’m on have been subject to these in the past year,” he said, of invoice scams. “The attacker sets up a fake but similar email with the board chairman and president, and uses that email account to contact other board members, often requesting action to be taken. These often have an urgent tone to them. My boards know not to respond to such requests, at least not without texting me at my last known number. It’s less of a cyber attack and more of a social exploit, and it’s unfortunate how prevalent they’ve become.”

Michael Butler is a 2020-2022 corps member for Report for America, an initiative of The Groundtruth Project that pairs young journalists with local newsrooms. This position is supported by the Lenfest Institute for Journalism.