director of strategic partnerships, DarkOwl
While nobody wants to have a company culture of paranoia, it is important to educate employees about cybersecurity.
How to Keep Your Company Data Secure
Most of her Tuck classmates graduated with an industry-focused outlook, like brand marketing or investment banking. Alison Connolly T’11 just knew she wanted to live in Denver. After several years as an independent consultant, Connolly met the founders of DarkOwl. That’s when she fell in love with an industry: cybersecurity.
Of course what Connolly finds fascinating, most corporate leaders find cold-sweat terrifying: millions of stolen login credentials, credit cards, and social security numbers, plus an abundance of weapons, drugs, and other illegal goods that are for sale or are simply on display on the darknet, an untraceable network of websites that aren’t indexed or searchable like the Internet we are all familiar with. As director of strategic partnerships for DarkOwl, Connolly sells subscriptions to the company’s proprietary database of darknet content, a kind of search engine of hacker activity, updated in real-time. With it, companies, governments, and investigators can track and monitor any relevant data hacks and breaches and limit the damage that comes from having proprietary information exposed.
We asked Connolly for advice about how companies can keep their data secure.
The biggest threat is that we’re all human
Organizations tend to be overly suspicious about ‘insider threats’ when in reality the much bigger threat stems from the fact that employees are simply human: we leave our laptops at conferences, use weak passwords, log on via unsecured wifi networks, click on attachments from strangers, etc. When you plan cybersecurity efforts, realize that employees acting in good faith are often the weakest link.
The C-suite is the weakest link of all
The best targets are the people highest up in an organization. If a hacker gets their hands on their credentials, not only do they have access to the most information, but an email sent from their account—regardless of who is really sending it—will carry the most weight with clients and employees. The C-suite gets more emails than anyone else, and we’ve seen time and again that because they’re so busy, they actually tend to be more lax with cyber safety protocols. They think they’re immune to their own policies. Top executives also are on the road a lot, making them more likely to use an easily-hacked public coffee shop or hotel wifi network for sensitive activities when perhaps they shouldn’t.
Look both internally and externally
Most companies pay the most attention to internal cybersecurity, like firewalls, looking through logs for outliers in volume, and monitoring email traffic. But corporations can’t just sit inside the fence waiting for attacks. The average time between a company being hacked and realizing that it has been hacked is greater than 200 days. To shorten that time gap, they need to look externally to places that the hackers themselves are using—places like the darknet—for an indication of leaks. DarkOwl monitoring, for example, would alert you right away if any email addresses and passwords from your domain were posted on the darknet. That can often help trace the breach to a specific office or even a single point of sale credit card machine. Ten years ago, companies thought, “Why would we need to monitor our social media presence?” I think the darknet is on a similar trendline. Every organization is going to have to monitor it in some way to stay ahead of the potential threats they’re facing.
Two-factor authentication is a no brainer
Eighty-five percent of breaches are caused by someone with access to credentials and passwords who shouldn’t have them. Once they’re inside of the network, they can act as an employee and wreak all kinds of havoc. If everyone has two-factor authentication, employees need a username and password to log in, but also something the employee physically has, like a mobile phone or a token, making it much more difficult for threat actors to impersonate them. That may have once seemed like overkill, but these days, it’s just a no brainer for everyone.
All devices are work devices
We want to be able to access our personal and business email everywhere, but that blurs the lines between a work device and a personal one. Whose job is it to secure an employee’s personal device? Is it them? The company? Apple or Microsoft? Wider device access to company information brings convenience and productivity, but also exposure to risk. Companies need to have a say in the security of employees’ personal devices if they’re used for work.
Build a culture of data protection
While nobody wants to have a company culture of paranoia, it is important to educate employees about cybersecurity—things like phishing schemes and password hygiene—and make sure they feel some ownership around the policies that exist to protect their info. In addition to proprietary information and customer data, a company has plenty of personal data on employees themselves—social security numbers, bank routing numbers, W2s—so everyone has skin in the game.
Fess up if you mess up
I know our IT department well, and I never feel embarrassed to ask them, “Is this legit? Is this phishing?” Or to tell them that I messed up and clicked something I probably shouldn’t have. Build an awareness with employees that it’s ok to say you might have messed up, or that something seems a little off. Transparency is key. Don’t make employees so worried about the consequences of making a mistake that they’re embarrassed to say, “I messed up.” And make sure if they do, they know who to tell.
Hear more from Alison during her latest visit to Tuck as part of the Britt Technology Impact Series presented by the Center for Digital Strategies. In the video below, she explains what the darknet is and why it’s important in determining if you or your company have been hacked.
As the vice president for Latin America and the Caribbean, Andrei Belyi T'01 leads TechnoServe’s mission of providing business solutions to poverty in 11 countries.Read More
Work Hard, Dream Big
From Buffalo to the boardroom, Yancey Spruill T’97 has found the formula for success.Read More
With Everly, Juliet Horton T’14 is changing how couples plan their weddingRead More
How to Make a Successful Startup Pitch
In her seven years as a venture partner at LaunchCapital in Cambridge, Mass., Heather Onstott T’07 has heard about 1,000 pitches from startups.Read More
Marketing a Disruptive Brand
Twitch is a live streaming platform with a growing global brand and two Tuck alumni, Kate Jhaveri T’03 and Michael Aragon T’01, are leading marketing and innovation.Read More
Susan Hunt Stevens
In 2006 Susan Hunt Stevens T'98 started a blog as a "a guide to going green without going berserk." Years later the idea evolved into WeSpire, a platform that uses technology and social media to promote sustainable living.Read More
Before you know what she is, you first need to know what Betsabeh Madani T’13 is not: She is not an astronaut. Or at least, not yet anyway.Read More
Sprague Brodie T’14 works in the heart of Silicon Valley at the sprawling Mountain View, California, campus of tech giant Google.Read More
How to Promote Diversity and Nurture Talent
After Tuck, Suzanne Schaefer T’02 went into management consulting, figuring that eventually she might connect with a particular industry—to her surprise, she instead felt a strong pull toward recruiting and talent development.Read More
One size does not fit all—that’s the philosophy of Torlisa Jeffrey T'12 , a senior product manager for Williams Sonoma.Read More
As director of global connectivity for Facebook, Chris Weasler T'97 is helping to bring online the 60 percent of the earth's population currently without internet access.Read More
Gibson “Gib” Biddle
NerdWallet's Gib Biddle T'91 came to Tuck as a marketer, but then realized he was more of a builder.Read More
Evernote CEO Chris O’Neill T’01 is helping the digital productivity and note-keeping company do more by focusing on what it does best.Read More
As head of strategy and product development for Beats Electronics, Elisabeth Hartley T'05 is on the cusp of creating what the future of music could look like.Read More
Not many people in ball bearing sales finish their careers in venture capital. For Mike Carusi T’93, now one of the most successful health care investors in Silicon Valley, that unlikely journey started with two eye-opening years at Tuck.Read More
People call Eric Spiegel T'87 the most natural leader they’ve ever met. Now CEO of Siemens USA, a global electronics and engineering powerhouse, he gets to lead on the issues that matter most. To his company and the country.Read More
Bill Achtmeyer T’81 has worked with hundreds of senior executives at Fortune 500 companies and shares five pieces of advice for managing a large organization effectively.Read More
On Establishing Your Personal Brand
Helen Kurtz T’97, chief marketing officer and senior vice president of Foster Farms, Inc. talks establishing your personal brand.Read More
Investor. Philanthropist. Entrepreneur. Roger McNamee T’82 is all of these and more in a career that has taken him to the top of the tech world.Read More
Tips for Transforming Your Career
After positions of increasing seniority at Morgan Stanley, McKinsey, and JPMorgan, Kate Grussing T’91 decided she wanted to transform her career by helping others transform theirs.Read More
On the Rewards of Nonprofit Board Service
Amy Houston T’97 was inspired to attend Tuck after seeing firsthand how a board with for-profit management experience can help a nonprofit, and she kept this lesson in mind when she joined the Robin Hood Foundation.Read More
On Influencing Company Culture
In his six seasons as executive vice president and chief human resources officer for the National Football League, Robert Gulliver T’97 has helped manage the NFL through some major cultural shifts.Read More
How Small Businesses Can Use Online Marketing Tools
After gaining experience at several software startups, Gail Goodman T’87 launched her own in 1999. As CEO of Constant Contact, Goodman has helped more than a half-million small-business customers navigate a rapidly evolving industry.Read More