Did you know that October is Cybersecurity Awareness Month? Unlike National Donut Day or National Relaxation Day, the month-long event is actually recognized by the US government!
Now in its 17th year, the annual effort began as a partnership between the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) with the goal of keeping people safe online. In 2004, this meant things like keeping your antivirus software up to date. Today, staying safe online is a lot more complicated – we’ll get to that in a moment.
The NCSA has tons of great resources on their website on topics such as securing connected devices, employing strong passwords, and the vulnerabilities of personal data shared online. Send the link to your parents, your neighbors, your therapist – everyone can benefit from being more informed! But first, let’s hear from our own in-house expert: Margot Berger, Compliance Manager at Clutch.
Q | Hi Margot! Thanks for speaking with us today. Let’s start with a little about you and your role at Clutch. Tell us about a day in the life of the Clutch Compliance Manager.
A | I started working at Clutch 7 years ago as a Product Manager and spent time learning about the inner workings of our software development cycles and how all of the pieces connected.
I was fascinated with how something started as an idea in a meeting, and then moved to a requirements document, to how the developers were going to make it happen, then to what infrastructure assistance was needed and how it would work with the overall design and usability for an end user.
A little over a year ago, the opportunity arose to take on a new role, as the Compliance Manager and work closely with the DevOps and Infrastructure teams to help ensure that we were staying in compliance with all regulatory requirements regarding data protection.
My daily responsibilities include managing CCPA, and GDPR Data requests that come in, ensuring that our Information Security Management System (ISMS) is up to date, and monitoring the tasks that ensure we stay in compliance with SOC 2, GDPR, HIPAA and CCPA, just to name a few.
Q | Can you explain the relationship between Cybersecurity, Data Security and Compliance?
A | Compliance focuses on the kind of data that is handled by a company and the regulatory frameworks that they must adhere to. Data Security focuses on the protection of the data a company processes. Cybersecurity is the protection of devices that process and access data.
Q: Clutch manages a lot of data for clients. What is the biggest risk companies like Clutch face related to the security of that data? Said another way, what is the worst case scenario?
A | Employee errors are the biggest risk to companies when it comes to the security of data. This could be something like an email phishing attack, an employee unintentionally downloading malware, or plugging in a corrupt USB device. Even with these potential risks, Clutch has processes in place to help make sure we mitigate and prevent these from occurring. As an example, we provide security awareness training and reading materials to all employees to help them identify phishing attacks, reminders to not click on links in suspicious emails and we have a process in place for reporting any suspicious activity.
Q: What are some of the things you and your team do to mitigate that risk?
A | Clutch has created policies and procedures to protect employees, company devices and our clients data. We have set up employee security training sessions to educate employees on best practices for accessing data and we will do external penetration testing to test the strength of our infrastructure policies.
Q: What is the most interesting thing you have learned since taking on the role of Compliance Manager?
A | The most interesting thing that I have learned since taking on the role of the Compliance Manager are all of the moving pieces that go into safeguarding our client, and employee data, as well as securing our devices.
Q: Everyone at Clutch is working from home due to COVID-19. Does that introduce more risk to employee or client data? Have you implemented any new protocols to mitigate those risks?
A | Clutch has allowed employees to work remotely prior to the outbreak, and our security policies and procedures have been in place to accommodate this since the beginning of Clutch. With more employees across the world working remotely, hackers have stepped up their game which does increase risk for everyone, not just Clutch employees. We have made sure that the protocols and policies that we have in place, can evolve as we adapt to the new ways in which we work, accounting for any increased risk.
Q: Cybersecurity awareness month started as a way to keep individuals safe online. How has your role as Compliance Manager changed the way you interact online?
A | I have become hyper aware of how much data we put out into the cyber-verse voluntarily. There is a trend on social media platforms where an individual provides information about themselves in the form of a quiz. Hackers can use this information to guess passwords, answer security questions and leave individuals open to identity theft.
Thank you, Margot, for answering our questions! You’ve provided some great information and we are grateful to you for keeping things safe and secure at Clutch. Readers – stay tuned to learn more about how Clutch secures data for clients: in our upcoming post, we’ll decode the acronyms and review the purpose of each of our security and compliance certifications including: SOC-2, HIPAA, TCPA, GDPR, PCI and CCPA. Until then, we encourage everyone to #staysafeonline!