Kelsi Strutton, Senior Account Manager, Major Accounts, Ironwall, sat down with us to discuss her upcoming exclusive webinar exploring risk management. To learn more about the webinar on 12 February sponsored by Ironwall or to register, visit here.
Q: How did you become interested in online data exposure?
A: After spending over a decade safeguarding federal facilities, I turned my focus on ensuring my protectees feel this safety and security at home. A simple Google search opened my eyes as to how personally vulnerable I was, and while I knew I was safe at work in my fortified office, the headquarters of a federal law enforcement agency, the security did not translate to home.
I knew I needed to prioritize the safety of my family. How can I ensure that someone I disgruntle in my professional capacity cannot bring those frustrations to my home, or to my children? And how can I ensure my protectees have this same security?
The transition from security in the federal law enforcement field blended seamlessly into online security for public officials and high-profile individuals. I apply my experience in risk mitigation, security strategies, and analytical focus to mitigate home-based threats and decrease dangerous risks beyond office hours.
Q: What advice would you give security professionals interested in reducing Online data exposure?
A: The best way to mitigate risks associated with online data exposure is to be realistic on the threats associated with your personal information exposed and the ways to mitigate these occurrences - they cannot target what they cannot find.
The initial step is to provide as minimal information on yourself as possible. Do not give your real phone number for rewards, do not provide the same email to Target as you use to do your billing and medical business. There are tools out there which will be covered in the Ironwall presentation, to bifurcate the John that shops at Target.com and the John that banks at Wells Fargo and uses INOVA Hospital systems. Use these tools. Emails and customer data bases are hacked daily, separating yourself adds a layer of protection with minimal effort.
The defensive posture is to remove what information is already exposed from being found. Removal services focusing on the entire open web, not just data broker and people finder sites, provide the best approach in reducing online footprints. There are over 5,000 data brokers and people finder sites – but if your information is available on newspapers or government sites, it’s still out there to be weaponized against you - you are not protected.
The key is to implement these approaches before an incident occurs – before you are a target, so when the bad actors go to find you, your family, and where you live, the information is not available to them.
Q: Why should security professionals have online data exposure on their radar?
A: No matter what IT security training is provided, or cyber security tools are implemented, the weakest link to all our IT security is the human element. With our personal data being bought and sold at a breakneck pace and the speed with which AI can gather and analyze this data, we are more exposed than ever before.
Simple people finder sites and data brokers are not the only issue. It’s how do they get this data we need to think about and protect against. Online reservations at restaurants, your local grocery store rewards program; these are just some of the ways our personal data is exposed.
With the constant 24-hour news cycle and how quickly items escalate given current polarization of the world today, our protectees are all one headline away from their name, and therefore personal information, becoming available to malicious actors with a few clicks.
Additionally, AI can scrape the web and make phishing scams more unique and targeted, and therefore more convincing, resulting in a higher rate of success for “clicking those links.”
Proactive approaches, before the headline breaks or the protectee is doxed, is the cornerstone of a proactive data privacy strategy.
