►
From YouTube: Education & Workforce WG: How Secure Is Your Data?
Description
Date: 11/06/20
Presenter: Dr. Cheryl A. Swainer
Institution: Clafin University
Title: "How Secure Is Your Data?"
http://sbdh-prod.ideas.gatech.edu/resources/newsblog/education-and-workforce-working-group
A
So
I've
already
introduced
myself
and
where
I'm
from
and
currently
my
powerpoint
is
loading.
So
the
purpose
of
this
talk
is
basically
to
address
the
importance
of
protecting
data,
and
so,
let's
start
out
with
a
definition
of
what
data
protection
is.
Data
protection
is
defined
as
the
law,
which
is
designed
to
protect
personal
information,
which
is
collected,
processed
and
stored
by
automated
means
are
intended
to
be
a
part
of
the
filing
system,
and
we
already
know
different
organizations
are
collecting.
A
We
are
always
collecting
data
from
our
students
and
and
that's
really
why
I
took
an
initial
interest
in
data
protection,
because
I
was
really
concerned
about
whether
or
not
the
student's
data
was
being
protected
and
so
because
of
technologies
and
the
different
devices
that
we
use.
You
know
we
share
so
much
data
across
the
various
types
of
technology.
A
In
addition
to
that,
there's
a
lot
of
information
and
data-
that's
out
there,
that's
very,
very
sensitive,
and
these
these
various
types
of
data
is
in
danger
of
being
stolen,
and
so
we
have
organizations
like
governments
and
different
industry
that
have
understood
data
protection
and
how
important
it
is
to
secure
the
data
and,
in
addition,
personal
information
should
always
be
protected
and
the
principles
of
data
protection
should
always
be
followed.
And
so
here
what
I
have
are
some
principles
of
data
protection,
which
include
there
should
be
no
limits
to
what
is
collected.
A
There
should
be
limits
on
the
collection
of
personal
information.
Data
should
be
obtained
by
lawful
and
fair
means,
which
is
very
very
important,
because
we
want
to
be
very
careful
how
we
collect
data
and
not
on
that.
How
we
share
data
as
well.
Data
should
be
obtained
with
the
consent
of
the
individual.
A
I
mean
really,
there
should
be
no
hidden.
Practices
on
the
information
that
submitted
or
shared
should
be
correct.
Personal
information
should
be
relevant
to
the
purposes
for
which
it's
going
to
be
used
and
really
organizations
are.
Our
government
should
not
be
collecting
doubt.
That
is
not
relevant.
Information
should
be
accurate,
complete
and
current.
A
I'm
positive
that
when
the
internet
was
first
created
that
the
developers
of
the
internet
did
not
anticipate
such
a
wide
scale
use
and
definitely
they
didn't
consider
software
security.
But
today
is
very
imperative
as
we
develop
software
that
we
take
seriously
because
gives
serious
consideration
to
software
security.
A
A
I
believe
the
state
of
california
had
had
some
customer
regulations
that
they've
developed
and
they
are
following,
which
is
very
similar
to
the
gd
pr
and,
as
I
think,
about
the
gdpr
and
I
think
about
students
on
our
different
college
campuses
in
that
data.
I
wonder
how
our
universities-
and
our
colleges
are,
you
know,
are
following
certain
policy
or
even
if
they
even
have
policies
on
compliance
and
making
sure
that
student
data
is
secure.
So
I
think
it's
important
that
we
continue
to
make
that
a
privacy
in
gdpr
compliance,
a
focus.
A
Also
it's
important
to
watch
out
for
advanced
cyber
crime
tactics.
There
is
something
that
is
called
chat
box.
Ai
chat,
box
chat
box,
which
are
used
for
malicious
purposes.
Chat
box
could
also
be
used
to
carry
out
social
engineering
attacks
and
infiltrate
websites.
So
so
it's
important
that
that
we
watch
out
for
these
advanced
cyber
crime
tactics,
because
there
are
different
types
of
cyber
attacks
such
as
spearfishing,
which
target
individuals
and
it
uses
specific
information
to
exploit
for
criminal
purposes.
A
So
it's
just
important
that
we
watch
out
for
these
cyber
attacks.
Another
best
practice
is
embrace
multi-factor
authentication.
So
you
know
gone
are
the
days
of
just
entering
in
your
password
to
just
you
know,
access
you
know
your
email
or
bank
accounts
or
other
types
of
systems.
So
it's
important
that
organizations
embrace
multi-factor
authentication.
A
There
are
different
tools
that
are
out
there.
That
will
allow
you
to
implement
some
type
of
multi-factor
authentication.
I
know
at
my
university
when
I
get
ready
to
access
my
email.
Of
course
I
enter
my
password,
but
before
I
can
even
access
my
email,
I'm
prompted
with
a
telephone
call
from
the
system,
and
they
asked
me
to
validate
who
I
am
so.
We
have
this
dual
type
of
authentication
that
we
have
to
do,
but
you
don't
have
to
just
have
duo.
You
can
have
trio
a
quad
factor,
type
authentication.
A
Another
best
practice
is
to
explore
ai,
explore
the
benefits
of
using
ai
software
for
your
own
cyber
security
efforts,
but
make
sure
to
do
plenty
of
research
on
you
know
the
company
that
you
choose,
because
you
want
to
make
sure
it
meets
your
needs,
respect
customer
privacy.
Even
if
it's
not
the
law.
Yes,
the
united
states
does
not
have
gdpr
implemented,
like
europe
does,
but
it's
it's
important
that
we
respect
our
customers.
A
I
think
when
I
first
started
working
with
my
students
and
that's
that's
when
I
really
first
learned
about
gdpr-
and
I
thought
about
it
and,
as
I
mentioned
earlier
in
the
context
of
my
my
students
and
the
students
on
our
campus,
that
their
privacy
and
I
was
concerned
about
their
data
being
secure,
and
I
was
also
concerned
about
hackers
for
infiltrating
our
system
on
our
college
campus
and
not
only
that.
I
was
also
concerned
about
if
our
university
actually
had
policies
on
how
we
protect
student
data
and,
lastly,
protect
your
personal
health
information.
A
Cyber
criminal
cyber
criminals
do
not
care
what
systems
their
they
infiltrate.
They
infiltrate
not
just
your
email,
your
social
media
accounts,
but
they
are
also
infiltrating
the
databases
of
healthcare
organizations.
So,
yes,
we
do
have
helpful
laws
and
we
help
ferpa,
but
it's
important
that
we
protect
personal
health
information.
A
A
It's
important
to
avoid
harsh
phishing
emails,
encrypt
data
and
be
away
aware
of
impostors
and,
lastly,
just
keep
in
mind.
These
safeguards
for
protecting
data
is
so
vital
to
the
way
we
do
business
every
day,
all
organization
with
government,
educational
institutions,
private
sectors,
it's
important
that
personal
information
is
disclosed
or
user
retained
only
for
the
purpose
for
which
it
is
intended.
We
should
not
really
collect
information
unnecessarily.
A
I'm
careful
about
the
data
that
I
put
in
and
sometimes
you
know
we're
asked
for
like
say,
for
example,
phone
numbers,
I'm
not
so
quick
to
get
out,
give
out
my
cell
phone
number
and
sad
to
say,
but
sometimes
I
just
may
put
in
an
erroneous
number,
even
though
it's
a
required
field.
So
we
just
have
to
be
very
very
careful
and
the
consumer
should
again-
and
I
emphasize
is
so
much
that
the
consumers
should
know
the
purpose
for
the
use
of
the
data
that
you
know.
A
B
B
This
is
the
group
that's
put
together
all
of
the
different
visualizations
of
the
world's
biggest
cyber
security
attacks
and
breaches,
and
so
you
can
actually
filter
through
it,
for
which
ones
were
because
of
human
error,
which
ones
are
because
of
actual
hacking.
You
know
which
ones
how
much
money
it
costs
them
for
these
different
hacks
and
other
things.
So
human
error
may
seem
pretty
basic,
but
it
is.
It
does
account
for
a
good
number
of
the
cyber
security
hats.
B
Just
you
know
simple
things
like
not
putting
your
password
in
so
as
we're
you
know
looking
through
it,
you
can
take
a
look
and
see
also
the
filters
that
you
might
be
able
to
look
at
and
even
in
your
classes.
So,
if
you're
trying
to
bring
the
point
home
to
your
student,
what
exactly
the
cost
of
not
securing
your
data
would
be
for
these
different
types
of
institutions
and
organizations.