►
From YouTube: Education & Workforce WG: How Secure Is Your Data?
Description
Date: 11/06/20
Presenter: Dr. Cheryl A. Swainer
Institution: Clafin University
Title: "How Secure Is Your Data?"
http://sbdh-prod.ideas.gatech.edu/resources/newsblog/education-and-workforce-working-group
A
So
I've
already
introduced
myself
and
where
I'm
from
and
currently
my
powerpoint
is
loading.
So
the
purpose
of
this
talk
is
basically
to
address
the
importance
of
protecting
data,
and
so,
let's
start
out
with
a
definition
of
what
data
protection
is.
Data
protection
is
defined
as
the
law,
which
is
designed
to
protect
personal
information,
which
is
collected,
processed
and
stored
by
automated
means
are
intended
to
be
a
part
of
the
filing
system,
and
we
already
know
different
organizations
are
collecting.
A
You
know
data
from
various
sources,
I
know
being
a
part
of
a
university.
A
We
are
always
collecting
data
from
our
students
and
and
that's
really
why
I
took
an
initial
interest
in
data
protection,
because
I
was
really
concerned
about
whether
or
not
the
student's
data
was
being
protected
and
so
because
of
technologies
and
the
different
devices
that
we
use.
You
know
we
share
so
much
data
across
the
various
types
of
technology.
A
In
addition
to
that,
there's
a
lot
of
information
and
data-
that's
out
there,
that's
very,
very
sensitive,
and
these
these
various
types
of
data
is
in
danger
of
being
stolen,
and
so
we
have
organizations
like
governments
and
different
industry
that
have
understood
data
protection
and
how
important
it
is
to
secure
the
data
and,
in
addition,
personal
information
should
always
be
protected
and
the
principles
of
data
protection
should
always
be
followed.
And
so
here
what
I
have
are
some
principles
of
data
protection,
which
include
there
should
be
no
limits
to
what
is
collected.
A
There
should
be
limits
on
the
collection
of
personal
information.
Data
should
be
obtained
by
lawful
and
fair
means,
which
is
very
very
important,
because
we
want
to
be
very
careful
how
we
collect
data
and
not
on
that.
How
we
share
data
as
well.
Data
should
be
obtained
with
the
consent
of
the
individual.
A
I
mean
really,
there
should
be
no
hidden.
Practices
on
the
information
that
submitted
or
shared
should
be
correct.
Personal
information
should
be
relevant
to
the
purposes
for
which
it's
going
to
be
used
and
really
organizations
are.
Our
government
should
not
be
collecting
doubt.
That
is
not
relevant.
Information
should
be
accurate,
complete
and
current.
A
A
I
think
it's
important
to
talk
about
the
relevance
of
data
protection,
as
you
can
see
from
the
diagram
that
the
first
data
protection
law
involved
back
in
1970
in
in
germany.
A
Okay,
data
protection
was
of
little
to
no
relevance
as
you
can
see
from
the
diagram
in
the
mid
90s,
all
the
way
from
the
mainframe
up
to
1970
down
to
the
internet
of
things
in
20,
20
21.
A
I'm
positive
that
when
the
internet
was
first
created
that
the
developers
of
the
internet
did
not
anticipate
such
a
wide
scale
use
and
definitely
they
didn't
consider
software
security.
But
today
is
very
imperative
as
we
develop
software
that
we
take
seriously
because
gives
serious
consideration
to
software
security.
A
But
data
protection
has
come
a
long
way
and
has
influenced
the
creation
of
the
discipline
of
cryptography
and
encryption,
and
it's
important
that
strategies
are
continue
to
be
implemented
to
secure
data.
So
I
want
to
share
with
you
some
of
the
best
practices
for
protecting
data.
A
There
are
eight
on
the
down
data
access,
remembering
the
basis
and
I'm
gonna
talk
about
each
of
one
of
these
in
a
little
bit
more
detail
in
the
following:
slides,
continue
to
focus
on
compliance
watch
out
for
advanced
cyber
crime
tactics,
embrace
multi-factor
authentication,
explore
ai
respect,
customer
privacy
and
protect
your
public
health
information.
A
So
when
we
talk
about
lockdown
access,
I
think
it's
important
that
we
take
extra
care
to
guard
against
in
unauthorized
access.
A
A
In
this
way,
the
data
would
get
to
the
right
people,
remember
the
basics
and
remembering
the
basis
is
important
that
we
make
sure
that
there
are
no
gaps
in
your
data
security
that
can
expose
customer
data,
and
we've
seen
several
examples
of
this
in
the
past,
for
customer
data
being
wrongfully
obtained
by
hackers,
and
so
it's
important
that
we
make
sure
that
that
our
software
is
secure
continue
to
focus
on
compliance.
A
The
general
data
protection
regulation
took
effect
in
europe
back
in
2018
and,
and
sometimes
organizations
may
not,
you
know,
may
have
some
loopholes
in
their
policies
or
they
may
drop
the
ball
so
to
speak,
but
back
in
recently,
google
was
fined
57
million
dollars
by
the
french
regulatory
by
the
cnil,
and
so
it's
just
important
that
we
focus
on
compliance,
because
you
know,
if
certain
organizations
do
not
focus
on
the
different
compliance
regulations,
we
can
be
impacted.
A
Now
we
do
know
that
the
united
states,
we
do
not
necessarily
follow
the
gdpr
jessa
as
of
today,
but
there
are
some
organizations.
A
I
believe
the
state
of
california
had
had
some
customer
regulations
that
they've
developed
and
they
are
following,
which
is
very
similar
to
the
gd
pr
and,
as
I
think,
about
the
gdpr
and
I
think
about
students
on
our
different
college
campuses
in
that
data.
I
wonder
how
our
universities-
and
our
colleges
are,
you
know,
are
following
certain
policy
or
even
if
they
even
have
policies
on
compliance
and
making
sure
that
student
data
is
secure.
So
I
think
it's
important
that
we
continue
to
make
that
a
privacy
in
gdpr
compliance,
a
focus.
A
Also
it's
important
to
watch
out
for
advanced
cyber
crime
tactics.
There
is
something
that
is
called
chat
box.
Ai
chat,
box
chat
box,
which
are
used
for
malicious
purposes.
Chat
box
could
also
be
used
to
carry
out
social
engineering
attacks
and
infiltrate
websites.
So
so
it's
important
that
that
we
watch
out
for
these
advanced
cyber
crime
tactics,
because
there
are
different
types
of
cyber
attacks
such
as
spearfishing,
which
target
individuals
and
it
uses
specific
information
to
exploit
for
criminal
purposes.
A
So
it's
just
important
that
we
watch
out
for
these
cyber
attacks.
Another
best
practice
is
embrace
multi-factor
authentication.
So
you
know
gone
are
the
days
of
just
entering
in
your
password
to
just
you
know,
access
you
know
your
email
or
bank
accounts
or
other
types
of
systems.
So
it's
important
that
organizations
embrace
multi-factor
authentication.
A
There
are
different
tools
that
are
out
there.
That
will
allow
you
to
implement
some
type
of
multi-factor
authentication.
I
know
at
my
university
when
I
get
ready
to
access
my
email.
Of
course
I
enter
my
password,
but
before
I
can
even
access
my
email,
I'm
prompted
with
a
telephone
call
from
the
system,
and
they
asked
me
to
validate
who
I
am
so.
We
have
this
dual
type
of
authentication
that
we
have
to
do,
but
you
don't
have
to
just
have
duo.
You
can
have
trio
a
quad
factor,
type
authentication.
A
Another
best
practice
is
to
explore
ai,
explore
the
benefits
of
using
ai
software
for
your
own
cyber
security
efforts,
but
make
sure
to
do
plenty
of
research
on
you
know
the
company
that
you
choose,
because
you
want
to
make
sure
it
meets
your
needs,
respect
customer
privacy.
Even
if
it's
not
the
law.
Yes,
the
united
states
does
not
have
gdpr
implemented,
like
europe
does,
but
it's
it's
important
that
we
respect
our
customers.
A
I
think
when
I
first
started
working
with
my
students
and
that's
that's
when
I
really
first
learned
about
gdpr-
and
I
thought
about
it
and,
as
I
mentioned
earlier
in
the
context
of
my
my
students
and
the
students
on
our
campus,
that
their
privacy
and
I
was
concerned
about
their
data
being
secure,
and
I
was
also
concerned
about
hackers
for
infiltrating
our
system
on
our
college
campus
and
not
only
that.
I
was
also
concerned
about
if
our
university
actually
had
policies
on
how
we
protect
student
data
and,
lastly,
protect
your
personal
health
information.
A
Cyber
criminal
cyber
criminals
do
not
care
what
systems
their
they
infiltrate.
They
infiltrate
not
just
your
email,
your
social
media
accounts,
but
they
are
also
infiltrating
the
databases
of
healthcare
organizations.
So,
yes,
we
do
have
helpful
laws
and
we
help
ferpa,
but
it's
important
that
we
protect
personal
health
information.
A
So,
as
I
bring
my
talk
to
a
close,
I
just
want
to
remind
everyone
that
it's
important
that
we
keep
all
our
devices
protected.
I
know
with
my
own
personal
device,
my
laptop
whether
my
desktop,
I
frequently
change
my
password
and
I
do
have
some
secure
software.
A
It's
important
to
avoid
harsh
phishing
emails,
encrypt
data
and
be
away
aware
of
impostors
and,
lastly,
just
keep
in
mind.
These
safeguards
for
protecting
data
is
so
vital
to
the
way
we
do
business
every
day,
all
organization
with
government,
educational
institutions,
private
sectors,
it's
important
that
personal
information
is
disclosed
or
user
retained
only
for
the
purpose
for
which
it
is
intended.
We
should
not
really
collect
information
unnecessarily.
A
We
must
ensure
that
the
data
is
secure
and
just
use
on
reasonable
safeguards
to
to
protect
the
user's
data
of
the
customer's
data.
A
I'm
careful
about
the
data
that
I
put
in
and
sometimes
you
know
we're
asked
for
like
say,
for
example,
phone
numbers,
I'm
not
so
quick
to
get
out,
give
out
my
cell
phone
number
and
sad
to
say,
but
sometimes
I
just
may
put
in
an
erroneous
number,
even
though
it's
a
required
field.
So
we
just
have
to
be
very
very
careful
and
the
consumer
should
again-
and
I
emphasize
is
so
much
that
the
consumers
should
know
the
purpose
for
the
use
of
the
data
that
you
know.
A
An
organization
is
collecting
and
and
also
the
user
should
know
about
the
organization
which
is
the
data
controller.
So
thank
you.
B
Yeah-
and
this
was
great-
actually,
I
put
a
link
in
because
you
know
as
we're
cycling
to
that
next
speaker.
Thank
you.
So
much
for
this
presentation
that
we,
this
is
just
a
quick
infographic,
actually
highlights
what
you
were
talking
about
in
the
chat
where
they
put
together.
B
This
is
the
group
that's
put
together
all
of
the
different
visualizations
of
the
world's
biggest
cyber
security
attacks
and
breaches,
and
so
you
can
actually
filter
through
it,
for
which
ones
were
because
of
human
error,
which
ones
are
because
of
actual
hacking.
You
know
which
ones
how
much
money
it
costs
them
for
these
different
hacks
and
other
things.
So
human
error
may
seem
pretty
basic,
but
it
is.
It
does
account
for
a
good
number
of
the
cyber
security
hats.
B
Just
you
know
simple
things
like
not
putting
your
password
in
so
as
we're
you
know
looking
through
it,
you
can
take
a
look
and
see
also
the
filters
that
you
might
be
able
to
look
at
and
even
in
your
classes.
So,
if
you're
trying
to
bring
the
point
home
to
your
student,
what
exactly
the
cost
of
not
securing
your
data
would
be
for
these
different
types
of
institutions
and
organizations.
B
So
the
next
speaker,
and
if
you
have
questions
or
if
you
have
feedback
or
or
types
of
resources,
that
you
would
like
to
also
share
on
this
topic,
please
put
in
the
ether
pad
and
we
can
transfer
this
link
to
the
etherpad
as
well.
Oh,
yes,
and
it
is
a
dissertation
research
on
insider.