Jodi Daniels of Red Clover Advisors: Five Things You Need To Know to Optimize Your Company’s Approach to Data Privacy and Cybersecurity
Know your Data. We performed a data audit for one company who didn’t even know that they had five different CRMs, but we were able to tidy up their data at the end of our work, reducing company risks and bringing down the costs to just one CRM.
This is part of a series about “5 Things You Need To Know To Optimize Your Company’s Approach to Data Privacy and Cybersecurity”, I had the pleasure of meeting with Jodi Daniels.
Jodi Daniels is Founder & CEO of Red Clover Advisors, a privacy consultancy that helps companies create privacy programs, build customer trust and achieve GDPR, CCPA, and US privacy law compliance. For example, she assists companies with day-to-day activities such as data mapping, individual rights, training, policies etc., while serving as a fractional chief privacy officer too.
Jodi is also a Certified Informational Privacy Professional (CIPP/US) national keynote speaker with more than 22 years in corporate America at Deloitte, The Home Depot, Cox Enterprises and Bank of America where her most recent role was as Privacy Partner for Digital Banking & Digital Marketing. Her career in privacy began by building the comprehensive privacy program at Cox Automotive.
Jodi has both an MBA and BBA from Emory University Goizueta Business School majoring in accounting. She lives in Atlanta Georgia with Basil her husband Two girls plus a big fuzzy dog.
Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?
I spent my growing years amidst CT then went away during high school to South Florida then came over for college at Emory University located in Atlanta GA ever since am based here till today!
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
More than ten years ago, I was working on building a targeted advertising product at a very large media company and privacy in the marketing space was trying to self-regulate itself. How we could use data within the business was an urgent enterprise concern that had privacy implications. I thought this would ultimately become more of a business requirement and viewed this as an opportunity for me to get into. This is why I did it! I put together the company’s first ever privacy role and began my career in data privacy.
Can you share the most interesting story that happened to you since you began this fascinating career?
I’ll tell a personal one! My husband and I went shopping for a new mattress and visited a store with an IOT mattress. The salesman was explaining all the features including how it would collect my sleep patterns, heart rate and more. We wanted to know how the company used the data and the salesman just said “it’s a big company and very safe.” After we left the store, we went and read through their privacy policy which indicated how they utilized our data. We opted against buying that mattress.
None of us is capable to reach success without some help, which we get along the way. Is there someone in particular that you are grateful to have had their assistance in making you the person you are today? Can you narrate how it happened?
Too many people! One of them did however realize that my skills could work in different jobs and this made me change career.
Are there any new exciting programs you are presently working on? What impact will they have on society?
I am constantly thinking through ways that make complying with privacy laws easier to understand and implement. They keep getting more complicated and at my company we strive to give our customers tangible solutions for businesses who need help to comply with privacy legislation. We also hear back from organizations that they prefer what we do and our objective is being a pragmatic solution regarding digital security for organizations that cannot afford an internal resource.
What would be your advice to your colleagues about how they can avoid burnout?
Find another interest apart from work. Privacy is changing SO fast that it can become difficult not to keep learning or practicing 24/7.
Ok great. Thank you for all of that. Let’s now shift to the main focus of our interview. The world of Cybersecurity looks so interesting these days. What are three things which excite most about Cybersecurity industry? Can be told briefly?
Faster pace of enactment—means governments in the US are catching up with technology and trying to catch up with it too. Additionally, companies no longer just think of privacy as a nice add-on but as an essential requirement so they bring in resources for privacy management purposes too. Both these activities also lead to growing investment into privacy tech which means tools for business use (including legal ones) and practitioners’ ability improving performance.
Looking forward, what looming threats must firms start preparing themselves against?
The ongoing threats from hackers are increasing rather than decreasing. Technology is advancing so quickly which leaves out privacy and security considerations. We need to start learning from the privacy and security issues that have accompanied every new technology shift and I fear that we are repeating history in this regard as a society. Ethical data, data ownership, continued cyber threat.
Can you share a story from your experience about an incident caused through a cyber breach which you helped fix or stop? What were the key takeaways from that story?
Organizations forget older systems may not have the capability to be patched and updated making them vulnerable to attackers. You should always check the tech-stack especially when you buy another company.
What are some of the main cybersecurity tools that you use on a regular basis? Please explain what these tools do for our readership.
Microsoft Sentinel as it has features to tell if there is anything off with traffic flowing around in a corporate network. For trainings, we employ different companies like Knowbe4, Ninjio or Curricula. Crowdstrike falcon is used by large corporations for AI driven proactive threat hunting.
How can one who lacks a big team handle this? How would you say, in the simplest of terms when a company can use “over the counter” software and when it should move to a contract with a cybersecurity agency or hire their own chief information security officer?
Most companies without many employees just outsource their security on a third party msp or mssp basis and use vendor recommended tools. Also, there are a lot of similar companies like cyvatar.ai for example.
As is known, even the best prepared can be breached or hacked without knowing until later. Are there any 3 or 4 signs that an ordinary person might see or look for that could raise suspicion?
One thing that an average person should watch out for is receiving emails that ask them to do something urgently and contain free gifts. Phishing accounts for most hack attempts. They also need to check email rules once in awhile and if they are getting password change alerts from somewhere.
Once informed about a data breach at their firm, what else must they do to further protect themselves as well as customers?
Their systems must always be up-to-date as necessary; controls put in place for monitoring any unsanctioned activities; all incoming and current staff members trained on latest cyber threats. Usually at issue here is usually some sort of debrief with security counsel and consultants because if they weren’t ready already, there was typically no time to create detailed plans. That shouldn’t be overlooked by the organization; instead it should act upon it straight away.
According to your experience, what are some typical data security and cybersecurity mistakes made by businesses?
Companies don’t know where their data is so they don’t know how to protect it all! They assume that someone in IT has that handled. Employees lack proper training and there is no incident response planning.
Since COVID19 Pandemic began and companies have become more dispersed, have you seen an uptick in cybersecurity or privacy errors? Can you explain?
Yeah, there are more personal machines in use, a greater number of people who use insecure wifi and so many SaaS tools that some companies do not seem to secure properly with the rise of remote working. Some people forget to lock their computers down and is there any print on private basis while others carry out conversations in crowded areas. A lot of “confidential conversations” have taken place on coffee shops patios that would be better if they were held in private space. Companies also need to remember to enforce strong password policies and multi-factor authentication.
Ok, thank you. Here is the main question of our interview. What are the “5 Things Every Company Needs To Know To Tighten Up Its Approach to Data Privacy and Cybersecurity” and why? (Please share a story or example for each.)
1. Know your Data. When we did an inventory for a company, they had no idea that they had 5 CRMs at most. As soon as we finished what we were doing, all their data was sorted out thus minimizing costs by reducing it to just one CRM that lowered the risk for the business itself.
2. Monitor your vendors. Presently, you will find that companies have a network of software often on the cloud where data is stored. With the use of “data inventory”, organizations can then begin to review their vendors for compliance with applicable privacy laws and how they intend to use and protect data. There may also be a need for vendor assessment of their security practices and a data protection agreement.
3. Train Your Team. This is crucial for businesses of all sizes if you want them to understand how to safeguard information.. Furthermore, people learn differently so it is essential to have various training methods such as video and written ones etcetera . They say it usually takes’ people many times hearing content before remembering or understanding it well so repeating privacy and security tips in different ways is important . (Never assume they will remember or bypass executives.) I’ve observed multiple instances where my companies got phishing emails, usually involving the executive team.
4. Assign a Stakeholder—Who’s in charge? If no one pays attention to privacy and security nothing gets done because everyone figures “someone has it taken care of.” I strongly advise hiring a dedicated privacy professional who will handle privacy issues alone and another dedicated professional skilled in securities matters doing just that; there should always be two different people handling these two intertwined disciplines for best results in addressing both risks by such entities whether full time employees or outsourced services.
5. Risk assessments.Companies should contemplate on the privacy and security risks associated with each project while designing its interface or campaign.Often, at this point, it’s too late.The projects would launch with very basic errors around privacy and security which would necessitate cessation.Conversely, some other projects would factor in the issue at the start so that even during promotion campaigns, the risks were mitigated.
You are an extremely influential person. What if you could motivate people towards whatever cause that does more good than any other? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)
Be nice and don’t forget to say please. To me during the pandemic, social connections are more than ever important because we have all lost touch with one another. What’s my advice? Look in someone’s eyes and say hi. Above all people you’ve never met! Any person always has to be polite when asking for anything— staff members, colleagues at work or kids as well as at large retail outlets and food points —they must always remember to use these words while requesting anything . Always remember that if you cannot say something kind then it is better not to talk at all.
How can our readers follow your work online?
www.redcloveradvisors.com and https://www.linkedin.com/in/jodihoffmandaniels/
That was incredibly inspiring and informative. Thank you so much for sharing this time with us today!