HR DATA LABS - S02/EP14:
Secure Your S#!t: Cybersecurity in HR Analytics
A passionate advocate for cybersecurity, Evan Francen has been helping people learn about the importance of cybersecurity through his writing, his podcast, his YouTube channel, his public speaking engagements, and more! Cybersecurity has become a massively important aspect of running a business and yet, it’s still an afterthought of many CEOs in the world today. In this episode, Evan talks about what you can do to strengthen your own cybersecurity at home, and why your smart devices might not be the smartest choices after all.
[0:00 – 4:24] Introduction
• Welcome, Evan!
• Today’s Topic: Cybersecurity At Home and In Business
[4:25 – 10:44] Key Cybersecurity Threats In the World Today
• Why HR seldom talks about cybersecurity
• Who’s responsible for cybersecurity?
[10:48 – 20:54] Raising Cybersecurity Awareness and Embedding Security-conscious Behavior
• Cybersecurity as a benefit for employees
• Why cybersecurity is (and should be) personal
[21:10 – 34:23] Simple Behaviors People Can Incorporate
• Simple Cybersecurity Measures HR Can Implement
• Simple Cybersecurity Measures You Can Take At Home
[34:37 – 38:57] Final Thoughts & Closing
• Episode Summary
• Evan Shares his Closing Thoughts
Connect with Evan:
Connect with Dwight:
Connect with David:
Resources:
- “You have to hold people accountable. … 55% of CEOs in the United States today view
information security as a waste of time, and the reason why they feel that way is because
they’re not held accountable.” - “Information security is not about information, or security, as much as it is about people. Period.
People suffer when things go wrong.”
Announcer:
Here’s an experiment for you. Take passionate experts in human resource technology. Invite cross industry experts from inside and outside HR. Mix in what’s happening in people analytics today. Give them the technology to connect, hit record, core their discussions into a beaker. Mix thoroughly. And voila, you get the HR data labs Podcast, where we explore the impact of data and analytics to your business. We may get passionate and even irreverent, but count on each episode challenging and enhancing your understanding of the way people data can be used to solve real world problems. Now, here’s your host, David Turetsky.
David Turetsky:
Hello, and welcome to the HR data labs podcast. I’m your host, David Turetsky. co hosting With me today is my friend Dwight brown from Turetsky Consulting. Hey, Dwight, how are you?
Dwight Brown:
Hey, David, I’m great, how you doing?
David Turetsky:
Very good. As you may have listened in the past, we try and find people inside and outside the world of HR to bring you the latest and greatest as to what’s happening in the world of HR technology, data and analytics. Dwight, why don’t you introduce Evan?
Dwight Brown:
Thanks, David. We’ve got Evan Francen joining us and he’s the co founder and CEO of security studio and fr secure out of Minnesota. Evan is also a podcaster. He’s a co host of the insecurity podcast with Brad Nigh. And he also does a YouTube show called the Security Shit Show with Ryan Cloutier and Chris Roberts. And finally, Evan is also the author of a book and I think he’s working on another one but he’s author of Unsecurity: Information Security is Failing Breaches are Epidemic. How Can We Fix This Broken Industry? And moreover, from that, Evan is an evangelist with a crazy mission. Evan, welcome to the show.
Evan Francen:
Thanks, man. It’s great to be here. And you know, the long list of things. I think that’s just because of ADD. Some people say it’s a superpower. You just got to harness it.
Dwight Brown:
If you got it, use it, man.
Evan Francen:
Right? Yeah. It’s good to be here, guys. Thanks for having me.
Dwight Brown:
It’s great to have you. So one of the things that we do with every guest is we try to get a glimpse behind the curtain of everybody. And we talked about some fun thing that nobody knows about you. And so Evan, you are a two time state champion swimmer. And you said 60 pounds ago, I believe is what you said that you’re a cancer survivor. And you’ve hit not one deer, but two with your motorcycle. That’s correct. Yeah. Tell us about that one.
Evan Francen:
Well, I guess you know, the fact that we get to know, right, yeah, the fact that I’m still walking the planet tells me that my mission is not done. So that’s, you know, it’s good to be here. It also reminds me that, you know, there’s a purpose, right. It’s nice to live life with with a purpose. The two deer thing you know, the first one was, I was on the motorcycle by myself. I was coming back from a softball game. And coming over a little ridge, I guess, going about 60 miles an hour hit a doe who was pregnant with twins, split her in half. And totaled the bike and I went tumbling down the road. I don’t know how far But yeah, that hurt. The second one was my wife was actually on the back of the motorcycle, and I kept it on two wheels. Somehow. I still ride today. So I What are the chances of a third deer?
David Turetsky:
Well, actually, it was a question that that that’s actually what four deer. So true.
Evan Francen:
True? Yeah.
Dwight Brown:
You got four notches in the gun there.
David Turetsky:
Oh, my goodness.
Dwight Brown:
While we’re going, we’re glad that you survived. I personally am glad that you survived to because you’re a great friend. And I’ve really been privileged to be able to get to know yet. And so it’s great to great to have you here. And in many ways. Thank you, man. So our topic today is to talk about security in HR analytics or cyber security, I should say in HR analytics. And you know, we’re in a we’re in a crazy time right now. Tell us about tell us about what you’re seeing in the environment relative to information security, what are some of the key threats that we need to be talking about right now?
Evan Francen:
Well, you know, it’s it. I guess I’ll start with some wisdom. One of the things I heard maybe 15-20 years ago from a good friend is complexity is the worst enemy of security. And I think one of the reasons why it seems so chaotic in the world today with with cyber security is it’s more complex than it’s ever been. We continue to add more and more technology into our lives. More and more technology in our environments, you know, talking about HR analytics, I can only guess, you know, the number of applications systems, the number of lines of code, you know, behind the applications, it all makes that more difficult for us to secure. I think a lot of times we think about the data part of cybersecurity, but now, the way the world works, you can’t separate data from personal safety. So now we have personal safety issues we have to contend with. So yeah, it’s a it’s a hell of a challenge right now.
Dwight Brown:
On HR, you talk about the fact that HR data is really a treasure trove of personal info that attackers can use a steal identities, financial fraud, all those kinds of things. Can you also talk about some of the because Haven’t they done some studies that that talk about the usual prices that are charged out on the black market for different types of information? And how how that might tie back into the HR arena?
Evan Francen:
Yeah, so you know, that most of the attackers that we’re going up against, you know, certainly most customers are going up against criminal gangs are money motivated attackers, right, so there needs to be a return on the investment, they run their business, just like anybody else runs their business. So you target the information, you target the things that are going to bring the best return for me credit card data, you know, not that long ago was, you know, that was a high return. But then we went to chip and pin that became less of a return. So then where do I go next? Well, HR data is, like you said, it is a treasure trove of information. With a you know, typical HR database, the things that an attacker could do, I could take, you know, I could steal your entire identity, take out loans in your name, impersonate you, with your coworkers, with your boss, with, you know, anybody, I can also sometimes take your health care, insurance information, get treatment under your name, which then becomes another one of those safety issues. Because then when you go to the doctor, you’ll be treated as though you have a pre existing condition that you don’t actually have. So yeah, there’s a huge return on the investment right now in HR data.
David Turetsky:
And even beyond that, Evan, when you think about the kind of things that we do in the world of HR, you know, direct deposit means that the banking information is all there, you know, you talked about social security number, and, you know, the impersonation, but you know, someone’s money is obviously, at stake here, their bank account records are in that direct deposit in a in a very, in a very easy way, you know, that, you know, it has all the routing number and the account number. So, you know, that’s just there.
Dwight Brown:
Things like social security number, you know, we it’s a necessary piece of information that has to be gathered, but we don’t always think about how well we’re protecting that. And the thing that amazes me with the the infosec arena is that, you know, you think of the the shows where you see these hackers with their hoodies, sweatshirts on and they’re working away at their computer hacking into different systems, where it’s what I’m learning and coming to realize is that it’s not as much like that as it is just kind of in just right out there. And very basic in terms of how they’re getting things, a lot of social engineering, those emails that have links that you should never click that stuff, like, stuff like that. Is and so it’s easy in the HR environment, because they’ll they’ll barrage you for many sides is am I getting that correct Evan?
Evan Francen:
Yeah, we’re up against professionals, right professionals, I mean, think of that, you know, you’re at your own office, right? They’re not wearing hoodies, they’re not, they don’t look like that, you know that that works for the movies. But these are professionals. These are highly skilled, highly organized, but you’d be surprised at how they run their businesses better than most of the businesses we serve. You know, they’re very efficient, they operate in other countries. And if they don’t operate in other countries, they proxy their traffic through other countries, which then breaks the chain of evidence, which makes it very difficult to prosecute. So there’s very little accountability. And yeah, it is the basics. You know, again, going back to the return on investment, we have a saying it’s much easier to go through your secretary than it is to go through your firewall. Why would I spend, you know, 20 some odd hours trying to hack your firewall, when I can just send you an email, there’s a better return on the investment and the rule of thumb for our listeners and people. Because Another thing we don’t think of is we we think that security people are some kind of Magic, people are something, these are life skills. Right? You need to learn these as life skills, nobody else is responsible for your security, like you are, I’m not responsible for your security, I can’t stop you from clicking on links, I can’t stop you from giving out your passwords, I can’t do these things. At some point, people need to take responsibility for themselves on these matters. And the rule of thumb, never ever give out sensitive information on any communication channel that you did not initiate. That means an email, that means a phone call, that means a text that means walk somebody walking up to you on the street asking you for something if you did not initiate that communication, don’t give out sensitive information.
Dwight Brown:
So I think that’s a good segue and to topic two, which is how do we raise Cybersecurity Awareness and embed this security conscious mindset and set of behaviors and to enter the HR analytics arena?
Evan Francen:
Well people don’t like my answer. And to be honest, my answer is, you have to hold people accountable. They have to feel the pain. I mean, that’s just the way human beings work. Right? Today, there really isn’t much accountability, you know, 55% of CEOs in the United States today, view information security as a waste of time. And the reason why they feel that way is because they’re not held accountable. Right, there’s a breach the people who actually suffer from the breach is or the people that whose information that was not necessarily the CEO of the company that was supposed to protect that information. So I think we need to change our mentality, I think we need to change some of the laws, some of the rules around information security. Yeah, we have a long ways to go. We’re not even close to that yet.
Dwight Brown:
On it seems like we’re, we’re, you know, in the in the wake of all these high profile ransomware attacks, it seems like we’re finally starting to see a couple moves that are inching us forward at the national level in terms of cybersecurity, some of the legislation that came out and and whatnot, is that correct?
Evan Francen:
Somewhat, you know, it depends. So the the latest kind of is the is the executive order from, you know, President Biden, which focused on if you’re doing business with the federal government, you have to meet these certain requirements and share this, you know, share a certain attack information incident information with the federal government? Well, we typically advise people and we have, you know, today, maybe 1500 customers, it always, it always hurts more when somebody has to tell you what to do versus you just doing it because it’s the right thing to do. So when you have the federal government coming through with compliance, what people typically do is that you they go to a checkbox mentality, right? rather than go with the letter, or rather than go with the intent of the law, they go with the letter of the law.
Dwight Brown:
Do the bare minimum.
Evan Francen:
Yeah, yeah. And so it’s just good business practice, you know, to have to do information security? Well, you know, I mentioned that complexity is the worst enemy of security. If you do security, well, it becomes a business differentiator, you’ll find processes in your environment, where instead of a 20 step process, that’s nearly, you know, nearly impossible to secure. Why don’t we do it in three steps, we then also become more efficient, right? So you look for those opportunities. And that’s the different kind of way to approach you know, approach security.
Dwight Brown:
And you guys with, you know, in terms of getting started on some of this at the personal level security studio, the company that your co founder and CEO of you guys have some free tools out there to to help people don’t you?
Evan Francen:
Yeah, the S2ME is and talk about HR people are creatures of habit, right? So the good or bad habits I have at home, or the good or bad habits that I bring to the office, right, they’re typically not to different people. So I think one of the angles that sort of works with S2ME is the tool you’re talking about. It’s a personal information security, risk management tool. It’s it’s meant to be for you to protect yourself, protect your loved ones, protect your kids, protect your financial accounts, protect your computers, I mean, on and on, all the stuff you keep putting into your home. Those things need to be protected. So learning those skills. Now from an HR perspective. We’re starting to see more HR folks. Use as to me as a business as a almost as an employee perk. Right As a benefit, as opposed to us telling you, you have to do these things, you have to do this, you have to do that. So the employee wins because they’re learning new skills. Hopefully, the company wins because they’re learning new skills. Hopefully, you know, the other part that they can do that bring it in. Yeah, the S2Team, which kind of takes that aggregate as to me scores, it doesn’t take individual scores. But what HR can use that for is to train people on how to protect themselves better, as opposed to, you know, your traditional training and awareness programs, which I think most people fall asleep, turning.
Dwight Brown:
I’ve never fallen asleep in the training program, just for the record.
David Turetsky:
What one problem though, Evan, is complexity you mentioned before, and people have now started to add their data to a ton of apps beyond what we’ve ever seen before the proliferation of applications. And in their personal life, that’s tremendous. I’m not talking about like Candy Crush Saga, or something I’m talking about, you know, putting our bank account information and consolidators, like mint. Then when you go to the office, we’re doing the same thing. We’re using SAS based technologies. And they’re all interconnected through API’s. And while I know that security is at the heart of a lot of those SAS based products and those API’s, still, anytime you’re adding, as you said that that complexity, it provides opportunities for I would imagine, and this is where my question is coming. I imagine the more complex you’re getting with all those API’s and all those different applications and those apps, the more gives opportunities for hackers to find the ways in between the API’s and those applications.
Evan Francen:
Absolutely. Yeah, there’s that and there’s simple mistakes. Right? every application beyond hello world has mistakes in it, right? It’s human beings writing the code, you know, even if you can get down to, I don’t know, 10, maybe errors per k lock in. That’s how we measure 1000 lines of code is what a keylock is. And then 10 per keylock is actually pretty darn good. But then you have an application that has 3 million lines of code, you can do the math and figure out that there are a lot of errors in just about every application. Sir, and then like you said, If I’m using API’s to pull data from other sources, or or published data at other sources, well, then that, you know, you have to incorporate that as well. And I think a lot of times we focus in our world so much on confidentiality, making sure that data remains secret. We also have issues, because that’s just a part of security. Another part is data integrity, is the data, good data, you know, so when we talk about analytics, if I’m making decisions based on faulty data, for whatever motivation, right? We, we falsely assume often that an attacker is motivated by this or that you’d be surprised at what some of them will do. So you know, from an analytics perspective, if you’ve got, you know, faulty or bad data, you’re making all kinds of bad decisions, really.
David Turetsky:
That’s been the foundation of a lot of the conversations we’ve had on this podcast about the the practicality of perfect data in the world of HR and how it’s almost chasing a false premise that it’s completely imperfect. So yeah, totally.
Evan Francen:
Yeah, just make sure we add in AI.
Dwight Brown:
Oh, boy. Right. Well, you know,
David Turetsky:
yeah, and we’ve had conversations with, with people, you know, very smart people around the world of AI and how it is already impacting the world of HR. And the decisions that are getting made based on the faulty premise that the HR data is in sound shape enough to be able to make good AI based decisions. And yeah, we’ve had those interesting conversations
Dwight Brown:
Let’s face it. I mean, security is always the last thing that people think about and and so when they’re Speak for yourself, or even if….I just totally insulted Evan.
David Turetsky:
I’m sure that’s the first thing Evan, did. I
Dwight Brown:
Did I hurt your feelings?
Evan Francen:
No. It’s really hard to do that. Now, Microsoft, Microsoft is, you know, I read a couple months ago, they are writing an AI to assess essentially emulate your dead relatives. You can Google this and
Dwight Brown:
Are you kidding me?
Evan Francen:
I know. And I’m like, hey, Microsoft. I’ll take a word processing program that doesn’t crash. Thank you. You know, why are we doing this? Easy.
Dwight Brown:
And any relatives?
David Turetsky:
Yeah. We could have a podcast on that only just when you think it would not be the answer data labs though, something funny.
Evan Francen:
You mentioned the shit show, that was one of the things that we talked about. But from a data analytics perspective, you know, when you think about AI, that’s not magic, either. Somebody wrote the code for that. The same errors that are in your word processor, your Excel spreadsheet, everything else that you use, are in AI, as well. Right? And then you couple that with bias, everybody’s got a buyer, exactly whoever coated it has a bias. And then it only operates on the data. So the quality that I mean, it’s just, it’s, it’s gonna be not good for a while.
Dwight Brown:
Yeah. Interesting times ahead with it.
Announcer:
Like what you hear so far, make sure you never miss a show by clicking the subscribe button. Now. This podcast is made possible by Turetsky Consulting and listeners like you. Thank you for your support. Now, back to the show.
Dwight Brown:
So this, this actually brings us to the third topic, then we’ve talked about the complexity, but what are what are some of the immediate and simple behaviors that people can start to incorporate or processes and guidelines that organizations can start to incorporate?
Evan Francen:
Number one, recognize your role? You have a role. Everybody has a role, right? Even if you don’t think oh, that’s the CISO’s job, right? The chief information security officer, that’s the CIOs job. But that’s no, you have a job in information security, and it’s different from organization to organization. So understanding what that is, and even asking the question about what that is, you know, starts the conversation. And I think a lot of times, people are hesitant to have this conversation, because, you know, maybe they feel like, they’ll be in over their head, whatever. But it pays to start with the conversation. For me personally, you know, my number one concern is my family. You know, it’d be on work, you know, I work all the time, but, and the only thing I can’t get back, I can usually get back data, I can either get it back, or I can change it, right. So if you lost your data, right, the only way to get it back is to change it. Right? So there’s a security number you stole for me is no longer useful, because I’ve got a new social security number, that kind of thing. The thing that I can’t get back is my daughter’s innocence. You know, I have a 16 year old daughter who uses her iPhone, just like, you know, tick tock, this and that and everything else. Right, I need teacher life skills on how to protect yourself online, so that she’s not preyed upon, I think a lot. We don’t talk about the dark, dark sides of cybersecurity, like human trafficking, like child predators, I mean, it’s the same, the same protections I use, to protect my finances are the same protections I would use to protect those other things. Right, these things are all blended together. And so that’s, I think, as a tip, recognize those life skills, two things that I’ve noticed, more so over the last 5-10 years than ever, is we’re adopting technology faster than our ability to secure it. Right. And certainly adopting technology faster than our ability to use it responsibly. So the way I can play a role in that is I don’t add new technology into my home or my environment unless I know how to use it responsibly. So you know, taking the time to think that through before you plug in that Google Home device, or that new Alexa, cool thing, think that through.
Dwight Brown:
Yeah. And it’s always eye opening to know to think about how many how many devices are on your network and how exposed you. You are I when I was doing some coursework on cybersecurity, and one of the tools that we use was a network comber I guess you could say Wireshark. And I logged into my own home network. And I started seeing all these IP addresses that I did not recognize. And so I actually started going back to every single one and figuring out what is this? What’s this device? And I think I had like 15 on my, on my network. You know, I had my Amazon Echo. I had my TV on there. I had my phone, you know, and I think people don’t realize that and so like you talked about Evan really kind of ratcheting things down and saying, okay, I I’m not going to add another device that I don’t know how to use, because I’m going to start to lose my security. And I think that can happen in the corporate environment.
Evan Francen:
You wouldn’t drive a car unless you learn how to drive the car, right unless you learned the steering wheel work. The gas pedal the brakes, the, you know, all the safety features, at least some of them. Otherwise, you know, you’re asking for trouble.
David Turetsky:
Yeah, and I…I’m going to call a little bit of BS on that one thing, there are so many people who do not understand a lot about what they use, they have no concept, right. And, you know, I will, I will own this one, by the way, because I have a multitude of smart home devices throughout my house. And in the name of security, right, because God forbid, someone breaks in, I’ve got cameras that are inside, that are taking pictures inside as well as outside the house. So that if intruders come by, I know who they are. And I have it on on film. And of course, I have this on a lot of my windows. But in that same vein, we’ve seen that hackers can get in and steal video, not through my house, although we’ve seen that that can happen through the secure servers of the companies that produce these devices. And whether they were contractors or what, or whether they’re nefarious and use social engineering to get past the safeguards that have been set up. So I will call a little BS only because me as a smart consumer of those technologies. I have been snowed by the safety and security pledges that had been given to me by those providers. Right. And the thing that bothers me is…
Evan Francen:
I’m Yeah, and I and so it’s not so much Bs, it’s it’s the difference between risk management and risk elimination. Yeah. Right. You know, we live in a risk management world, and that’s what security is. The fact that you are a smart consumer, you reduce the risk significantly in your own home. If you’re not protected 100% that’s never gonna happen. But then you were also smart enough to know, or stay aware that one of your providers had a breach, right? And, yeah, I think so many people walk around the world today, with a complete lack of situational awareness. They don’t know where they are, they don’t know what they’re doing. So I don’t think it’s so much BS, I think it what you did is the right thing to do for sure.
David Turetsky:
But, you know, kind of bringing it back to HR, though, the use of those smart devices around our work environment. scare me to death? Yeah. Because when you’re having secure conversations about people’s data, or people situations, and the Amazon echoes are in the room, those things are always listening. Yes. And so, you know, they’re the weather, the weather, those companies or the companies of the contractors of those companies can actually get a hold of that data, then that is kind of a secure breach of a security breach of the confidentiality of the People’s data that you’re talking about. And HR needs to be aware that that’s not a good thing. No, that’s not useful.
Evan Francen:
No, it’s not in in here. You know, being a security person, when usually a little more paranoid than the rest of the world. We prohibit smart devices, we we mandate that if you’re going to work from home, you have to have a secure office in your house, hopefully we pay you well enough that you can afford that. So that means it’s a dedicated office with a door that closes so you know, kids, you know people in your home aren’t listening to the conversations you’re having. You also can’t be private, the use of not just Alexa and other smart devices, but also turn off Siri, on your Apple device, be amazed at how many things are listening to every conversation you’re having. And they can and the technology has come so far, where people would use to say, Well, I’m not talking about anything that anybody really cares about, but you do in aggregate. Right? Yeah, they’re mining, your the things you’re saying transcribing into text is a piece of cake. And then mining that text where you know, sensitive information. It’s super cheap to do and the return is high.
David Turetsky:
Absolutely. And the world of HR cannot afford breaches like that. Because that’s people and trust, as we were talking about before, you know, their bank account information, their benefits, information, their payroll information, a lot of things that they just cannot allow, like their social security number to be in the wild. And we have to we as HR have to take as careful or as kid gloves, I guess, with that, that kind of information as we should and we have been predicting for a while. But because these new things, as you mentioned, and I love what you just said it was the, I need to make sure I understand fully how I’m using it. Before I bring it into my work world, we need to do the same thing as HR.
Evan Francen:
Yeah, for sure. I mean, I, I preach the fact and I’m proud of the fact I haven’t done house. My house is the dumbest house on this block. You know, it was built in 1872. I don’t want anything listening. I seriously, I do this stuff all day long. The last thing I want to do is come home and do more of it. But we have a saying to you know, and I think HR folks, you know, let this sink in, you know what I’m about to say? Information Security is not about information, or security, as much as it is about people. Period, right? People suffer when things go wrong. You may not suffer personally, but maybe the people that you’re, you know, collecting their data about they suffer, somebody always pays a price, right. And so feeling that weight, you know, we get so busy, you know, going from this task to that didn’t know that task. But know that this is about people, it’s always about people. If it wasn’t about people, nobody would care.
Dwight Brown:
It’s about the people who were on the receiving end and the the breaches and security or about the about people as well, you know, people making mistakes, and, you know, clicking that link or Yeah, organizations that don’t have good password protocols. And, you know, it’s all people base. So I agree with you, it’s it all comes down to people, but it’s easy to think of it in terms of bits and bytes and the high tech technology. And it’s just not that way.
Evan Francen:
Well, until you sat across the table. I mean, we’ve done so many incident responses over the years, and you sit across from the table, have a president of a good sized company. And you’re explaining, you know, what this ransomware attack did who you think the perpetrators are knowing in the back of your mind that this company will not recover? This company will go out of business, you don’t have the capacity or the ability to put the data back here insurance coverage isn’t going to cover it. You’re gonna have to I mean, it’s, that’s when you really believe, you know, that’s when it really sinks in that, Oh, my God, this is like 100 or so livelihoods that are impacted by one event. And that one events started from somebody who clicked a link in an email, download an application and locked everything. You know, yeah.
Dwight Brown:
Exactly.
Evan Francen:
And that’s kind of the world we live. Well. I mean, you look at the the colonial pipeline attack, right? Yeah. And this goes back to riling people accountable to what did the CEO say I’m deeply sorry. Okay, great. Awesome.
Dwight Brown:
But what’s gonna get us? Yeah,
Evan Francen:
Exactly. And so who paid the price for that? The economy, God knows how many people pay, you know, higher gas prices, and everything else. It’s that kind of stuff. And if we don’t start to get this straight, the things like that are going to happen more often. I’m not a doomsday or either, I’m not a prepper or anything like that. I do ride a Harley. So that’s pretty badass. But yeah, gotta be careful.
Dwight Brown:
Yeah, no, it’s certainly a lot to a lot to digest and a lot to think about, because it really does come down to people and, and just being mindful of what the security implications are out there.
Evan Francen:
And don’t be overwhelmed. Seriously, don’t be overwhelmed. Start with your own family, protect your family,
https:
//s2me.io. Take your own assessment, learn your own skills, then you’ll feel much more empowered to have these discussions with others start there.
David Turetsky:
Yeah, and we’re gonna post that in the notes. Yeah,
Dwight Brown:
Yeah, we’ll put the we’ll put the link in the in the notes. And I definitely encourage everybody to follow that link and do that assessment. I’ve done it myself. And even though I think of myself as being somewhat versed in cybersecurity, I was amazed at all of the things that are pointed out that I needed to be mindful of. So definitely go to that link and we’ll post it in the show notes. So Evan, we talked about a lot of stuff today. You know, there are a lot of there are a lot of threads out there. But your concept of really keeping it simple. And the fact that complexity is the enemy of security really rings true. And I think this gives a lot of our listeners a good food for thought in terms of the To think about it and what the what the consequences are of certain actions that they take. And what I also heard you say is talking about what you know, thinking about what are our responsibilities as HR, analytics professionals or HR professionals or whatever professionals that might be thinking about what our responsibilities are. And then taking simple steps securing your family first, like you talked about, get your get your stuff together in your in your home, you know, going back to the name of this episode, secure your shed secure your shed at home, right and it’ll flow over into the work environment.
David Turetsky:
I like the advice of take Alexa out of your office. That’s the one I like.
Evan Francen:
And turn off Siri. Siri doesn’t help me. Anyway, she just sits there. I don’t even know what the hell she says. But usually it’s wrong. So turn it off. My Siri mouths off to me. So I’ve silenced her. I got kids to do that. I
David Turetsky:
Go back to the Motorola flip phone. That one works fine. Really? Wow. Oh, my God. Those are major steps back.
Dwight Brown:
Museum.
David Turetsky:
Oh, yeah, I think so.
Dwight Brown:
Whatever. And thanks so much for thanks so much for joining us today. A lot of food for thought before you go. Any any parting thoughts that you want to give our listeners?
Evan Francen:
I think you hit it really well. You know, protect yourself and your family? First. It’s not that, like you are the CEO of your home. If your head of household, right. So just like the CEO of a business security works the same way it doesn’t care where you’re at. Right? number one most important thing. I can’t protect the things I don’t know I have. Right. So you mentioned Dwight, right. asset inventory. What are the things I have in my house? And are they talking on the internet, things that you would never think are talking are talking like smart TVs, you can’t buy a dumb TV anymore. I want my dumb TV back. But you can disable that. Right? You can disable it prevent it from talking to the internet. But it goes back to I’m not going to install these things unless I know how to use them. Well, I know I know how to use them securely. The fear of missing out FOMO is a crock. Don’t worry about it. You’re not missing out on anything. You know so start there, always start at home first, because who cares if you lost analytics data if you’re bankrupt because cannot have been in your you know, right, your marriage is falling apart? Because you know, everything went to crap at home. So start there. And then like you said you the things you learn at home, you will take into the office, just the natural transition.
Dwight Brown:
Well thank you, Ev n, is this has been great. An we really appreciate you b ing on the podcast. I’ll also post links to the insecuri
David Turetsky:
Thank you, Evan, Francen, for your wise thoughts on security and how to secure our shit in HR. We really appreciate it. Thank you, Dwight. Thank you. And thank you for listening. We really appreciate your support. If you liked the episode, please hit subscribe. And if you know somebody who also likes this or might find this fascinating, please do us a favor and send it to them as well. We really appreciate your support. Thank you very much and stay safe.
Announcer:
That was HR data labs. Please visit Turetsky consulting.com forward slash podcast to review the show. add comments about this episode, or add new ideas about upcoming shows you’d like to hear. Feel free to be creative. But please be nice. Thank you for joining us this week on the HR data labs podcast and stay tuned for our next episode. Stay safe
In this show we cover topics on Analytics, HR Processes, and Rewards with a focus on getting answers that organizations need by demystifying People Analytics.
