Justine Fox, Director of Software Engineering at NuData Security, A Mastercard Company explores the impact of remote work on cybersecurity and cyber hygiene.
1. Tell us about your role at NuData Security?
As a Director of Software Engineering at NuData Security, A Mastercard Company, I leverage my knowledge of cloud architecture to reduce consumer friction online and design a more inclusive connected world.
I am responsible for software development in the digital device space (including the internet of things) and leading the team that develops the NuData cloud platform. I look to identify design issues within a solution and work closely with stakeholders to overcome them, strengthen the solution, and increase customer satisfaction. I focus on the consumer experience, product optimization, and fraud detection strategies that enable innovative product solutions.
In addition to my Mastercard role, I am also an AWS Academy Accredited Instructor working as an online instructor with BCIT Part-time Studies and UBC Extended Learning.
2. Can you tell us about your journey into this industry?
I started my journey into the tech field during high school – working on a school website. This evolved into building a learning management system, enabling a shift into supporting online learning well over a decade before the pandemic pushing online learning into the spotlight. I got hands-on experience managing computer labs and I.T. administration of devices during this period. I then went to BCIT, where I completed a Bachelor of Technology in Computer Systems.
3. How do you think technology is impacting cybersecurity?
We live in an increasingly connected and complex world. Organizations that follow basic security hygiene – such as the benchmarks maintained by the Center for Internet Security (CIS) – are typically well-positioned to be cyber resilient. Often smaller, underfunded teams struggle to keep up with the basics of updating software.
Organizations of any size are at risk of human error, so informational campaigns about phishing and social engineering attacks are important tools to increasing technology literacy. Many data breaches occur due to the human element of our organizations.
This makes technology literacy a key metric that directly impacts an organization’s cyber resiliency or an individual.
As connected devices become increasingly prominent throughout all walks of life, it’s important to remember that devices are disposable, but people are not. Ensuring technology literacy and accessibility for all population segments is key to securing computer systems and networks. Many folks do not own a wide selection of devices nor have the financial means to upgrade devices frequently. There are cases where individuals do not have internet access at home.
Making users aware of how to use technology and stay protected can help them access more services online. Similarly, as more devices connect to the internet, these devices and the software in them must leverage existing security tools to avoid cybersecurity attacks on vulnerabilities.
4. What impact has remote work had on our security?
This varies by organization, but in general, those with disaster recovery plans were well equipped to deal with the pandemic’s sudden impact. Others were catapulted into the digital space, enduring a rapid transformation of their business. Now is a good time to revisit the changes your organization went through to check for weaknesses. Check out the offer by RiskRecon to receive a free security assessment.
5. What is strong cyber-hygiene and how can businesses prioritize it for their remote employees?
Any organizations with employees that are leveraging multi-factor authentication, using a password manager, and not reusing passwords among different websites and services likely have covered their basic security hygiene. Take it a step further with information campaigns among employees or gamify it with prizes for spotting and reporting phishing campaigns.
6. What steps can employees take in upgrading their password security?
Leverage multi-factor authentication, use a password manager and do not reuse passwords among different websites and services.
7. How are fraudsters able to take advantage of weak password security?
When data breaches occur, information becomes available to attackers. They then use the associated data to log into existing accounts or to create new ones based on the data that has been exposed. This allows an attacker to take the authentication data from one account opened with a service provider and leverage that information against other providers you use – e.g. your bank or email. As many online services use your email as a primary contact mechanism, if an attacker compromises your email, they can cause havoc with your life and enact real-world consequences.
8. What is the difference between active and passive biometric authentication, and what effect does it have on our security?
Active biometrics are often fingerprint readers or face scanners, although there are many options. These are active because they require the user’s active participation to place a finger on the reader or hold their phone correctly for facial recognition. By contrast, passive biometrics uses your interactions with your device to measure how much your usage deviates from your normal usage. This leverages the data available from the device, such as typing speed or mouse movements. Passive biometrics accommodates both newer device features as they become available and maintains support for older devices – so that regardless of the device you’re using, the verification is done with a high level of confidence.
Active and passive biometric authentication factors can be layered to support a myriad of different situations. Solutions like NuDetect by NuData Security are effective at providing layered tactics.
9. What are your predictions about the future of remote work and password security?
Remote work is here to stay – so it’s important to minimize the value of credentials gained through data breaches by following basic security hygiene practices like not reusing passwords. But it’s also important to have user verification tools that go beyond just credentials and can look at their inherent behavior. This way, companies can detect an anomaly based on how a user behaves before they access sensitive information – it could be an attacker with stolen credentials.
10. How do you prepare for a technology-centric world as AI and machine learning technologies become more advanced?
Partner with experts and keep an eye out for AI/ML technology that would enable your business to focus on what differentiates it. Often this can be as simple as a chatbot that is tuned for your business or more complex like a system to identify fraudulent interactions. Or, as a consumer, keep in mind that while the field of AI/ML may seem magical, it’s often just a bit of fancy math that may or may not work as intended.
11. Why is password security more important when employees are using their home wifi?
Security must be your number one priority – ensure you are leveraging multi-factor authentication, using a password manager, and not reusing passwords among different websites and services. Double-check that you are using HTTPS instead of HTTP connections. It is worth considering using VPNs to connect to the internet and protect the connection from attackers eavesdropping for remote work.
For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybsercurity, go to AI-Techpark.com.
Director of Software Engineering at NuData Security, A Mastercard Company
Justine Fox is the Director of Software Engineering at NuData Security, A Mastercard Company. Justine is also AWS Academy Accredited Instructor for part-time studies at BCIT, and UBC. Justine also aspires to be a novelist.