NYC Digital Safety

Ransomeware is a growing problem for organizations and municipalities everywhere. In this series, we'll talk about how to stay safe

 

Transcript

Davis: Hello and welcome to the fourth series of training videos from NYC Digital Safety. I’m Davis Erin Anderson from METRO Library Council and I’ve been having a great time talking to friends and colleagues about the thornier issues around data privacy and information security. This time is no different. I’m pleased to welcome back one of my favorite colleagues and friends, Daniel Ayala. Dan, as you know, I usually open these videos with a spooky scary story about data privacy, but I’m more than happy to give you the honor. So if you could please share a bit about yourself and then you can borrow my flashlight for your own data privacy scary story.

Dan: Hey Davis. It’s great to be back for another series of NYC Digital Safety. I’m a career information security and privacy practitioner. I started out protecting networks and workstations and servers and I’ve spent the last 27 years on things like fixing system vulnerabilities, incident response, identity and access, and security strategy. About 10 years ago, I picked up privacy into my roles, too, and I love having these two things together because good security is required to enact good data protection, which is sometimes what we call privacy here in the U.S., but also that security and privacy sometimes tug at each other, so having to find the balance between them means having to really understand both sides to make the best decision for any particular situation.

Imagine coming into your work one day, and the system you’ve used every day and has all your work on it is found with a screen that says “this system has been encrypted and you must pay x dollars to get it back.”  What do you do?

So I mentioned incident response was one of my roles in my past, and that means detecting what happened when there’s some kind of an attack, and then figuring out why and how it happened. While I can’t go into a lot of detail, I can tell you that this means that I’ve seen some events that have reminded me why it’s so important to educate and constantly be aware of what’s going on around you. Imagine coming into your work one day, and the system you’ve used every day and has all your work on it is found with a screen that says :this system has been encrypted and you must pay x dollars to get it back,” where x is a number that’s way larger than you can or want to afford, and your life’s work is on that machine, and you haven’t been backing up your data to a place where it couldn’t be touched by such a thing, and you have a deadline coming up soon. What do you do?

Unfortunately, this is a common refrain from people in that experience ransomware firsthand and have to find their way back from it, either individually or across a whole organization. And I’m sure we’ll talk lots about this throughout the next episodes in this series.

Davis: Dan, that sounds super scary and stressful, so thanks for sharing that with us. You’re totally right: in this series of videos, we’re going to get into it. What’s malware? What makes our devices and us as human people vulnerable to it? And how this is a social problem as well as a technical one. So stay tuned for our next episode where we’ll cover how and why malware happens.