Channel Women In Security: Practical Insights For Internal Cybersecurity Protections
In this installment of Channel Women in Security, Cass Cooper sits down with Sheila Volante, Fractional CIO of Volante Solo, formerly Seer Strategic Solutions.
With over two decades of experience spanning 12 industries, Sheila Volante brings a wealth of expertise in adoption, change management, and digital transformation.
As a leader in integrating Microsoft solutions for MSPs and clients, Sheila is passionate about enhancing business health and guiding C-suite leaders through the complexities of today’s digital landscape.
Dive into this insightful Q&A as Sheila shares her practical strategies for addressing internal and external cybersecurity challenges.
[Previous CwIS Episode: Cyber GTM Strategy Evolution]
Listen to the full interview on YouTube (above), Spotify, and Apple Podcasts.
For the average user, cybersecurity can feel like a distant concept. What’s something tangible they need to understand about these threats?
Many end users don’t realize how sophisticated threat actors have become. For instance, phishing emails are now more convincing than ever, and people often unknowingly engage with them. Companies need to go beyond just traditional cybersecurity training and incorporate real-life simulations to test and educate their employees. Awareness, combined with practical knowledge, is key to empowering users to identify risks and act appropriately.
Should everyday users take a deeper dive into cybersecurity, or is a general awareness enough?
Users need to go beyond basic awareness. With modern technology advancing rapidly, it’s critical to understand how to protect your data—whether at work or in your personal life. Tools like biometric authentication and multi-factor authentication are non-negotiables now. Think of it like setting an alarm before bed; it’s about securing your digital house and being proactive rather than reactive.
External threats are often highlighted, but you mentioned the significance of internal threats. Can you expand on that?
Internal threats often stem from data access. For example, if a finance employee has excessive access to sensitive data, there’s a risk—whether intentional or accidental—of misuse. Companies need robust data governance policies to safeguard internal processes without hindering operations. Assigning employees to specific security groups and limiting data access is critical. Internal governance is often overlooked but is just as important as external defenses.
Do you see internal security as something that should involve HR, or is that a stretch?
Not a stretch at all. HR plays a vital role in classifying personas and determining access levels. While CISOs focus on infrastructure, HR can help ensure policies are people centered. Think of it like government protocols for high-level clearance—it’s about ensuring internal safeguards without vilifying employees. Properly written and enforced policies can strike the right balance between security and trust.
Beyond audits, what other steps should companies take to secure their internal frameworks?
It’s about a holistic 360-degree evaluation—people, processes, and technology. Audits are essential, but they must be coupled with governance frameworks and optimized processes that don’t feel restrictive to users. Collaboration between IT and business units ensures that new policies and technologies integrate smoothly. This alignment reduces resistance and fosters a more secure, efficient environment.
Cyber insurance is another hot topic. Why is it so important, especially for small businesses?
Cyber insurance is vital, but only if your policy aligns with your security framework. For example, if you claim certain safeguards are in place but fail to implement them, the insurance company may deny coverage during a breach. Small businesses often overlook these details, but ensuring your policy matches your operations can save you significant costs and headaches in the long run.
If you could leave our audience with one key takeaway about integrating internal protections, what would it be?
Start with an audit of your business operations—people, processes, and technology—before choosing security solutions. Evaluating your unique needs will help you select the best tools and frameworks, ensuring your safeguards are both effective and practical.