The nature of Kinatico’s solutions and services in compliance and verification means that we gather sensitive information from your company and the candidates you entrust to us. You may be wondering how we manage this data? What measures or practices does we have in place to protect this information and, by extension, your company and its hiring brand?
Earlier this year, Tom Bryan joined Kinatico as the Information Security Officer – a crucial role driving change both internally and externally at Kinatico. As we kick-start Cyber Security Awareness Month 2023, we took some time to understand the role and just how, we maintain the privacy of data across organisation wide operations.
Q: Share a bit about your background and how that had led to your role at Kinatico
A: I went to university and got a degree in Counterterrorism Security and Intelligence (sounds way sexier than it actually was, trust me) and got a job as a graduate Security Consultant for Jacobs, a global engineering firm, doing physical security.
After 18 riveting months of spending my days arguing with architects about fence placements in client designs, an opportunity to move into information security appeared with WA Police, which I jumped on. After spending a wild 11 months with them, I realised that information security is something I can really anchor my career to and not spend my days arguing about ‘design integrity’, and then I ended up here!
Q: As information security officer, what are the top 3 initiatives we embed as an organisation to maintain the privacy of data and security of our infrastructure
A: Continuing awareness through the phishing campaigns – phishing is becoming more nuanced as time goes by, so it’s imperative that everyone stays aware and simulated phishing is the best way to keep everyone aware and build that zero-trust mindset.
Not so much an initiative, but the focus and re-enforcement on visitor management is a great thing to see. Social engineering relies especially on manipulating kindness and manners (such as holding doors open to allow tailgating, etc.) which we’ve all been trained to do, and it takes a lot to get out of that mindset. Kinatico does it well with the visitor procedures and the remainders and the notifications to staff when we have visitors, and really does help to reduce the likelihood of social engineering occurring.
Finally, I’d say how we manage software deployment. Every time a new piece of software is deployed, that is another risk vector and another possibility for something to be compromised, so it is important to control this effectively and only utilise software that is needed and is adequately protected, which Kinatico does well through Jira tickets.
Q: What is your advice to organisations when mitigating cyber risk and safeguard their workforce data been?
A: My take on it has been that understanding your assets – as in, what they are, where they are, how critical or non-critical they are to continued business operations, are they patched up-to-date, etc. – is key to understanding your threat and security posture, and once you understand something, you can make informed decisions about it.
If you don’t understand your assets, you don’t understand your posture and how exposed you may or may not be, you can’t make informed decisions and it’s all unknown. You don’t know what you don’t know!
Q: How does Kinatico’s information security structure ensure compliance and privacy is at the top of the company’s agenda/priority on a daily basis?
A: Kinatico is different in that the values (particularly privacy of data being the highest priority) actually do inform the day-to-day and are not just generic statements that we have because all organisations have to have values. From the monthly phishing campaigns to the strong culture around laptop management and clean desks/clear screens, it is clear that Kinatico has a strong inherent security culture embedded within, which is great to witness. How we operate and the technology we utilise in the day-to-day, which has become a second thought for us at this point, is how we ensure that we adhere to that value of data privacy, and we can keep on doing so as long as we adhere to best practice in everything we do, no matter what role we have within Kinatico. Everyone is responsible for security in one way or another.
Q: Privacy and security aren’t just a tick box – how does the Kinatico company “privacy of data is our highest priority” resonate with you personally/day to day role, life which adds purpose to your role here at Kinatico? (Purpose: Powering insights for better, safer workplace)
A: Privacy resonates with me in particular because it seems to be becoming more of a rarer thing as time goes by. Everyday there is some form of breach reported, and these breaches can lead to real consequences for people. Privacy is something that should be safeguarded and protected – who you are, what you do, etc. – should be your business and your business alone should you want to keep it quiet, and data breaches fly contrary to this and expose it to the world. Plus, there is the possibility of identity fraud, etc.
More than anything, privacy and data breaches at Kinatico would be a priority 1 issue for our organisation. Given the nature of our services and the data we verify on our customers behalf, mitigating these risks adds the extra layer of purpose to my role; any data breach we experience could potentially be enough to shutter our doors, and that is something that cannot happen.