Security is something we take extremely serious at Employee Navigator. We work hard to follow extensive practices to protect your information and your data. As the VP of Security, Audrey Dawson understands the importance of being secure. In this short chat we explore Audrey’s journey to Employee Navigator, as well as what her responsibilities are, and how she unwinds when she’s not busy building Employee Navigator’s security apparatus.
Tell us a little about your background and how you got to where you are today.
I graduated with a degree in Psychology; however, my first position was with a DoD (Department of Defense) contractor assisting in building their security program after a major breach. After the program was formed, I spent a few years with the DHS (Department of Homeland Security) to assist in migrating the old INS systems and data centers to new DHS data centers. From there, I moved to the software world. I spent several years with a major business intelligence software company building their compliance program for SOC2, HIPAA, PCI, and Safe Harbor. In 2016, I moved to Employee Navigator.
How long have you been with Employee Navigator?
Almost 2 years
What are you responsible for as the VP of Security?
This is a loaded question! The simplest way to answer is as the VP Security, my time is dedicated to protecting and monitoring the security posture of Employee Navigator. I work in concert with the CEO and CTO to ensure our compliance and security controls are in place and operating effectively.
What are some security measures that Employee Navigator takes to ensure the protection of customer data & Information?
First and foremost, train staff on security awareness and not to access or transmit confidential data unless absolutely necessary. Secondly, encrypt laptops (regardless of whether you allow storage of data on them or not). Access control is also very important. Do not give access out of convenience, because everyone else has it (Access Control), or because they may need it one day. Keep access to the absolute minimum necessary personnel to perform job duties.
Can you explain what risk, vulnerability and threat mean to you & Employee Navigator?
A vulnerability is a weakness in your compliance and security controls or program. This vulnerability can be exploited by a threat. Risk is the potential loss from that vulnerability being exploited by the threat. It is crucial for Employee Navigator to maintain a continual diligent understanding of what our risks are as they are identified and to make sure our clients know that their information is safe with us.
Why is encryption important?
Technology makes our lives easier and more efficient for the most part; however, it also leaves a lot of information vulnerable if not protected correctly. With the advancements of smartphones, tables, and laptops, no information or organization is immune to the threat of security breaches. Implementing data encryption is a major safeguard that will assist in protecting confidential information.
What are the most challenging aspects of software security impacting businesses today?
The most challenging aspect is the versatility that we now have in the ways data can be accessed. Information is at the tips of our fingers every second of the day. Security awareness needs to be increased on all organizational levels. Managers, product owners, and software developers need to be aware of the safety, legal, and financial implications of security design from the start. Security is no longer optional, but key.
How do you recharge or take a break from work?
My family and animals. I have 3 teenagers who keep us incredibly busy as well as a blue heeler puppy, 3 cats, a herd of 7 cattle, 9 ducks, and over 100 chickens.