This week, we decided to sit down and discuss cyber-security with Selerix A.V.P. of Infrastructure Services, Dwayne Masters. In the interview, Dwayne shares his insights on data security and how Selerix continues to evolve to keep our clients' data safe during these uncertain times.
Q: First and foremost, give me an overview of your background at Selerix. What do you do at Selerix, and what are you focusing on right now?
A: Hello. My name is Dwayne Masters and I’m the Assistant Vice President of Infrastructure Services. I originally got my start in Information Technology and Cybersecurity in the Air Force and later completed my BS in Computer Science. I also have several industry certifications, including the Certified Information Security Manager (CISM) and the Certified Information Systems Security Professional (CISSP). I have worked in the field for over 20 years, across many fortune 500 companies as a cybersecurity consultant. 11 of those years have been at Selerix in this role.
I am responsible for the day-to-day operations of our two data center locations, as well as the company security officer. The security team maintains the systems that run our application. They need to ensure that 1) they’re available 2) they’re working as designed, and 3) they’re secure. They’re responsible for computer updates, responsible for all the systems and data that’s managed by Selerix.
Right now, we just finished up our annual SOC 2 Type II controls audit and we’re also working on several projects to increase endpoint security, as well as streamline our system and security monitoring. A SOC-certified organization has been audited by an independent certified public accountant who determined the firm has the appropriate SOC safeguards and procedures in place. More specifically, SOC 2 is designed for service providers storing customer data either on the premises or in the cloud.
Q: How is Selerix protecting data internally? If a breach were to occur, what processes are in place to keep data secure?
A: All sensitive data is encrypted while in motion, or at rest, with industry standard encryption methods. In addition to data encryption, we take a two-fold approach for data security. First, we have enterprise class network security devices and firewall/intrusion detection systems that assist in preventing attacks and unauthorized access. Second, we have real time network and system monitoring to notify us in the event of a breach. We also utilize third-party software that uses Artificial Intelligence (AI) to assist with data correlation and “odd” network or authentication behavior. In the event a breach would occur, we’d activate our Incident Response Team to work with local, state, and federal officials as well as any affected clients to isolate the malicious actor, gather forensics and prevent any further intrusion into our network. To date, Selerix has never suffered any data breach or loss.
We’re responsible for our client data – which lives on Selerix-owned and managed equipment. Our equipment is housed in two Texas locations: Austin and Plano - which amounts to about 60 million lives on our database. We’re responsible for protecting that data and following any regulations in place like HIPPA and GDPR.
Q: Is the Selerix team doing anything different since COVID? How has COVID Impacted the Selerix team?
A: We’ve always preferred to provide our employees a collaborative team environment; all employees are already set up with the capacity work from home. Other than implementing social distancing guidelines and not requiring employees to come to the office, not a lot has changed for us. From a security standpoint, we implemented additional security awareness training and endpoint security measures to monitor, prevent and report on any activity from a malicious actor attempting to steal data. We’ve also increased our use of group chat and video conferencing software and services. This shift has allowed teams to communicate better with both fellow employees and clients since our workforce is not primarily mobile.
Q: What security risks should clients look out for year-round?
A: In addition to the risks associated with email phishing, malware, and viruses (which most are aware of; are well publicized and are used for credential harvesting), all individuals should be versed in “social engineering” and how to recognize and prevent it. This may be through email, telephone, voicemail or in person. One recent study recently published showed that upwards of “90% of malicious breaches are due to social engineering and phishing attacks.” Advice for the end user? Never give out your credentials to ANYONE, and when in doubt about an unusual request received, pick up the phone and verify the source.
Q: What advice do you have for clients/readers to help keep their own data safe?
A: Keep your work data and personal data SEPARATE. This includes passwords and email addresses when registering on third-party sites. Ensure that your personal devices have the latest in malware and phishing detection and blocking. Also utilize third-party VPN services when connecting your personal devices to insecure networks, such as coffee shops, airlines, etc. When in doubt, don’t click.
If you’d like to learn more about Selerix and our suite of industry-leading products, visit www.selerix.com or reach out to us at firstname.lastname@example.org.