Leadership Spotlight: A Cybersecurity & Data Privacy Conversation with CTO Jeff Blount
Why do you think it’s essential for any company to be thinking about cybersecurity right now?
Jeff Blount: Cybersecurity is such an important charge and is always top of mind for me. For an organization to ignore something that could ultimately cripple or bankrupt the organization, that would just be foolish.
One of the more famous cases that comes to mind as an example was the Target breach, more than a decade ago now. An HVAC vendor of Target allowed that breach, and then afterward, that business was gone. They didn’t have good control with cybersecurity policy and procedures, and in addition to exposing their client’s data, which is hugely problematic in itself, it cost them everything.
Limiting the risk and repercussions from potential cyber incidents is my upmost priority. Factoring cybersecurity and data privacy into our due diligence processes is essential.
How does data privacy work into this conversation?
Jeff Blount: The private data is the value that the hackers are looking for. They want the data; they don’t necessarily want individuals’ information. They just want a large volume of data, to hold it ransom and say, “This is what I now have that’s yours. Give me what I want, and only then will I give it back to you.”
Every individual in a company is a link on the chain of security, so we need to train every single individual. A term that’s used a lot these days is the “human firewall,” the human element that stops a potential cyberattack or malicious incident. You can put security applications and devices into place. You can put antivirus programs into place. But if an employee clicks on a link and gives away their credentials, it doesn’t matter how many other firewalls or antivirus programs you have. That employee just allowed a window into your data.
So, our job is to create a human firewall, and I have to ensure 100% of our employees are trained: what to look out for and how best to create their own piece of the wall by being smart themselves.
The days of a hacker breaking through a traditional firewall are just gone because it’s too difficult. It’s much easier to send out 50,000 phishing emails and get 10 leads back. It’s so much easier for them to do that. So, the only way that I can combat that is by training people. That’s it, the only way.
When you’re thinking about Capital Square specifically, what are your cybersecurity risk mitigation strategies?
Jeff Blount: My top priorities are keeping our employees informed and strengthening that human firewall.
Specifically, we do security awareness training every quarter. These trainings are required for every single team member, and many of these are geared toward specific roles. It’s education on modern attacks we’ve seen as well as relevant, everyday security and risk mitigation topics.
On top of the security trainings, we do randomize phishing simulations, which allow our employees to experience what a phishing email may look. There’s an integration that allows team members to flag these messages as a potential phishing email, and these flagged emails not only have their role in an internal competition with a cybersecurity leaderboard, these flagged emails also are analyzed by a system that we have in place. If it’s determined to be a legitimate phishing email, our system will then go to look through every other team member’s mailbox and delete that same email if somebody else received it. On top of that, if somebody flags the email who works for another company but uses our same cybersecurity vendor, our vendor flags the confirmed phishing email and removes that email from inboxes across all companies in their network.
So, not only are our team members links in protecting our own company, our own data, including that of our investors and residents and team members; we’re also helping the wider business community with combating cyberthreats on a larger scale.
Building something bigger than ourselves with a cybersecurity twist?
Jeff Blount: Exactly.
As Capital Square’s chief technology officer, how do you as an individual stay on top of your own personal education on evolving threats?
Jeff Blount: I’m a part of a strong network of technology professionals, and we stay in touch, not only as we read articles and watch the news, and not only through webinars and conferences. Everybody has the same goal, and it’s interesting because we’re not competing with each other. We’re not trying to get our piece of a limited supply of something. We have a duty of protection, the same goal and the same desired outcomes.
When we find something that works, we want to share it with others right away. It’s a unique industry in that sense.
What fascinates you about technology and what brought you in this direction?
Jeff Blount: I have an engineering mindset. It’s just inherent. I like to know how things work and to take things apart. I always have. It’s hard to do that with modern technology to a certain extent because so much is abstract and virtual, but what fascinates me today especially is the speed that technology changes and how technology can enhance efficiencies. I love showing people the little things to make their life easier. Technology is a powerful tool.
And when we put cybersecurity and data privacy procedures into place, this is where our team of real estate investment, development and management professionals are enabled to be at their very best.
Learn more about Cybersecurity & Data Privacy at Capital Square.
