Following last month’s Cybersecurity Month, we wanted to highlight Paul Zikmund’s new role as Chief Resiliency Officer and emphasize the critical importance of cybersecurity in the workplace, especially at Berkadia.
What brought you to Berkadia? What is the Chief Resiliency Officer responsible for?
After managing global risk, security, and compliance teams at various Fortune 100 companies, I joined Berkadia to oversee RCC and Information Security in 2020. My new role is evidence of Berkadia’s commitment to enhancing enterprise risk management and business resiliency in response to evolving risks, cyber threats, and regulatory challenges. My expanded responsibilities now include leading Internal Audit, Enterprise Risk Management, Compliance, Data Privacy, Information Security, Physical Security, Fraud Risk Management, ESG, and Business Continuity Management. This underscores our dedication to robust risk management and business resiliency.
Why is cybersecurity so important?
Cybersecurity programs and controls are essential frameworks, designed to protect an organization’s systems, networks, and data from cyber threats. These include policies, procedures, technologies, and training to identify, prevent, detect, and respond to cyber incidents. Effective cybersecurity safeguards sensitive information, ensures business continuity, prevents financial losses, and maintains customer trust and regulatory compliance, mitigating the risk of severe legal, financial, and reputational consequences.
At Berkadia, we take pride in our cyber security practices, which include:
- Regular Security Training and Awareness: Educating employees about cybersecurity threats and safe practices.
- Multi-Factor Authentication (MFA): Adding an extra layer of security beyond just passwords.
- Regular Software Updates and Patch Management: Ensuring all systems and applications are up to date to protect against vulnerabilities.
- Data Encryption: Encrypting sensitive data both in transit and at rest.
- Network Security Measures: Implementing firewalls, intrusion detection systems, and secure network architecture.
- Incident Response Plan: Having a well-defined plan to respond to and recover from cybersecurity incidents.
- Access Controls: Limiting access to sensitive information based on the principle of least privilege.
- Regular Security Assessments: Conducting periodic reviews and assessments to identify and address potential security gaps.
What advice do you have for Berkadians?
To maintain effective practices, we continuously review and update our policies and procedures. My advice to Berkadians is to stay informed, alert, and vigilant against phishing attacks and cybersecurity threats. If something looks suspicious, it probably is—don’t hesitate to raise concerns and ask questions. Employees contribute by following security policies, participating in regular training, practicing good cyber hygiene, reporting incidents promptly, protecting sensitive information, using secure networks, and maintaining device security.
How Does Berkadia Ensure Client Data is Secure?
Not only do we keep Berkadians safe, but we administer a very comprehensive information security program to ensure the security of client data:
- Data Encryption: Encrypt sensitive client data both in transit and at rest to protect it from unauthorized access.
- Access Controls: Implement strict access controls based on the principle of least privilege, ensuring only authorized personnel can access client data.
- Regular Security Audits: Conduct regular security audits and assessments to identify and address vulnerabilities in systems and processes.
- Data Minimization: Collect and retain only the necessary client data to reduce risk exposure.
- Secure Software Development: Follow secure coding practices and conduct regular security testing during the software development lifecycle.
- Incident Response Plan: Develop and maintain a robust incident response plan to quickly address and mitigate any data breaches or security incidents.
- Compliance with Regulations: Ensure compliance with relevant data protection regulations and standards, such as GDPR, CCPA, or industry-specific requirements.
- Third-Party Risk Management: Assess and manage the security practices of third-party vendors and partners who have access to client data.
While we are confident in Berkadia’s cybersecurity practices, we recognize common challenges in the field. The evolving threat landscape makes it difficult to keep up with constantly changing cyber threats and attack techniques. Balancing limited budgets and resources while implementing comprehensive security measures is another challenge. Additionally, finding and retaining skilled cybersecurity professionals in a competitive job market has been difficult. We must also ensure regulatory compliance, which can be complex and time-consuming. Lastly, implementing robust security measures without hindering business operations and protecting sensitive data in an era of increasing data breaches and privacy concerns remains a priority.
As we look towards 2025 and beyond, our goals include maturing our existing programs, supporting Berkadia’s business strategy, upskilling our talent, providing value to the business, creating a positive experience for stakeholders, and improving our defense in depth program. Staying up to date with the latest trends and threats in cybersecurity is crucial, and we achieve this through continuous training, attending conferences, participating in focus groups, and staying informed through various news and intelligence feeds. At Berkadia, we are committed to maintaining the highest standards of cybersecurity to protect our organization and our clients, ensuring a secure and resilient future.