As the global mobility industry continues to manage high volumes of sensitive data—ranging from transferee financials to proprietary corporate information—it also becomes an increasingly attractive target for cybercriminals. The stakes are rising fast: Artificial intelligence is supercharging phishing attempts, endpoint vulnerabilities are growing with a dispersed workforce, and supply chain breaches are more frequent than ever.
For Mitch Christian, information security and infrastructure officer at Synergy Global Housing, the key to staying ahead lies in embracing a zero-trust architecture, prioritizing employee training, and ensuring vendor compliance. In this Q&A, Christian shares actionable insights into how Synergy is tackling today’s most pressing data threats and what other mobility professionals can do to protect their organizations.
What are some of the most pressing data security challenges currently facing the global mobility industry, and how are they evolving?
Given that the mobility industry deals with a substantial amount of sensitive data, from private company data to personal information, much of this information is a prime target for cyber criminals. This is something the mobility industry needs to wrap its arms around fast, as new threats are constantly emerging, and the pace at which they are emerging is accelerating.
Artificial intelligence is a great example of an emerging threat that is transforming the sophistication of how attacks are executed. An example of this might include AI’s ability to imitate voices and launch attacks through various vectors such as Teams and Zoom. Text messaging is also increasingly being used to lure individuals, as is the use of malicious QR codes and links.
Another pressing threat includes misconfigurations, such as an error in the setup of hardware, software, networks, or systems. Such errors can also lead to vulnerabilities, which can increase the risk of breaches. This is particularly important with today’s workforce being more dispersed, and endpoint protection has become a critical component in supporting this due to its ability to protect devices such as laptops, desktops, and mobile devices.
What are some key best practices you recommend for securing sensitive transferee data across global operations?
Encryption, which is a process that transforms data into an unreadable format to those without access, remains a valuable tool for data protection. The first rule is to ensure all data is encrypted both at rest and in transit. Using a VPN while traveling is crucial.
Further, adhering to a formal Information Security Management System (ISMS) will help an organization guarantee that robust security procedures are followed throughout the organization. This will include a range of policies and controls that help identify, assess, and mitigate security risks across the board.
Finally, we know that protecting assets with antivirus software and safeguarding identities is more important than ever. At Synergy, for example, we employ a zero-trust design, which doesn’t blindly trust a password but verifies the legitimacy of both the asset and the person using it.
How do you balance the need for data accessibility (for global teams and partners) with the need for tight security?
Balancing data security with user-friendly access has always been a challenge. By implementing new login methods such as PINs, biometrics, and facial recognition instead of traditional passwords, Synergy has been working to enhance security across our systems while providing a more seamless user experience.
For security purposes, we tightly control access through user groups, ensuring that users can easily get what they need while at the same time allowing us to efficiently manage and revoke access as necessary. The user experience can be optimized with features like single sign-on (SSO), easing their ability to use other applications.
What role do employee training and awareness play in Synergy’s overall information security strategy?
The role associates play in any data security strategy is absolutely fundamental to any successful program because human error remains the leading cause of data breaches.
By increasing awareness of attack methods, through ongoing training and testing, we can hugely mitigate the risk of human error, which might include clicking on a malicious link or sharing sensitive data.
Synergy uses ongoing training courses, which are compulsory for each of our associates to educate and ensure compliance with regulatory requirements. All these efforts have contributed to creating a resilient security posture, and we are very proud to say that, in 2024, Synergy prevented 2.8M data breach attempts.
What technologies or tools does Synergy leverage to protect client and transferee data?
Synergy employs a defense-in-depth philosophy, which means layering tools and controls to prevent unauthorized access. We also use encryption for data, both at rest and in transit, to ensure access to data is entirely unreadable to those without approved access.
Our 24/7 security operations center has been put in place to ensure that response times to any incident are under 15 minutes, which not only helps prevent breaches but ensures speedy resolutions. Protection extends not only throughout our infrastructure but also to every endpoint. As mentioned, we have adopted a zero-trust philosophy that defines our approach to verifying identities, devices, applications, and access to data.
Some examples of additional tools we use include:
- Leveraging AI to mitigate threats 24/7
- Executing data security training sessions to ensure associates remain vigilant
- Achieving SOC2 and ISO 27001:2022 compliance
- Replacing passwords with biometric authentication
- Implementing Okta tool for robust authentication
How do you ensure Synergy remains compliant with various international data protection regulations, such as GDPR or others in APAC and the Americas?
Synergy holds two key certifications: ISO 27001:2022 and SOC2 Type II, which means we adhere to the latest and greatest information security practices globally.
Compliance to these certifications largely means Synergy has established and is maintaining a comprehensive information security management system, as well as implementing effective controls related to the security of data. In achieving this, Synergy is able to track risk, ensure compliance, and govern our processes to maintain regulatory adherence.
Training, as mentioned, is a crucial component of our compliance strategy, ensuring proper data handling practices from every angle. Synergy also conducts regular audits and has a dedicated data protection officer (DPO) to oversee data protection efforts.
What should companies look for when evaluating vendors or partners in terms of their data protection policies and practices?
Companies must ensure they vet their suppliers and partners to confirm they are adhering to the same security protocols. At Synergy, we typically conduct security assessments and request items such as vulnerability scan results or certifications. Given that many attacks today originate from the supply chain, it is crucial to ensure partners are exercising the same due diligence regarding security.
If you could give one piece of advice to corporate mobility teams trying to strengthen their data security posture, what would it be?
Adopt a zero-trust platform. One of the first steps to enhance your security posture should be eliminating passwords and implementing multifactor authentication (MFA) or passwordless authentication methods.