Meet the expert: Tina Forrester to speak at #RISK London

Taking place on October 18 and 19 at EcXel London, #RISK London addresses the issues impacting organisational risk today, from Governance, Risk and Compliance (GRC), to Environmental, Social and Governance (ESG), organisational culture, and much more.

The event builds on the success of #RISK 2022, allowing organisations to examine the cumulative nature of risk, unite GRC specialities and share views with subject-matter experts.

Tina Forrester is Data Protection Officer at Liverpool John Moores University. Leveraging over 15 years’ experience in Information Governance, Tina is responsible for designing, leading and driving forward the university’s Data Protection and Privacy strategy.

Tina appears at #RISK London on a panel debate to discuss phishing attacks, their rapid evolution, and what organisations can do to mitigate risk.

We caught up with Tina to hear more about her professional journey to date and for insight into the issues on the table at #RISK London.

Could you briefly outline your career so far?

I am currently the Data Protection Officer for Liverpool John Moore University. I work across the university to raise privacy awareness and to advise and support colleagues on all things data protection.  

I work very closely with our Chief Information Officer and the Information Security Manager to embed a culture where people think about Privacy and Security together.

I am a solicitor with +20 years PQE in Higher Education, Local Government and Private Practice. Previously, I worked for a local authority for over 13 years. I was a Principle Solicitor at West Lancashire Borough Council.  Prior to that I was in private practice.

Could you describe the current phishing attack landscape – what are the latest methods being employed by threat actors to disrupt organisational security?

Cybercrime is increasingly prevalent and threat actors are relentless in targeting business and their employees.  

Phishing emails and social engineering are increasingly sophisticated which makes them difficult for people to easily spot. Threat actors rely on the vulnerability of human error. At Universities, they are not only targeting staff but also thousands of students. 

It is easy to assume that because young people are tech savvy, that they also know about the dangers and consequences of cybercrime but that isn’t necessarily the case. Awareness raising is vital! 

If people know about the issues, they can take steps to protect themselves and the business, but to do that they need to be aware of the issues in the first place.

What are key strategies businesses should be employing in order to mitigate risk?

Businesses need to consider both the technical and human elements. While technical security controls are essential for businesses, a key risk mitigating strategy is awareness raising and training for everyone with access to the business systems.

Many people do not realise the extent of cybercrime or realise that the risk is as big as it actually is.  We have to make it real for people – they don’t want to know about data protection legislation –  that’s my job – or what technical controls IT Services have in place to protect the organisation; they just want to know how it impacts on them and their role and what they can do to protect themselves.