For your eyes only: educating employees and classifying data help businesses thwart cyberthreats and keep important information private.

• Position: INTERNET PRIVACY AND CYBERSECURITY ROUND TABLE

IT WASN'T THAT LONG ago that company security meant locking the door at the end of the day. But like nearly every other facet of business, the internet has changed that. Today, threats can come from next door or the other side of the world at any time. Business North Carolina recently assembled a panel of cybersecurity and internet privacy experts to discuss tactics that businesses can use to keep their data private and customers safe.

The discussion was moderated by Brooks Raiford, president and CEO of Raleigh-based North Carolina Technology Association. It was sponsored by EY, which has three North Carolina offices, and Brooks Pierce, whose Raleigh office hosted the meeting. The transcript was edited for brevity and clarity.

MEETHUNE BHOWMICK senior information security analyst, Raleigh-based Red Hat Inc.

GIOVANNI MASUCCI president and senior digital forensic examiner, Raleigh-based National Digital Forensics Inc.

JAVIER GOMEZ president and CEO, Greensboro-based Dynamic Quest Inc.

BROOKS RAIFORD president and CEO, Raleigh-based North Carolina Technology Association

STEPHEN HARTZELL attorney, Greensboro-based Brooks, Pierce, McLendon, Humphrey & Leonard LLP

JON STERNSTEIN founder and principal consultant, Raleigh-based Stern Security LLC

CHRIS KIPPHUT principal, London-based EY

MARIA THOMPSON chief information risk, officer, State of North Carolina

WHAT SHOULD YOU KNOW ABOUT YOUR DATA?

BHOWMICK You need to know the sensitivity of your data. There's information that won't hurt you when made public. Then there's data, such as company secrets, that must stay private. Make those determinations ahead of time so you spend your resources on protecting the most sensitive data. Data security is a daunting task because there is so much to do. It's more manageable when you focus on what needs the most protection.

GOMEZ Security is a real issue. Many small businesses don't recognize that until it's too late. They may never realize a data breach happened to them. It's an awareness issue.

THOMPSON You need a data classification guideline that educates your workers on how to handle each data type. We're implementing a privacy threshold analysis. When you're deploying or creating a system, identify what data types are within that system and the requirement for needing it.

KIPPHUT Most customers and end users are more aware of security and privacy concerns than ever before. They are more comfortable challenging information requests and asking how information is stored and protected. Organizations need to be proactive, ensuring they're doing the right thing and can respond to customers.

HARTZELL We've had a couple of clients who have had a data breach. It was only afterwards that they inventoried the data that they collect. They realized that they didn't need some of it, such as phone numbers. Deciding what data is needed on the front end can minimize how much you need to protect.

MASUCCI If there is a breach and a third-party company is coming in to help, it needs to know where you keep data. We ask for a network map. More than half the time, there is no network map. We've become experts at making them.

HOW DO YOU TRAIN EMPLOYEES TO SAFELY HANDLE DATA?

THOMPSON Some organizations are well versed on cybersecurity, and others are not. You have to be extremely cautious. We made cyberawareness training mandatory this year. We've contracted with a vendor that holds training sessions every other month. They're 10-minute bites on different aspects such as protecting data and password...