The Surprising Link Between Sustainability & Cybersecurity with Finn + Emma CEO Delia Elbaum

Roberto Popolizio
Roberto Popolizio Managing Editor
Published on: February 28, 2025
Updated 2 times since publishing
Roberto Popolizio Roberto Popolizio Managing Editor
Published on: February 28, 2025 Updated 2 times since publishing

Sustainability and cybersecurity may seem like two separate worlds—but they’re more connected than you think.

At Finn + Emma, sustainability is a core value. But after a phishing attack nearly exposed customer data, CEO Delia Elbaum realized that protecting digital assets is just as critical as protecting the planet.

In this exclusive interview with SafetyDetectives, she shares:

  • The tools they use to safeguard customer data
  • How they built a culture of security from the ground up
  • Why GDPR compliance turned out to be a competitive advantage

Tell us a bit about you and your role in your company.

I’m the CEO of Finn + Emma, where we create organic baby and toddler apparel, toys, and gear. My role spans from setting our overall vision to ensuring that every part of our business—especially how we handle data and privacy—is aligned with our values. I’m hands-on in both product development and the systems we use to keep our customer information safe.

What event(s) made you realize the real importance of online safety and privacy? What happened and what lessons did you learn?

A few years ago, we experienced a targeted phishing attempt that almost compromised our customer database. It was a wake-up call. I realized that even companies devoted to care and sustainability aren’t immune to cyber threats.

That experience taught me the importance of building a culture of vigilance—both personally and throughout our organization—and the value of continuous improvement in our security practices.

EDITOR’S NOTE

The relationship between sustainability and cybersecurity is complex and not directly correlated. However, companies that prioritize sustainability often integrate cybersecurity practices as part of their broader ESG (environmental, social, governance) strategies.

For example, frameworks like the Sustainability Accounting Standards Board (SASB) and the Global Reporting Initiative (GRI) include cybersecurity as a sustainability factor, that impacts both financial performance and reputation.

How do you handle sensitive information online—whether personal or work-related?

I believe in a layered approach. Personally, I use a trusted password manager, enable multi-factor authentication, and regularly review my security settings.

For work, we’ve adopted secure cloud-based platforms with strong encryption and access controls. These measures help protect sensitive customer and business data while keeping our operations running smoothly.

What measures, tools, and services are you using to protect your company and customers’ data, and how did you decide where to allocate your budget?

We’ve invested in both state-of-the-art security software and comprehensive employee training. For instance, we use intrusion detection systems and secure data storage solutions, alongside regular cybersecurity workshops for our team.

Allocating our budget wasn’t just about finding the cheapest option—it was about finding tools and services that offer proven results, backed by case studies and customer testimonials, which ultimately strengthen our trust with the families we serve.

What’s your experience with outsourcing cybersecurity to a Managed Service Provider (MSP) versus handling things in-house?

Being a small company means we handle our cybersecurity in-house. We simply don’t have the scale or budget to outsource everything to an MSP.

Managing it internally also allows us to be very hands-on with our security measures, giving us the agility to respond immediately to any issues. Although this approach comes with its challenges—there have been times when our limited resources forced us to learn quickly—it also means we deeply understand our unique risks and can tailor our defenses accordingly.

In our experience, a lean, committed team coupled with continuous training and the right tools has been the most effective way to protect our company and our customers’ data.

What regulatory requirements around data protection and privacy have impacted your business the most, and how?

The GDPR, in particular, compelled us to reassess how we collect and store data, leading to more transparent consent processes and improved data governance. This shift not only helped us stay compliant but also deepened our customers’ trust in our brand.

Looking ahead, I’d love to see clearer global standards that make compliance more straightforward for businesses of all sizes.

Are there any emerging technologies or trends you find either exciting or concerning in online privacy and security?

I’m excited about the potential of AI-driven threat detection systems. These tools can analyze patterns and flag anomalies in real-time, which is invaluable for a proactive security stance.

On the other hand, I’m cautious about the misuse of emerging technologies like deepfake and advanced social engineering techniques. They underscore the need for continuous education and adaptation to stay ahead of cyber threats.

How can people connect with you?

LinkedIn: https://www.linkedin.com/in/delia-elbaum-575410285/

About the Author
Roberto Popolizio
Roberto Popolizio
Managing Editor
Published on: February 28, 2025

About the Author

Roberto has hosted over 5000 interviews with the biggest names in cybersecurity, AI, and tech. Leveraging this always-growing network of tech leaders, he provides beyond-the-fluff insights on the current state of online security, privacy, misinformation, and ethics in the digital world.