Meredith Carroll is a senior consultant and virtual chief information officer at Vertikal6, an information technology company in Warwick. She talks with Providence Business News about her position and how companies need to protect themselves from cyber threats.
PBN: Tell me about your position at Vertikal6, and how you help businesses with cybersecurity issues.
CARROLL: As senior consultant and CIO, my highest priority is to ignite growth for our clients by strategically focusing on their technology. The first step is to ensure that our clients’ business strategy is supported by and aligned with their technology strategy. As a managed IT services provider, we help our clients determine the most appropriate solutions to achieve a balance between security and usability, including proactive security technology solutions, disaster recovery and user training.
PBN: What interests you in this particular topic?
CARROLL: I am passionate about positioning our clients to avoid cyber threats from entering their business environments and ensuring that we are prepared to help them recover from any issue. We have the tools and processes in place to protect our clients from data loss, but there is still an impact on business productivity while recovering from a malware attack. That’s why we spend time proactively educating our clients and their employees. My number one priority is making sure that our clients’ investment in technology serves as an accelerator for their business.
PBN: What can companies do to protect themselves against cyber threats?
CARROLL: Protection from cyber threats requires a multilayer approach. The vast majority of security breaches are introduced to the network by human action. This includes inadvertently disclosing information (social engineering), clicking on links, or installing applications that introduce malicious software that steals information or renders data unusable. Best practices for protecting against these risks include:
Proactive solutions: These are the technology tools that prevent malware and other attacks from entering the network. Such tools include firewalls with intrusion detection and web filtering, antivirus/antimalware software and advanced threat detection for email.
Response readiness: In the event of a breach, it is critical to have a disaster recovery plan in place that outlines the process for bringing data and systems back online. As part of the disaster recovery plan, a comprehensive backup strategy must be operating, with regular testing and notification of successful completion.
Employee education: Employees need the knowledge and tools to identify potential malware online and to be aware of fake emails posing to come from a legitimate company or business leader.
In addition, we encourage companies to conduct a security assessment to identify any areas of concern and a social engineering assessment to provide a basis for creating a culture of security awareness.
PBN: It seems that hacks are becoming all too common (publicity about hacks at Sony and Target come to mind). Do some companies not take the threat seriously because they think they are not large enough to be targeted?
CARROLL: Given the recent media coverage of ransomware attacks, companies have become more in tune with the reality of these types of issues. We have clearly seen an increase in threats – and breaches – in companies of all sizes. Vertikal6 has worked very closely with our client base to provide education and awareness, and I have been encouraged by the recognition of the reality of these risks and the response to implementing the necessary tools and education in their businesses.
PBN: I see that a seminar is being held on May 18 at the Crowne Plaza Providence-Warwick from 3 to 4:30 p.m. What will companies learn from attending the May 18 event?
CARROLL: Vertikal6 has offered training on safe computing to our clients on an ongoing basis, but given our recognition of the widespread issues that are occurring, we want to make this information available to the wider business community. We will be offering several seminars over the next few months, including topics such as IT Compliance and Security Assessments as a Competitive Edge and the Value of a vCIO. Visit our website , vertikal6.com, for information.
The seminar on May 18 will focus on the three-pronged approach of cybersecurity, with a focus on how to educate employees on safe computing practices. We will provide attendees with materials that can be distributed to employees and strategies on how to effectively communicate with them.