Alumni, Industry, Information Systems Management
The Harbert College is dedicated to partnering with companies and alumni to engage industry and improve business practice.
Millions have worked remotely for months – protecting themselves from a deadly virus. At the same time, how can they and the firms they represent be sure the devices connected remotely, and confidential information saved on those devices, are also protected?
Dr. Casey Cegielski |
Casey Cegielski, Woodruff Professor of Information Systems and KPMG Faculty Fellow at the Harbert College of Business, was joined by four Harbert College Information Systems Management alums and information systems professionals to discuss this issue, and more, during a special webinar, “Cybersecurity Now & Later,” on Wednesday, November 4. The webinar was the fifth and final in the college’s “Reshaping Business in 2020” series, which featured thought leaders and alumni sharing business perspectives from a variety of disciplines.
Wednesday’s webinar can be viewed here.
Panelists offered a variety of procedures that can protect company information – some of which should begin within corporate guidelines.
“Make sure you have a rigorous policy in place that defines business case use for remote connectivity,” said Cegielski, whose recent research has focused on the cybersecurity and organizational use of cloud-based information technologies. “If you don’t have that, you can’t have the technical implementations appropriate in line. Appropriate remote connectivity and remote access policy has to be vetted through the organization. Make sure your people are aware and follow it.”
Jay James |
Jay James, who served as project lead to develop and implement Auburn University’s first Security Operations Center, added that policies should have a depth of standards to follow. “Standards are important because you need more specifics,” said the 2015 graduate. “The technical people – the people a few layers down – need to understand the exact things you need to do. ‘Are you doing this, this, and this?’ ‘Are you doing this for your servers, this for your end points, and this for your end users?’ You have to be very black and white with a lot of this because a lot of people try to override controls.
“From the end user perspective … update your devices. From the organizational side, you’ll hear about patching, so patch. Updates and patches are there for a reason. That’ll be the quickest win for a lot of vulnerabilities that are out there.”
Woody Parramore |
For Woody Parramore, an Advisory Senior Consultant at Deloitte in Atlanta who earned a master’s in Management Information Systems in 2016, protecting information on classified financial statements is a must. Remote operations increase risk – and potential for audits. “One of the things we’re looking into is multi-factor authentication,” he said, referring to an electronic method where the user is granted access only after successfully presenting multiple pieces of evidence to authenticate identification. “It is important to have in place.”
Quinn Tucci |
Quinn Tucci, Risk and Financial Advisory Consultant at Deloitte in Atlanta, agreed, and noted the importance of password policies as an authentication tool. “Make sure that they (passwords) are rotating in a defined frequency,” said Tucci, who earned Management Information Systems and Supply Chain Management degrees from Harbert College in 2019. “Make sure it’s where the user is locked out after several failed attempts – things like that to bolster access. I know that passwords seem like an afterthought in some cases, but they are actually very important in this context.”
Jason McKinley |
Jason McKinley, who founded Arc Technologies while he was in college and graduated from the Harbert College in 2017, believes “zero trust” is the bottom line.
“You have zero trust for whatever that thing, user, network packet is until you know exactly who it is, where it came from, and what it’s going to do,” he said. “You can’t rely on the software vendor, or whatever device you’re using, to be secure – and they’re always going to be attacked. Keep trusting as little as you can while not impacting your operations.”