Rhode Island CEOs share insights on cybersecurity

PROPERTY MANAGER: Gurnet Consulting CEO Martin J. King, left, speaks with company Director of Operations Thomas Streicher. King says that he maintains the integrity of intellectual property routinely as a critical part of the business. / PBN PHOTO/TRACY JENKINS
PROPERTY MANAGER: Gurnet Consulting CEO Martin J. King, left, speaks with company Director of Operations Thomas Streicher. King says that he maintains the integrity of intellectual property routinely as a critical part of the business. / PBN PHOTO/TRACY JENKINS

For Jeffrey R. Cares, chairman and founder of Newport-based Alidade Inc., a small research and analysis firm working on the future of the military, his laptop is command central.
The device constitutes a much smaller system and network than many companies are required to protect, but that doesn’t mean it’s not vulnerable to hackers.
“All I have to protect is what’s on my laptop, that’s the brains and the business,” Cares said.
While much of the material Cares handles is already online and not classified or “super-proprietary,” a trip to Taiwan recently forced him to buy a new laptop just for that one excursion. Preventing malicious interference from Web robots, or “bots,” was part of the reason, he said.
“We knew going to Taiwan to expect that [hackers] are going to get on your system,” he said. “I didn’t want anything to ruin the laptop or [find] a bot on it.”
Securing workplace networks from cyberthreats sometimes calls for similar extreme measures, top company executives say, but more often, keen oversight by a combination of security measures and vigilant employees trained beyond a company’s Information Technology department keeps systems secure.
Four of the estimated 16 CEOs participating on behalf of 32 companies in an Oct. 9 table-top exercise as part of the new Rhode Island Corporate Cybersecurity Initiative told Providence Business News recently that solutions they’ve come up with to combat cyberthreats have proved effective.
Likewise, sharing ideas, experiences and resources at the Pell Center for International Relations and Public Policy that day led to new insights, too.
Martin J. King, founder and CEO of Gurnet Consulting, of East Providence, maintains the integrity of intellectual property routinely, as a critical part of the business. But King learned something new from fellow CEOs: Examples of malware being developed for mobile devices are rapidly increasing, and the new entry point is on employees’ handheld devices. Bringing a personal mobile device like an iPad or MP3 player into work to plug into a company laptop and upload photos or listen to music is just one more way hackers might infiltrate a network, breach a company system and do harm, his peers told him at the six-hour, mostly private, invitation-only meeting.
In the corporate world, security measures to prevent similar potential abuse with thumb drives are “pretty robust,” King said, whereas security around mobile devices is still being developed.
Using personal mobile devices at work “can pose the same risk as using a thumb drive,” he said. “That was an ‘aha’ moment for me. I even do that. It’s just another thing you’ve got to pay attention to.”
The consulting firm, which has 45 employees, has not had a security breach, King said, due, he believes, to “systems and applications in place to monitor who’s checking things in and out and when,” as well as policies and training for employees.
The firm also does a lot of work in cloud computing, but gets help protecting data managed in that space.
“We do have a partner we work with for our security posture,” King said. “We have it at multiple levels. An investment in an outsourced or managed service is a wise and prudent investment.”
One CEO did share his story of getting hacked, and what he did about it.
Jim Lavoie, CEO of Middletown-based Rite-Solutions Inc., discovered the hard way that firewalls are effective, but not insurmountable, barriers to hackers.
The government engineering and software-development contractor, whose clients include the U.S. departments of Defense and Homeland Security, was hacked one recent, ordinary day, experiencing 42,399 hits against its network firewall from 71 different countries within a 24-hour period, Lavoie said.
Besides investing in a more robust firewall and establishing “meaningful thresholds for traffic,” Lavoie contacted a Waltham, Mass., client for help. “I went to Raytheon and said, ‘You must have more security than I have, so can you come and help me?’ and they did,” he said.
Lessons learned pertain to every one of his 150 employees, not just the IT department, he said.
“My biggest recommendation is, communicate with other people that are solving this problem and you’ll know the latest tricks faster,” Lavoie told PBN. “Don’t be an island. This is a battle we’re all fighting. If I get hacked, I should tell everybody I got hacked, so they don’t get hacked the same way. The cyberthreat is not the front door, that’s where the guard is. It’s easier to get through the little guy.”
Mike Mahony, a defense-program manager based in Middletown on behalf of Strategy and Management Services, headquartered in Springfield, Va., also is an adjunct professor at Salve Regina University. He teaches master’s degree courses on international terrorism and the challenges to counter-terrorism.
Isolating best practices is a never-ending quest, he added, no matter how resilient network defenses seem to be.
“We have all different layers of defense,” Mahony said. For his company, “you have to be part of the corporate remote access to get in. It makes it difficult. It’s not the most efficient [use of] time, but if you’re thinking security is that important, you make it work.”
He has learned, he added, that defenses have to be layered, and resilience has to include multiple methods in place to handle threats that do materialize.
“[You have to have] procedures in place so you don’t have just one critical point of failure,” he said. “You need redundancy and education for everyone: employees have to have ‘buy-in’ on this education. You have to make it a personal relationship to you, and why it’s so important to the company and to you as an individual.” •

No posts to display