How the Information Security team makes safety a company-wide priority
ArcBest is known for delivering innovative technology. But with every cutting-edge innovation comes the potential for new cyber threats — a fact the ArcBest Technologies Information Security team takes seriously. This group of experts protects our company's and customers’ sensitive information by assessing, reviewing and implementing critical internal security practices.
“Security is an integral part of the work we do at ArcBest,” explained Byron Paschal, Director of Information Security, “We take security seriously because it’s important — especially as people and businesses become more reliant on technology.”
What the team does
Under the leadership of Kevin Taylor, Vice President and Chief Technology Officer for ArcBest Technologies, in collaboration with an executive leadership team, this group oversees the company’s Information Security Program. They utilize a multi-pronged, proactive approach to protect information from unauthorized viewing, alteration or destruction.
Our people are dedicated to growing their knowledge and expertise through continued education. As part of the Information Security team, employees stay updated on the latest security threats and issues. Team members also regularly participate in conferences, training programs and certifications, including:
ISC2 Certified Information Systems Security Professional (CISSP)
ISC2 Certified Cloud Security Professional (CSSP)
SANS GIAC Security Essentials (GSEC)
SANS GIAC Continuous Monitoring (GMON)
SANS GIAC Certified Incident Handler (GCIH)
SANS GIAC Web Application Penetration Tester (GWAPT)
Offensive Security Certified Professional (OSCP)
The company’s security program is aligned with and assessed by the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity (NIST CSF). They also work with third-party groups, including the NMFTA and AUTO-ISAC.
Information systems are essential infrastructure, and we want to be clear about the steps we take to protect ours. ArcBest has robust policies and procedures to safeguard employees and customers from security breaches. These policies and procedures define practical measures that help prevent fraud, embezzlement, industrial espionage, sabotage, errors, omissions and system unavailability.
While the Information Security team is critical for keeping information safe, they also work to educate others on the risks and responsibilities they have around cyber security.
“Everyone has a role to play in information security. It’s a company-wide effort. Our employees have to be aware. They’re really the front-line defense,” said Taylor.
Customers can be confident that every person they work with has digital safety in mind. Every employee with computer login credentials must complete annual training on information security and the policies and procedures created to protect sensitive information.
Regularly checking our security practices can help evaluate compliance and catch vulnerabilities. Reviews are done both in-house and by external auditors. The ArcBest Internal Audit Department serves as the eyes and ears of our company, checking compliance with our security protocols and ensuring that our measures align with our goals and any regulatory requirements. Outside organizations make sure we’re following rules surrounding things like the Sarbanes-Oxley Act (SARBOX), Payment Card Industry Data Security Standard (PCS DSS) and Health Insurance Portability and Accountability Act (HIPAA).
Protecting data is more than a technical problem; it requires a company-wide solution to ensure the safety and privacy of sensitive data. Because of this, the Information Security team is involved in collaborative efforts across the organization.
“We rely on other departments. We work closely with technical services, training, legal, risk management, and different groups to accomplish our goals and carry out our strategy,” said Paschal.
So much more than securing data
While having a solid security program is critical to the future of our company, it’s not enough to just have a plan in place. A dedicated information security team can focus on detection and prevention so the rest of the organization can serve our customers without interruption.