Microsoft suffered one of the largest cyberattacks in history in 2021 as more than 30,000 organizations in the United States were hit. The attackers were able to see user emails and passwords as well as get access to connected devices on the network.
Each day, businesses and organizations face cyber threats. Attacks like the one against Microsoft generate the big headlines, but emergencies come in all shapes and sizes, and physical threats can be just as impactful as any cyberattack.
For instance, if a tornado touches down near your business, are you prepared? What would your team do in the event of a power outage? How do you do business during a pandemic?
At SDN Communications, response to emergencies of any kind are carefully planned for, thanks to the company’s Security Committee and its virtual Chief Information Security Officer (CISO).
Formed in 2016, the SDN Security Committee is made up of staff members who meet monthly to plan for security issues.
“A lot of people think (planning is just about) cybersecurity, but it’s everything from physical to cyber to general network technical issues,” says Jake VanDewater, vice president of engineering, operations and IT and a member of the committee. “The committee makes sure the integrity of the network and systems are safe in the event of any emergency.”
The Security Committee offers guidance and leadership to maintain and improve the “confidentiality, integrity and availability of information across SDN’s networks.”
“The goal is really to have a group of designated responsible individuals for all things security as it relates to SDN,” he says. “We also coordinate regular planning of tabletop exercises and make sure our responses are in place.”
And it’s working. During a tabletop exercise in 2018, the SDN team walked through a supply chain attack scenario. Recently, a supplier to the company faced just that.
“When it became a reality, there was a familiarity on how we needed to respond thanks to that (exercise),” VanDewater says. “Ultimately there was not an impact to us, but we were prepared had there been.”
In order to strengthen the security of SDN even further, the company also enlists a virtual CISO with FRSecure in Edina, Minnesota.
The security officer assigned to SDN, Darrin Printy, began working with the committee about a year ago.
“He’ll come in for a few days and help us enhance plans and policies and really teach us to stand on our own two feet,” VanDewater says.
Printy meets monthly with the committee and meets separately with leadership members.
“We take a thorough look into the inner workings of an organization such as SDN. We look at administrative controls, look at internal technology and look at external technology. But we also do a physical walkthrough to see if your company’s people are safe. See if someone could walk in and steal your server,” Printy says.
“Then we develop a roadmap to plan out the work that needs to be done. But it’s different from when you get a risk assessment and someone hands you a report. We meet twice a month. They bounce things off me, go through questions and I challenge them to think about various things.”
The committee can also email Printy with questions or concerns. It’s an ongoing relationship that will last several years.
A lot of people think (planning is just about) cybersecurity, but it’s everything from physical to cyber to general network technical issues. The committee makes sure the integrity of the network and systems are safe in the event of any emergency.
Printy has been impressed with the Security Committee and SDN’s commitment to security overall.
“They’re a client that isn’t waiting for me to recommend something — they’re already trying to do things. They’ve come a long way and continue to improve,” he says.
That being said, Printy is cautious about making promises to any company and urges all companies to stay vigilant.
“Everybody (at a company) has to be involved in security at this point — every employee,” he says. “We will never tell anyone they are 100% secure. Nobody can be 100% secure. The bad guys are always finding new vulnerabilities, but SDN is doing a phenomenal job.”