Blog & Tools

Security committees help companies bolster defenses

A-OX Explosion

One prominent company after another has suffered a significant, attention-grabbing cyberattack in recent years. Meantime, hackers’ methods keep getting more sophisticated.

Businesses and other organizations have had to step up their defenses, including planning, to reduce the risks of being victimized.

In recent years, a lot of companies have established security committees to help ensure that good policies and procedures, including effective hardware and software, are in place to protect their networks. Security committees also can help improve the physical security of facilities, which also are at risk.

Related Blog: Yikes! Video documents vulnerability of cyber infrastructure

Organizations that don’t have a security committee that meets regularly might want to create one.

SDN Communications is among the companies in the Sioux Falls region that has an active security committee. Chad Pew, manager of IT at SDN, is one of the employees who serve on the panel, which has about 10 members and has been operating for more than a year.

“The intent behind a security committee is to put in place internal controls to protect the company’s information and assets,” Pew said.

An explosion this past May at A-OX Welding Supply Company in northwest Sioux Falls (pictured) underscored the importance of preparing to deal with emergencies.

No injuries were reported in the A-OX explosion. However, local authorities temporarily evacuated people in businesses within about a half-mile of the explosion site. SDN, whose operations include a round-the-clock call center, was among the evacuated businesses.

At the time, SDN employees were allowed to go back inside their building briefly to grab some phones and computers so that they could resume work at a secure, company-owned data center a few miles away.

Since the explosion, SDN has equipped the backup workspace in the data center.

“If something happens in the future and people can’t get back into the (headquarters) building, we have workstations and phones set up out there,” Pew said.

The explosion at A-OX helped motivate SDN to improve its preparedness for dealing with emergencies in an area of planning known as Business Continuity and Disaster Recovery (BCDR). Disasters or legal requirements can be strong stimulants for action. Of course, it’s better when companies find the motivation for improving security preparations on their own.

SDN also conducted a gap analysis to help identify and prioritize other security needs. Network oversight is a key area the company is taking steps to improve.

The Security Committee currently is evaluating options for deploying a Security Information and Event Management (SIEM) software tool. Such tools can help companies monitor and correlate a collage of network events that might occur in the background not appear related.

“That’s another big item that has come out of our security committee,” Pew said. “It’s going to be a very important tool to give us better insights of what is happening in our network.”

The committee also reviewed the physical security of SDN’s buildings. As a result, they’re also improving the security of equipment huts away from office buildings.

To outsiders, the company’s main buildings probably appear highly secure. During regular business hours, visitors to SDN may enter a waiting area in the main building and talk to a receptionist. To go any farther, they need identification and an escort.

Employees are required to pass a two-factor authentication to come through work entrances. That’s means in addition to carrying an identification badge that doubles as a passkey, employees must have an entry code to get through doors.

Safety needs and standards vary from industry to industry, but the consequences of a successful network or building breach can be devastating for a company and its clients.

Security committees that include company experts from a cross-section of disciplines can help identify where improvements should be implemented. Business cannot completely eliminate security risks, but developing and implementing good policies and procedures certainly can help.

SDN Communications is a regional leader in providing broadband connectivity and cybersecurity services to businesses. Begin your cybersecurity efforts with the basics - use the button below to download SDN's free book, "Cybersecurity Starts With The Basics."

Cybersecurity Starts With The Basics

Download the Book