What Your COO Needs to Know About IT Security
The Chief Operating Officer (COO) role is a tough one and often misunderstood. Modern business literature says that while no two COO positions are the same, there are some guiding principles for all:
- Identify key issues and opportunities for the organization.
- Align the firm and leverage all areas of consensus.
- Attract and retain top talent.
- Drive the strategic planning process.
- Create a culture of constant improvement.
Governance
Establish a cybersecurity policy that conforms to all legal and industry guidelines and standards. Define roles and responsibilities throughout the organization for all security matters. Ensure that key personnel have an open door to relate all security concerns toward the executive suite. Gain the endorsement of the CEO in the importance of all cybersecurity investments and policies.
Visibility
Conduct a full cybersecurity risk assessment and present key findings to the CEO and Board. Put in place plans to lower risk consistently. Risk assessment would include: documenting assets and their reliance on technology, identify where threats exist in order of priority and address them, buy cyber liability insurance, and put all needed protective measures in place, monitoring for updates as needed. Additionally, it’s recommended that you have an outside expert run a penetration test on your network to identify any possible weaknesses.
Culture
Ensure cybersecurity is a consistent agenda item at the management level. Put in place cybersecurity training as part of new staff onboarding and on an ongoing basis. Have all employees sign documents agreeing to adhere to all cybersecurity policies and procedures. Establish ongoing cybersecurity training and testing for all staff. Institute an annual review of the firm’s cybersecurity posture and policies. Put in place multi-factor authentication (MFA) policies for any sharing or access to any level of company data.
Software and Hardware Basics
- Schedule Ongoing Backups – Having an up-to-date backup in place is the antidote for all these catastrophic events. A backup can be used to recover anything stored on a device in the event of an attack or other data loss event.
- Manage Access to Data – Prevent access to your data from unauthorized individuals. Ensure that a strong, secure password policy is in place as well.
- Ensure Endpoint Security – All key hardware and software should be kept up to date by downloading software and firmware updates as they are deployed by each vendor. This is an often overlooked first line of defense for all networks. That includes having an antivirus solution in place on all hardware and ensuring it is current.
Outside Relationships
Evaluate all potential vendors considering their policies relating to the sharing of key organizational data. Evaluate potential strategic partners and potential acquisitions in the same vein.