Mitch Cox Companies formed an internal committee in late 2017 to formalize its treatment of potential outside invasions of the company’s premises, data, and IP assets.
It’s an initiative that seeks to implement preemptive and responsive protocols in the event of an attack.
“While most news headlines focus on incidents that arise at Fortune 500 companies,” said Gregory Wiggins, CFO at Mitch Cox Companies and chair of the security committee, “Many people may not realize that small to mid-size companies are frequently targeted because they often do not employ the resources or attention to security.”
Seeing how security breaches can result in stolen assets, lost revenues, and a damaged reputation, Wiggins and the leadership team decided to take the company’s current security measures and fortify them with greater focus and resources.
“We realize that no business is immune to security breaches and we want to be diligent in our preparation to prevent security breaches from occurring,” said Wiggins.
Another committee member Joe Maile, who heads up insurance and risk mitigation for all the Mitch Cox Companies, explained the types of potential threats the company is looking to address.
- Physical security – In the event of an act of terrorism or an active shooter, the committee is enhancing the company’s access control in and out of the building, and setting up a lockdown protocol along with awareness training and employee safety protocols.
- Data breaches – Acknowledging the potential for modifying, compromising, or destroying data, the safety and security committee is pursuing an insurance program, reporting system, and a response process to protect against any unauthorized use of the company’s information.
- IT systems testing – The committee is looking to bring in outside auditors to run system tests, penetration tests, and programs to detect data breaches early and implement the protocols to respond to data breaches.
- Document safety – The company has a formalized shred program.
- User error – The committee is looking to organize training for both the company’s existing and onboarding employees to educate and equip personnel on security measures including password control, identifying phishing emails, and responding to physical threats.
“The committee is made up of cross-functional team members from different business units with different skill sets and perspectives,” said Maile. “We’re looking forward to taking an organized approach to support our people as we set up contingency plans and actions steps towards addressing and mitigating potential security threats.”
“We also believe our mission and values lead us to be proactive in this area,” said Greg Wiggins. “We strive to be good stewards of our resources and assets. This encompasses our most important asset, our employees, as well as our financial and physical assets. We have developed a very successful business and want to ensure that it continues for future generations. Therefore, we should be responsible for safeguarding our assets.”