Treating cybersecurity as a business risk rather than an IT problem
Johnson, Mirmiran & Thompson (JMT) is a 100% employee-owned firm that provides a full range of multi-disciplined engineering, architectural, and related services to public agencies and private clients throughout the United States. Committed to the core values of safety, quality, integrity and relationships, leadership at JMT wanted to address the protection of their proprietary data from those who seek to expose the information and cause harm.
JMT first engaged Hartman Executive Advisors to develop an initial data security program that eventually led to a full cybersecurity plan and governance program. In the early stages, Hartman worked to identify the firm’s unique needs, implement time-sensitive process changes, and develop programs to meet increasingly stringent federal regulations that give their clients greater confidence in the security of their data.
As the engagement progressed, Hartman helped create an internal security governance team, reporting to JMT’s Board of Directors, which meets regularly to review JMT’s security program, make decisions on cyber policies and explore employee security awareness and education. The team also addresses cyber concerns before they arise and develops detailed incident response plans that correspond to different types of attacks.
Treating cybersecurity like the business risk that it is, rather than an IT problem, elevated the issue to a strategic level and added levels of responsibility throughout the organization. With the understanding that managing cyber risks is never a “one and done” process, JMT holds ongoing discussions with employees who collect, store and use data to strengthen the firm’s internal culture of cybersecurity.
Hartman continues to advise and work with JMT on a flexible cybersecurity program that looks for the biggest risks and strategizes on effective techniques to mitigate those risks on an ongoing basis. The end goal is an effective cybersecurity management system that allows the firm to improve and update their policies and procedures as client needs and technology evolve over time.