Protecting our digital assets and the security of our information systems is a priority for our organization. Historically, the nature and scope of our IT applications and systems was as diverse as the array of companies that comprised the Standex portfolio. With our transformation into a more focused, high performance operating company, however, over the past several years, we have been rationalizing and standardizing our approach to IT. As a critical component of this effort, we have improved and continue to enhance our IT security controls and protocols.
During our 2021 fiscal year, we appointed a Chief Information Officer (CIO) for the Company. The CIO oversees and implements the Company’s IT strategy and, with respect to IT security, is responsible for ensuring the effectiveness of access and security controls, the deployment and use of effective security tools, applications and policies, and the training of all employees on applicable IT policies and procedures. The CIO periodically presents to the Board of Directors on the status of and plans for IT security. In addition, IT security and the efficacy of IT controls is a regular topic for discussion at Audit Committee meetings.
FY 2021 Accomplishments
In addition to the appointment of our CIO, we have taken several steps during our recently concluded fiscal year to enhance our IT security controls. These steps include the following:
- The performance of vulnerability assessments globally with respect to our primary domain;
- The implementation of consistent patching globally;
- The implementation of two-factor-authentication for remote access to our systems and for “on premises” access to sites housing sensitive information (e.g., ITAR);
- Significant progress toward achievement of CMMC compliance for those sites that handle controlled unclassified information;
- Established enhanced cybersecurity training for those sites that we anticipate will require CMMC compliance;
- The issuance of a revised and updated IT Acceptable Use Policy and associated training; and
- The enhancement of rapid response and more effective communication via implementation of a global help desk.
FY 2022 Improvements
During our 2022 fiscal year, we have several initiatives underway to further enhance the efficacy of our IT security and controls. To help us identify potential vulnerabilities using objective measures, we have subscribed to a well-regarded cybersecurity ratings service that allows us to benchmark ourselves against other organizations and to provide trended analyses on our security posture. Other initiatives include, but are not limited to the following:
- Adoption of global System Security Plan;
- Completing deployment of fully encrypted, offsite backups;
- Completing encryption of all PC’s globally;
- Micro-segmentation of virtual servers to isolate ransomware and control lateral movement;
- Increase the frequency of incident response desktop exercises;
- Enhancing enforcement of baseline configurations of endpoints outside the primary domain;
- Implementing dynamic data driven measurements of Standex’s cybersecurity performance; and
- Global rollout of enhanced cybersecurity training.