Welcome!

Michelle Drolet

Subscribe to Michelle Drolet: eMailAlertsEmail Alerts
Get Michelle Drolet via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Related Topics: Security Journal

Blog Post

Know When to Onboard a Virtual CISO

Onboarding a virtual CISO will help your company build cyber security programs and perform risk assessments

A virtual Chief Information Security Officer (CISO) can be an invaluable asset to your company. The virtual CISO provides your business with a person who will be in charge of the electronic security aspects of your company. You will have an executive in place that will not only oversee your electronic security, but will also define it.

Because the CISO is virtual, which means they work off-site, they cost only a small fraction of what a full-time, on-site person would cost. You get all the benefits of having an executive director of security without having to pay the additional money to keep on at your office and pay all the liability insurance and benefits that are associated with making a hire of that nature.

With a virtual CISO, you have someone who can perform jobs that are mandated by government compliance regulations. Anyone who works with the cyber security aspects of your company will report directly to this person, who will oversee the entire operation. Your virtual CISO will not only make sure your company is in compliance, he or she will also work to reduce cyber security risks to your company, making it safer and more secure for both you and your clients.

When you consider all of the benefits a CISO brings, you must ask yourself if your company can afford to not have one.

How do you know when it's time to onboard a virtual CISO? First, ask yourself if your business has regulatory compliance measures to meet regarding data security. Also ask yourself if your business has data security concerns and/or is potentially vulnerable to hacking. Is there anyone already working on your staff who is qualified to handle these things? If the answer to the first two questions is yes and the answer to the third one is no, then you need a virtual CISO.

The virtual CISO makes the most sense for small to medium-sized businesses that cannot afford to put someone full-time on staff to handle cyber security and regulatory compliance measures. You don't want to simply move someone from another department who has a slightly technical background and ask them to perform these duties.

The job of the CISO is not one you want to have someone in who is learning on the job. You need someone who is already qualified and who knows what they are doing from the beginning. If you don't get an experienced person in the form of a virtual CISO, you will spend money you can't afford on a person who can't do the job effectively, and who may even bring negative results to your company through lack of knowledge. You don't want to do that to your company and the people who depend on it for their livelihoods, as well as your clients who depend on you for much needed products or services.

Onboarding a virtual CISO will help your company build cyber security programs, perform risk assessments, develop company-wide regulatory policies, and work with your on-site team on developing and implementing remediation efforts. Your virtual CISO will save your company both time and money, while putting it on the path to the success that comes with enhanced security. These are freelancers who can be hired on a retainer basis, which gives your company the flexibility it needs to choose the best virtual CISO for its unique corporate and budgetary needs.

More Stories By Michelle Drolet

Michelle Drolet is founder of Towerwall, a data security services provider in Framingham, MA with clients such as PerkinElmer, Smith & Wesson, Middlesex Savings Bank, Brown University and SMBs. You may reach her at michelled@towerwall.com.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.