According to research by Sophos, 32% of people advising others on cyber security matters fail to recognize today’s basic threats. With the growing national attention on cybersecurity, it’s no surprise that opportunists are flocking to capitalize on fresh business opportunity.
As a business owner or IT decision-maker looking for cybersecurity services, how can you identify the qualified providers?
A Qualified Cyber Security Provider Should Display These 3 Characteristics
1. They Walk the Walk
According to Sophos’ research, a lot of people are talking about cybersecurity but too many of them lack an understanding of baseline cybersecurity threats and response tactics.
One way to assess their skills is to perform a quick online search of the company for potential breaches. After all, if they can’t protect themselves, they may expose your information, or worse, provide an uncontrolled remote conduit to your network (as happened in the Target data breach).
WHAT TO ASK: Have you run a Network Penetration Test in the last six months?
The answer should be yes, at least once. If the test was performed by a party outside of their organization, even better.
2. They Have Trained, Dedicated Employees
There is currently a global shortage of cyber security experts, yet many companies are labeling themselves as a cyber security consultant, security firm, or managed security services provider (MSSP).
Professional cyber security firms not only have professionally certified engineers with the highest level of industry credentials, but they also undergo regular background checks, drug tests, security testing and training to ensure they are behaving in a secure manner.
WHAT TO ASK: Is cyber security the sole responsibility of the employees that will be watching over my company?
The answer should be yes. Even if they provide other services, a number of dedicated analysts should be monitoring your network from a Security Operations Center (SOC).
3. Established IT and Security Company
There are a lot of new companies appearing in the market—or old companies suddenly diversifying into cyber security services— and entrusting your company to someone who is learning the ropes can be a risky proposition. (Or at the very least, a poor investment.)
As the saying goes, “you wouldn’t seek medical advice for a heart condition from anyone but the most experienced doctor.” Given the importance of cybersecurity to your business, your data, and your customers’ data, a depth of experience (8+ years in securing IT systems according to the best practices of the day) and agility in mastering the latest techniques are crucial characteristics of a qualified MSSP.
WHAT TO ASK: How has your company responded to changes to computer security over the last 8 years?
The answer will help you get a feel for how long the company has been tackling complex security issues, why they pivoted toward cybersecurity services, and the level of expertise they’ll bring to your network’s security.
Make an Informed Decision—We’re Here to Help
In the information age, data is the heart of our business and to avoid damage to your reputation, litigation, and worse, it must be protected. Don’t risk getting ill-informed advice or getting partially protected (which is really not protected at all).
While affordability is important, don’t give in to the temptation to look at the price tag alone—the cost of data breaches to small and mid-market businesses is nearly $200,000 per breach. Walking the walk, well-trained employees, longevity, and a solid suite of solutions are the most important factors to consider when evaluating a potential cybersecurity partner.
Email us and ask a dedicated Cybersecurity Advisor your questions today.Sources:
- Sophos Research: http://www.marketwired.com/press-release/sophos-survey-reveals-consumers-are-more-worried-about-cybercrime-than-physical-world-lse-soph-2183139.htm
- Target Breach: https://krebsonsecurity.com/tag/fazio-mechanical-services/