Cyber security is a life or death threat to a business, and outsourcing cyber security services can be tricky. Yet many don't implement the most basic of precautions. When 83% of companies don't properly protect even their domain name, what hope do they have of defeating a more subtle cyber threat?
Do you want to keep your business's information secure? Considering professional help? Read on to learn 7 questions you need to ask before hiring a cyber security service.
1. What's Your Cyber Security Service?
Types of services may include consulting, managing firewall protection, monitoring threats, anti-denial of service measures, vulnerability scanning, and penetration testing. They might assess your resilience in the case of targeted attacks, provide monitoring applications and encryption solutions.
It may be that your need is advice about secure hosting solutions or cyber security strategy. Make sure your needs and their service matches. When you need a full cyber security solution, you don't want to work with a service provider that just wants to sell you virus protection.
2. How Do You Conduct A Cyber Security Risk Assessment?
There are cyber security services that want to sell you an off-the-shelf solution. Will this meet your needs? Ask them how they will identify your needs and address them.
You may need a custom solution. You may need one that is flexible enough to cope with changes in your business such as business growth or new technology.
If they aren't willing or able to analyse your specific business needs their risk assessment will be flawed. Avoid them. If they want to talk about your business and your needs, keep talking.
3. What Are the Credentials of Your Team Members?
Cyber security is a complicated business. It relies on a multidisciplinary team approach. It's vital that the members of the team supporting your business are suitably qualified for the job.
General IT qualifications are a good foundation. Vendor qualifications such as those from Microsoft, HP, and CISCO are helpful too. There are also vendor-independent options that are well respected.
The specialist cyber security roles will need appropriate specialist qualifications such as GIAC approved Certified Penetration Tester and Certified Ethical Hacker. Ask for details on cyber security experience and check that the qualifications are valid. Check out articles like how to be a pentester.
4. What Will You Need from Me?
A cyber security company will be your partner in the fight against cyber threats. It's a close relationship requiring a great deal of trust and there's a lot at stake. It's important to be clear about what the partners in this relationship expect of each other.
Ask them what they will expect of you. What information will you be providing and what will be your part in the project.
5. How Will You Communicate With Me?
You need excellent communication from your cyber security service provider. Sometimes communication might need to happen in potentially stressful situations so the processes need to be clear and effective. Ask how this will be achieved. For example, we have a page on our website dedicated to exactly this.
You will need a dedicated point of contact so that you can go to them if you need to know something? You should expect to have regular updates on progress and issues. Agree on the frequency and means of communication.
If something goes wrong, you'll be glad you have a cyber security company in place. That feeling of comfort will quickly evaporate if you can't get a response from them within a time scale that meets your expectations.
Sometimes things go wrong. A hacking attempt can be successful despite all your carefully prepared measures. A virus can create problems for you and you need to get to work quickly to defend your business.
Ask the question now. What is your response time in a crisis? How soon will you get to work to defend my business?
6. Do You Provide Training?
While a cyber security company can provide technical solutions to your cyber security threats there's an important additional factor. People are often an important loophole in your security arrangements.
They may fail to perceive a cyber threat. They may have risky security behaviours. They may have a poor understanding of their own impact on security.
Once a cyber security company puts secure arrangements in place there will inevitably be a training need. You need a cyber security company that can handle the human aspects of cyber security such as training and formulating policy.
7. Do You Have Relevant Experience?
While there are common factors in the world of cyber security there are also sector-specific issues. There are also differences in the issues that your business will face compared to a business that is much larger or much smaller.
Asking a prospective cyber security company about their previous clients can help you determine whether their experience is relevant to your business.
Cyber security practitioners can be reticent about sharing information about clients. After all their business is security. They may have some justification.
It should not compromise their security to be able to provide references that will help determine their service standards. Ask to speak to current, clients about service levels, communication effectiveness, and project management.
Speak to these clients and establish whether they are similar businesses to yours. It will help you determine whether their experience is relevant. Ask clients about any reservations and whether they expect to continue working with the service provider.
Happy to Proceed?
Deciding that you need a cyber security service is an important step. Getting the right cyber security company is equally important. Do your homework and make sure you get a good match for your needs and you'll be happy to proceed.
Talk about your needs and how we can help by making contact here.