Tips for Selecting the Right Cyber Security Company

Blog Home » Cyber Security » Tips for Selecting the Right Cyber Security Company July 10, 2019

What To Look For When Choosing The Best Cyber Security Partner

Let’s face it, when it comes to cyber attacks, no company or industry is exempt or immune. Which means having effective security and risk management solutions to protect against attacks and safeguard data is crucial to operating a business in today’s digitally connected world.The challenge for most companies is how.

Outsourcing has become a standard practice for business large and small as developing and managing a successful security program requires time and expertise. Employing in-house cyber security staff can be expensive, where outsourcing becomes a more-cost effective option for a variety of reasons.

This article is meant to provide small-and-medium businesses, who typically do not have IT or cyber security departments, helpful criteria in qualifying and selecting security vendors that best fit their business.

Types Of Cyber Security Providers:

A company may choose to outsource a portion or all of it’s IT security and threat management to a IT managed service provider, a managed security service provider (MSSP), or to a cyber security firm that specializes solely in providing cyber security services.

A MSSP is an IT service provider that provides cyber security monitoring and management, such as virus and spam blocking, intrusion detection, firewalls and virtual private network (VPN) management, vulnerability scanning and anti-viral services. An MSSP may use a SOC (security operations center) of their own or from another SOC provider to provide around the clock security monitoring services.

Cyber security and IT security consulting firms may specialize in specific areas of security. They also manage IT security services such as firewalls, intrusion detection and prevention as well as security threat analysis, proactive security vulnerability and penetration testing, incident preparation and response and IT forensics.

Regardless of the type of security provider, effective cyber security should:

  • Reduces the risk of cyber attacks

  • Protects systems, networks and technologies from unauthorized exploitation

  • Prevents unwanted third parties from accessing sensitive information

  • Protects against disruption of services

  • Maintain productivity by reducing down time from computer viruses

  • Monitor overall safety to provide peace of mind

  • Provide controls and ensure business continuity

Critical Security Services to Consider for your Business:

  • Network security

  • Endpoint security

  • Application security

  • Password management

  • Malware defense

  • Ransomeware defense

  • Anti-virus

  • Firewalls

  • Data storage

  • Device management

  • Website protection

  • Virtual Private Network (VPN)

Find additional resources through the Small Business Big Threat program which was developed by the Michigan SBDC with support from the U.S. Small Business Administration and the Michigan Economic Development Corporation.

So what should you look for in a cyber security and risk management partner?

While there are standard and critically essential security components that every company should employ, not every business requires the same amount of protection.

To achieve the greatest benefits from outsourcing security operations, first define your specific company and unique business needs. It’s important to know what your core risks are. Take the time to determine the information that needs to be protected, where it is stored and who has access to it. Then align necessary and required security and risk mitigation technologies and solutions accordingly.

The right match will be a company that helps at a strategic and tactical level including defining the overall strategy, asset discovery, conducting vulnerability assessments, intrusion detection, threat intelligence, deploying the right technologies, behavior monitoring and ensuring operational functionality. The right security company will address each aspect of your business to provide full protection.

What to consider when doing your due diligence:

Experience

The best cyber security and risk management firms can demonstrate their work in the IT field. They will have years of experience on top of a portfolio of services that match their clients needs. They will be able to provide case studies as evidence of customer success and clearly articulate exactly how they help their clients backed by measurable results. Ask for examples of relevant experience or “war” stories. Ask how they would implement their services. The more detail they provide the better. By asking the right questions you will be able to determine the right firm with a successful track record.

Skill Set

Security professionals may have vendor-specific certifications as well as certifications and training from an accredited institution. Top-rated security professionals will openly display their awards, recognitions and certifications. Ask to see them if not displayed on their website. Inquire about specific staff certifications and training. You want to evaluate the team.

Top IT security certifications include:

  • CompTIA Security+

  • CompTIA CYSA+

  • GSEC: SANS GIAC Security Essentials

  • CISSP: Certified Information Security Manager

  • CCSP: Certified Cloud Security Professinal

  • GCIH: GIAC Certified Incident Handler

Types of Clients

Top-rated MSSPs and security agencies will have customers across various industries. To determine how familiar they are with you exact needs, ask for examples related to your industry such as have they worked with your type of data, systems and applications. Or have they worked with your competitors or other brands in your industry. However, be open to how they helped companies in similar industries with similar security needs.

Custom Solutions

While cybersecurity agencies and MSSPs like to provide packaged services that can easily be implemented and managed, leading firms will have the capability to provide custom solutions tailored to a businesses unique needs. Look for someone who understands that security is risk-based, which means one size does not fit all. You should expect to receive a plan and strategy on how they will secure your business. The right mix of technologies should match up to your business needs to provide both a proactive and reactive security approach - all aimed at preventing incidents, minimizing vulnerabilities and minimizing damage.

Technologies and Products

Cybersecurity is a growing, complex landscape. The market is flooded with new products and technologies as well as frameworks and standards. This can lead to confusion about what products, or combination of products you should use to keep your business safe. A cybersecurity expert can provide the guidance and direction you need. Ask about what products they use, why they use them, and how they will integrate with your systems. You will want to understand if any products have overlapping features or worse - leave gaps opening your business up to dangerous threats.

Explore and compare top cyber security products and technologies:

Scalability of Solutions

Not all security providers offer the same levels of protection. Security companies will have a menu of services or portfolio of capabilities with some being more comprehensive than others. Assuming that your entire organization utilizes IT resources, then the entire organization is at risk. Any solution that does not address all locations, all employees, all systems, all processes, etc. can leave you vulnerable. In addition, take into consideration how you plan on growing your business. Look for a security partner that can grow and scale your security solutions with your changing business needs.

Multi-layer Approach

Cybersecurity requires a multi-layer approach that includes products, services, education and employee training, policies and procedures, testing and best practices, as well as overall strategy and digital governance.

Industry-Specific Security Compliance and Risk Management Expertise

For regulated industries, a company may need to meet and follow specific security, regulatory and compliance requirements such as:

  • SOX - Sarbanes Oxley compliance for both Banking and Finance industries to protect investors and the general public from accounting errors and fraudulent practices

  • PCI DSS - Payment Card Industry Data Security Standards for any company that accepts credit cards

  • HIPPA - Health Insurance Portability and Accountability compliance for Healthcare privacy and security

  • GDPR - Europe’s General Data Protection Regulation; EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

  • Public sector and federal services may require a security clearance or need to demonstrate NIST (National Institute of Standards and Technology) compliance.

  • Other industries that are in the “trust” business, such as law firms and insurance agencies should also be able to demonstrate how they are addressing risk and protecting client data.

Qualities of top-rated cybersecurity and risk management companies

Customer Satisfaction

The security company should be able to provide examples or stories of how they solved a customer’s issue or managed a customer’s project. Or how they successfully corrected a problem.

Reputation and References

Ask for active client references and reviews to gauge performance, responsiveness, reliability and expertise. Customer feedback should provide a view into how the firm operates and are they a good match for your organization.

Reporting Practices

When outsourcing any service, especially one as complex as cybersecurity, your company will need visibility into what is being managed and what the results are. Leading cybersecurity agencies and MSSPs will have established monthly analytic and reporting expectations to ensure transparency with their business customers.

Forward Thinking

Cyber criminals are always upping their game. The best cybersecurity firms will be knowledgeable of past, current and potential future threats as well as the technology solutions needed to combat such threats. To be effective, leading security experts must stay up-to-date on the latest trends and techniques being used by attackers.

9 Additional considerations when making your selection

  1. Do they understand the business they are protecting, meaning do they understand your business?

  2. Can they speak in laymen terms to effectively communicate technical language?

  3. Do they provide analogies to help non-technical buyers and end-users understand technical concepts?

  4. Are they up-to-date with the latest technologies, trends, and issues such as attacks and threats?

  5. Are they subject matter experts and proficient in solutions, services, and processes?

  6. Are they highly collaborative to achieve your business goals and objectives?

  7. Are they continuous learners with updated skills?

  8. Are they problem solvers with an eye for detail?

  9. Can they be your trusted partner?

More questions to ask an IT provider.

How your cybersecurity provider positively impacts your business

They help you:

  • Avoid damage to your company’s reputation. You work hard to establish your brand and build a reputable, customer-centric business. The last thing you need is to have your reputation tarnished by a security breach.

  • Avoid weakened client trust. A data breach and loss of information can weaken the relationship with clients and any potential new customers.

  • Avoid legal ramifications. Data breaches must be reported and customers must be notified of details related to the security breach, including if their information has been compromised.

By partnering with the right MSSP, cybersecurity IT consulting, or risk management firm, companies can avoid the nightmares and embarrassment associated with a data breach.

Use our vendor scorecard to help you easily compare vendors.

Summary

There is a lot to consider when selecting the best cybersecurity partner for your business. Security service providers vary as wildly in quality and scope as do solutions, products and technologies.

Proper vetting will help businesses make confident cybersecurity and risk management partner decisions.

Businesses have a lot to protect. We’ll help you find pre-vetted IT service, MSSPs and cybersecurity providers who specifically work with SMBs and specialize in cybersecurity and risk management. You work with hand-selected experts, customized to your needs.

Learn how TechStak can help you get started.

Ready to get started?
Engage with your new tech provider today
Find Providers