Vetting out vendors is a tedious process. Are they experienced enough? Do they have the right qualifications? Are their services affordable? Will the team prove reliable? The list of qualifying questions is endless. The process is even more challenging when you hire an entirely new kind of company. Yes, you might have the proposal process down for when your laser printer goes on the fritz, but what happens when you need cybersecurity help? Would you know which qualities to look for? For many companies, this is uncharted territory. To help clarify the process, we compiled a list of five signs to look for when choosing a cybersecurity company.
#1: The cybersecurity company allows you to access your data.
Wait. What? Wouldn’t I have access to it anyway? Not necessarily. Some cybersecurity companies monitor your data, but limit access to what you can see and do. Yes, we agree that is nonsense. When choosing a cybersecurity partner, always ask if you can access your data at any time, for any reason. If the answer is, no, then keep looking. You need to see what your cybersecurity provider sees. You should also know the process if you decide to switch vendors. Will they hand over your data? Or will they hold it hostage? Transparency is key. Before signing a deal with anyone, make sure you have clearly defined expectations.
#2: The cybersecurity company practices what they preach—and they will prove it.
Did you know vendor error leads the way as the primary cause of breaches? Think about it. If you hire a company to manage your cybersecurity, it only makes sense they would protect their own environment similarly—if not better. If the company in question suggests implementation of a security incident event management (SIEM) system, do they adhere to the same practice? Do they use multi-factor authentication (MFA) to protect their own sensitive data and systems? If they recommend DNS filtering, high-end firewalls, or the latest endpoint anti-malware solutions, confirm they do the same at their business. But don’t just take their word for it. Ask for documentation. Any cybersecurity company should be willing and able to provide official documentation to back their statements.
#3: The cybersecurity vendor thoroughly knows the customer.
The best cybersecurity companies get to know their potential clients. And not just for rapport. They will ask questions about your industry, your pain points, your goals, your team, etc. Then, they will take this knowledge and create custom solutions for your specific needs. Cybersecurity is not a templated, one-size-fits-all approach. A cybersecurity strategy must get developed with the client in mind. Every organization is different and every customer is different. A good cybersecurity company will take measurements and give you a well-tailored product. If they don’t, you will have gaps in your plan. Gaps = vulnerabilities.
#4: The cybersecurity company stays abreast of the threat landscape and industry trends, and ties this knowledge into your business.
Cybersecurity is one of the most rapidly advancing industries. As cyber criminals continually develop their tactics, those engaging in the industry must not only keep up, but stay ahead. Still, it is not enough to just know what is happening. A good cybersecurity partner will take this data and turn it into meaningful solutions for its clients. They won’t just try to sell you the latest buzz word product.
The best approach is to assess the activity in the environment first and then craft a solution around these needs. In order to do this, the cybersecurity company must identify the hacking that is taking place in your environment. Not sure if the vendor actually adheres to these practices? Ask for a list of references. Don’t be afraid to ask tough questions. This is common practice in the industry and is a valuable tool for those wondering how the company is question works.
#5: The company only focuses on cybersecurity.
Many companies may try to do it all, but it’s impossible to do it all well. The phrase mile-wide and inch deep is common in the industry, but you do not want to work with this type of company. You want an inch-wide and a mile deep cybersecurity company. You want to work with subject matter experts (SME’s). When vetting out your cybersecurity vendors, it is best to work with a company that focuses on one expertise. Ten items on a datasheet might look attractive, but a company’s level of competency quickly diminishes when they take on this much. As mentioned in #4, just staying up-to-date with the pace of the cyber industry is more than a full-time gig. If you’re looking for a cybersecurity expert, then steer clear of value added resellers.
For an even more beneficial relationship with your cybersecurity partner, find one that focuses on your specific industry. Each industry has a different set of guidelines and compliances to adhere to. Any potential cybersecurity partner should have thorough knowledge of the ins and outs of your industry. If you work in higher education, can your vendor explain the Gramm-Leach-Bliley Act? If you work for an energy provider, can the vendor explain NERC-CIP compliance? Or if you’re a municipality, can the vendor explain the CJIS Security Policy? These are important points to address before making your decision.
The process of selecting a cybersecurity company is challenging, but knowing what to look for can greatly improve your search. A lot is at stake when it comes to a company’s security. Take your time, ask a lot of questions and make sure you work with a cybersecurity company that will esteem your business as highly as their own. If you would like to learn more about BitLyft’s laser-focused cybersecurity solution, contact us today.