With the announcement last month regarding the personal and financial data of almost 146 million (and counting) U.S. consumers that have been compromised by the Equifax breach and the disclosure last week that all 3 billion Yahoo emails were hacked, there is a movement among all businesses to select an outside cybersecurity provider.
But how does a business vet one?
This post will focus on the essential elements of selecting the right partner and what all businesses can do to try and head off data and network vulnerabilities.
In a Nutshell: What Went Wrong at Equifax and Yahoo
While much of the Equifax/Yahoo breach information is still unfolding, it appears there were many problems that led to billions of records being compromised. Here is a synopsis of some of the problems:
- Lax security measures
- Failure to apply software patches and updates in a timely manner
- Using software that was more than 10 years old
- Low level of encryption
- No enforcement of cybersecurity policies
- No checks and balances between the executive suite, CIO and CISO
- No one asking the right questions or alerting management to problems
- Lack of understanding about how cybersecurity talent differs from IT staffing
What was and continues to be the outcome? At a minimum, the brand confidence has suffered greatly. People now question whether they should turn over personal, confidential data to credit bureaus. The top executives at Equifax are gone and may face criminal charges of insider trading. Lawsuits are pending and Yahoo, which at times ruled the email world, has and will continue to see an exodus of email users to other platforms.
Selecting the Right Partner
Before signing on the dotted line for cybersecurity services, conduct the following vetting:
- Have them speak your speak.
As a technical person myself, it is very easy to get caught up in terms like ISP, DSN, VOIP and end-to-end encryption. However, to the CEO/President/COO of a small to medium-sized business with limited IT support, this tech speak can overwhelm the smartest owners.
Instead, ask the vendor to provide you with practical, management insights as to what they provide and how it will serve your organization. Have them drill down to the overall benefits of utilizing their services.
- Find out their specialty.
Every cybersecurity organization is staffed with experts that work with certain industry niches. In addition, some organizations have written proprietary solutions that bodes well in one vertical market place but may not be that transferable to other vertical markets. Ask for this information and feel comfortable you are working with a company that knows your business and can fit into your culture.
- Ask around.
Check with peers in your industry and find out who they use for cybersecurity and their level of satisfaction with the service.
- If possible, meet at their office.
Meet with the people who will be managing your network, take a tour of their office and ask more in-depth questions. If a site visit is not feasible, a videoconference should be set up with the key players that will manage your account.
Shellproof Security Welcomes a Conversation
If you own or manage a small-to-medium business, find out how we can partner with you. We work hard to ensure your data is not breached through our auditing, monitoring and alert system. Call one of our cybersecurity experts today at 212-887-1600 to start the partnering process!