As your business expands, one of the growing pains it may experience is in internet technology (IT) and cybersecurity. While you have definite needs to protect your business assets, you may not have the time, funds, or space to employ a full-time IT person on-premises. Even if you do have someone in-house to handle your IT, one person or a team can become overwhelmed as a business grows meaning they could use a backup.
ORAM Corporate Advisors recommends business leaders ask certain questions before hiring an outside IT and cybersecurity company. Below are some of the items you need to discuss on your interview with any companies you’re considering working with for your business IT and data security.
What Technologies Do They Use?
Find out what technology the IT and security company uses before signing a contract. What software do they implement or recommend for email security, data storage and backup, and remote monitoring and management (RMM)? You’ll want to ask if these technologies are compatible with the existing software programs and applications you are currently utilizing in your business. If not, ask how they would work around the issue to still provide the highest level of security for your data.
Dark Web Monitoring
Be sure to determine if the IT company you are considering for hire offers Dark Web monitoring. This is important because the Dark Web is just what it sounds like: it’s the dark underbelly of the internet we all use every day where cybercriminals lurk, hidden from conventional search engines. It’s in the Dark Web where personal identities are stolen and traded on the black market and credentials from email logins, passwords, and usernames are found.
While personal data is mined, stolen, traded, and sold here, it can also impact your business. When an employee’s credentials are taken by a bad actor, it could also spell disaster for your company. That’s why Dark Web monitoring is a necessity for your employees. You can learn more about the Dark Web and Dark Web Monitoring from ORAM.
Another question you should be asking of any potential IT contractor is layered security. Layered security, also called layered defense, is the practice of combining several security controls to mitigate the risk of a breach in order to protect your business resources and data. Just as you have layered security in your home such as cameras, door and window locks, monitors, and automatic lights, your business should have layered cybersecurity to protect its assets as well.
What Frameworks Does the Company Follow?
In addition to knowing what technology they employ for monitoring and security, you should also ask about what cybersecurity frameworks the company you’re considering partnering with adheres to. For example, do they follow the particular policies for the National Institute of Standards and Technology (NIST) cybersecurity framework, the Health Insurance Portability and Accountability Act (HIPAA) security rules, or Sarbanes Oxley (SOX) compliance guidelines?
It’s imperative to know which cybersecurity frameworks your potential IT and security vendors are familiar with and implement because every industry is touched by government cybersecurity regulations. By adhering to such frameworks, you’ll know if the company is familiar with the industry compliance requirements of your particular industry are. Additionally, you’ll want to ensure they are able to get your business regulatory compliant (if it’s not already) and keep it compliant when it comes to cybersecurity.
Are Security Reports Available?
When meeting with a potential IT and cybersecurity contractor, also ask about reports from system monitoring software. Does the company produce regular reports for the business? These reports are important to your business because they can show you what’s happening inside your network so you can adjust your cybersecurity measures accordingly to best protect your business data against potential threats. These reports allow you to visibly see what’s happening within your network and managed services.
Do They Have a Help Desk?
Whether your business runs on a 9 a.m. to 5 p.m. schedule or it’s also open nights and weekends, you will need access to a help desk. Find out if the company offers help desk support and, if so if it’s available 24 hours a day, 7 days a week.
Also, find out if any employee can contact them for assistance or if it has to be a supervisor from your business. It’s best if all employees have access to IT and security assistance at any time, especially with so many people now working remotely.
Finally, find out how they handle help requests. Do they have a ticketing system? What is their turnaround time for getting back to clients?
Whether you need part-time assistance with your business IT and cybersecurity or a full-time team, ORAM Corporate Advisors is here to help at (617) 933-5060 or you can visit ORAM online.