[BreachExchange] Why Your IT Company’s Security Expertise Matters

Audrey McNeil audrey at riskbasedsecurity.com
Wed Sep 7 18:49:06 EDT 2016


http://www.business2community.com/tech-gadgets/companys-
security-expertise-matters-01644538

Can you tell the difference between an IT consultant with in-depth security
expertise and one that doesn’t have it? In a world where proposals reign,
it’s hard to designate the difference between an IT company or individual
with the right security expertise from those that just don’t have it. It’s
always interesting to me when companies pick one IT provider over another
because of price. I wonder if they know exactly what they’re missing out
on. Recently our Director of IT and Security earned one of the most
prestigious security certifications in our industry. While it may just look
like some words on the end of his name, this particular certification is
one of the most well-respected in our industry. But what does having that
level of IT security expertise mean exactly for a client? Here’s why your
IT company’s security expertise matters so much:

Your innovation is dependent on your IT provider’s knowledge.
While is a pretty obvious statement, you’d be surprised how many don’t
consider security expertise in their selection of IT consultants or Managed
Services Providers. Despite TechTarget reporting it as a 2016 priority in
their year-end report less than a year ago, many companies still use the
RFP and numbers as the final word in their selection of an IT provider. But
how much gets lost in that bit of paperwork and focus on numbers? The fact
is that your technology innovation is dependent on the IT providers
knowledge of IT security. For example, a piece of hardware is only as good
as its configuration. A proper firewall configuration completed by a
technician and team trained in security protocols can protect your
organization much more effectively than one that is just installed with
factory settings.
Their tools are more sophisticated.
Companies that are well versed in IT security go beyond the standard
antivirus and anti-malware tools. They often use more tools, like filtering
software that monitors visits to certain websites and protects your network
in real time. They will also better-configure your antivirus, customizing
scan frequency and tailoring it to an organization’s unique needs. Compare
that type of proactive action to a company that just scans for viruses
every now and then and you can see how much you can save in the proactive
monitoring end.
An internal emphasis on security.
Those that are certified and trained in high levels of IT security take
their own IT security very seriously. This is important, because they are
not only sometimes hosting your data and applications, but also holding all
of the administrative credentials to all your technology. It may not be
something that you think to ask often, but the fact is that you need to be
asking your technology providers what kind of tools and protocols they’re
utilizing to ensure their own organization is as well-protected as yours.

A great IT company is so much more than a number on paper. Next time you
vet out an IT consultant or Managed Services Provider, ask them what types
of security training they have and if they have a role specifically
dedicated to IT security education. With so many organizations being
infiltrated with ransomware and dealing with data loss, you can’t afford to
deal with a company that doesn’t have it together from a security
perspective. Your company is your livelihood. Don’t trust it to just anyone.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160907/482597cf/attachment.html>


More information about the BreachExchange mailing list