3 Tips for Choosing the Right Cybersecurity Solutions Partner

A while back, I wrote a post about some of the warning signs that you might need a new cybersecurity solutions partner. Now that you know what to avoid, how can you find a better partner for your cybersecurity needs in the future?

Well, here are a few tips that can help you find a cybersecurity solutions partner that will actually help you keep your business’ (and your customers’) data protected against cybersecurity threats:

1) Ask Some Questions!

Before you sign on with any managed security services provider (MSSP), be sure to ask them a few of the following questions:

  • What Cybersecurity Technologies Do You Use? While the use of any particular technology might not guarantee that the MSSP will be able to effectively prevent or respond to an attack, it can provide you with a fair idea of how well-equipped they are to tackle a variety of situations. Try to find security partners that have a decent breadth of options for each type of cybersecurity technology as well.

  • Are You Certified in Those Technologies? A lot of MSSPs may claim to be partnered or affiliated with different security technology providers, but the real concern is whether or not they have the skills and knowledge needed to actually put that technology to use. This is why it’s important to go beyond logos on a webpage and directly ask: “Are you certified for…?”

  • What Are My Biggest Risks? It’s one thing for a cybersecurity service provider to have the right tools, it’s another thing for them to understand what your specific risks are so they can make sound recommendations for which solutions best fit your needs. It’s important to find a provider who will take the time to assess your specific risks and recommend solutions that best meet your needs. However, this may require the MSSP to run an audit first so they can provide a reliable answer.

  • Who’s Going to Work On My Account? A lot of cybersecurity firms outsource their actual security work to overseas teams to reduce their costs. This basically makes you the client of someone else’s client, reducing the sense of urgency attached to your cybersecurity needs. Additionally, this can make communicating with your cybersecurity team difficult, as you may have to overcome both language and time zone barriers, which increase the risk of miscommunications and delays. This is why it’s important to know who’s going to be on your cybersecurity team.

  • How Will You Reach Out to Me (and Vice Versa)? Communication is key for a successful cybersecurity strategy. No matter how effective your cybersecurity architecture is, or how skilled your MSSP, you need to be kept in the loop regarding any cybersecurity incidents or important updates. So, it’s important to establish a clear protocol for communicating with your security services provider as soon as possible.

  • What Do You Need from Me? No MSSP, no matter how skilled or talented, will be able to provide you with the cybersecurity protection you need without at least some input from your side. They need to know what assets you have on your networks, how many users you have, and other information about your business to determine the best strategy for protecting it.

These questions should help you vet a cybersecurity provider before you commit to their services—helping you avoid hiring the wrong security partner.

2) Check with the MSSP’s Other Customers

After you ask the MSSP your questions, you might want to take the time to track down some of their other customers so you can ask them about their experience. This can tell you a lot of things about a cybersecurity partner that the company might not be willing to tell you themselves.

If the customer left the MSSP, be sure to ask why they left. For example, did they leave because the MSSP was able to train up an internal team of cybersecurity experts for them? Or, did they leave because of issues relating to the quality of service they were getting?

3) Read the Cybersecurity Services Contract—Always

Be sure to read any contracts that the cybersecurity company provides before signing one. In fact, it may be helpful to have your company’s lawyer review the service agreement contract, since they may be able to spot potentially problematic issues such as minimum contract lengths, service cancellation fees, or excessive indemnity clauses that may indicate a bad faith negotiation.

This way, you can avoid locking yourself into a long-term contract with a subpar cybersecurity partner.

These are just a few of the things that you can do to help you find the best possible cybersecurity partner for your business. To learn more about cybersecurity issues so you can take the right steps to protect your business, check out our cybersecurity basics guide, or contact us today!

reducing with risk Rapid7 and Compuquip