Hiring an Internet Security Company? 6 Chief Questions to Ask Any Potential Expert

| August 3, 2016

Hiring an Internet Security Company? 6 Chief Questions to Ask Any Potential Expert

Internet threats and ransomware attacks aren’t just horror stories you hear in the news. Breaches in network security happen frequently and they could happen to you. In fact, attacks are increasing. According to “The Global State of Information Security Survey 2016” by PwC, “In 2015 there were 38 percent more security incidents detected than in 2014.”

Security is full of holes for many companies, from SMBs to enterprise. That makes it all the more necessary to hire an Internet security company to help you protect your network. If you don’t feel confident that your own IT professional can handle the ever-increasing mass of security products and services on the market and if you can’t afford your own in-house security team, it’s time you look at hiring a network security firm.

But how do you know if you’re hiring the best Internet security company for your individual company? How can you ensure you won’t be scammed? We know finding an ideal company comes with its own set of challenges. Here are six major questions that you should ask any potential security professional.

  1. What kind of IT security experience do you have?
    Although it sounds obvious, you’ll get a lot of answers once you start asking around. Generally, you’ll find two categories of security companies: those who emphasize their impressive credentials and those who emphasize their qualitative experience. More often than not, you want the latter. Yes, credentials can be important but they don’t mean anything if the company cannot prove its practical experience.

    To determine just how qualified a company really is, probe them for actual stories about what they have done for past clients. If they focus too much on what they’d do in a hypothetical situation, they may not have the experience you’re looking for. Another tip is to ask the consultant to make analogies when speaking about security to ensure they can articulate themselves in easy-to-understand lay terms.

  2. What’s the biggest security risk my organization faces?
    Beware of any Internet security company who seems to rely too heavily on technology and wants to fix everything with a cookie-cutter approach. It doesn’t work that way. Each company brings forth its own network risks, requiring a consultant to use a risk-based approach to develop security policies and procedures. Specifically, listen for the consultant to use language that focuses on risk analysis and wait for them to identify your company’s biggest risk, such as credit card hackers.

    And you personally shouldn’t have to ask what your biggest risk is. Instead, the consultant should ask you if you’ve had a risk assessment performed, or if you were planning on it. If the answer to the first is no, the Internet security company should conduct this assessment right away to create a unique security plan for your business.

  3. What are the legal or regulatory requirements my business should be concerned with? How experienced are you with these laws or regulations?
    Legal questions always have their place. As a business owner, you need to know whether or not the Internet security company has a firm understanding of your business and the industry-specific compliance issues that concern you. For example, if you work with the stock market, your consultant should know about Sarbanes Oxley. A consultant should be aware of the payment card industry for companies that take credit cards or HIPAA for the healthcare industry.

    Essentially, check that the consultant is well-versed in the regulatory requirements that you are responsible for, helping to keep you, your network, and your assets free from liability throughout the security development process.

  4. Will your company be performing the work?
    Many companies will call on their qualified IT consultants to initially assess a security situation, but then will send in junior associates to do the job once hired. Many customers get frustrated with this bait-and-switch because they are expecting highly-trained professionals to oversee the full life cycle of network security.

    The problem here is that these junior associates are often right out of college and lack the practical real-world experience necessary to target the job to the hiring company’s specific needs. A way to prevent this is to conduct an online background check on the consultant via Google or social media pages to see if any red flags come up in reviews.

  5. What’s your communication style on a project?
    This is a big one because you want to know exactly what to expect going into a project. Unfortunately, many IT security companies have a habit of not divulging all the steps in their process. Some don’t communicate at all, only revealing the finished project. This type of communication should be a huge red flag because you don’t know what’s going on, you don’t understand the process, and there’s a strong likelihood you’ll be disappointed.

    Avoid this snafu by being upfront about asking the company to explain the work they will do, clearly and in simple terms you can understand. You’ll want to understand software, policies, and processes that will be used and why they’ll be used. You should also have a clear understanding with the consultant about where you want your company’s security to be at the end of the project, and how you’ll measure progress.

  6. What have been your failures as a company?
    From losing a client to accidentally taking down a network during testing, everyone has made mistakes. Although most professionals don’t want to own up to making mistakes, if you’re going to hire an Internet security company it’s important to know the character of the people you’re inviting to work on your business.

    Pay close attention to the response of the company you’re interviewing when you ask this question. More important than hearing about all the times a company did a wonderful job, if that company can admit to you their humanness and how they worked their way out of a mistake, that is the company you will want to consider.

  7. Although choosing and hiring an Internet security company can be a long and complicated process, allow these six questions to serve as your launch pad for a successful IT relationship. For any further questions about IT security companies, get in touch with us.