Carefully consider the credentials of your cyber security providers
Small firms will benefit from a partnership between their IT provider and a qualified cyber security provider
Cyber security is on the agenda of most organisations. Normally it is viewed as an IT issue rather than a boardroom issue. For many small firms who outsource their IT, their IT provider is a trusted partner, and it is therefore natural to turn to them for assistance with cyber security.
The recent Cyber Security Breaches Survey 2016 highlighted that when small firms engage with an outsourced supplier as their their cyber security provider, the initial engagement is often not cyber security, and therefore the level of security offered was not the deciding factor in choosing a suitable provider. Small firms may therefore be misled into thinking that their cyber security requirements have been met, but there may be gaps that they, and their IT provider are unaware of. These may still leave them vulnerable.
A qualified cyber security specialist will be able to identify weaknesses through a gap analysis, and work with your you and your IT provider to reduce any vulnerabilities.
The recently published Cyber Security Breaches Survey 2016 looks at the approaches taken by organisations to Cyber Security and says:
“Trust based on an existing relationship with the provider was often important, in some cases overriding considerations of the technical capabilities of providers, which were assumed to be satisfactory. Some participants from small or medium firms noted that they had previously worked with their chosen providers in another capacity, so knew what they provided and trusted their work. They had since formalised that existing relationship to include cyber security. Some businesses may unwittingly be less secure because of their relatively informal approach to choosing a cyber security provider – businesses should also consider the credentials of cyber security providers when making this choice.”
A company’s outsourced IT providers are specialists in their own field, and will operate within the areas they excel at. This does not always include all the elements a business needs to create a robust cyber security strategy. A good provider will be honest about this. They will help you seek specialist advice with the technical aspects that you need, such as PCI DSS compliance, and will highlight areas that you need to address that are not part of their suite of services.
A perfect answer may be a partnership between the two, to ensure that you build a resilient solution and mitigate your risks.[pdf-embedder url=”//securious.co.uk/wp-content/uploads/2016/05/Cyber_Security_Breaches_Survey_2016_main_report_FINAL.pdf”]