Many small companies have never engaged a third party to conduct a security review of any sort. The reasons for not doing so range from being too busy, to not budgeting for such an assessment, to not knowing where to start in the vendor selection process, and everything in between. However, some day and some day soon, it will become a high priority and inevitably, those organizations will look to an outside firm for help.
For those companies a rare opportunity abounds: a fresh start.
A small company’s first security assessment is an ideal opportunity to establish a trusted relationship with an outside firm. It is critical to tightly define the scope of the first review and clearly state the business objectives. Doing so will allow small companies to contract with a third party to perform a short and inexpensive engagement with clear objectives and limit the burden placed on already stretched personnel. It is comparable, on a personal level, to engaging a skilled accountant at an established firm for the first time to prepare your family’s taxes. Getting started and establishing a relationship, even at the simplest level, will pay dividends in the future when you will need to leverage the knowledge and experience of an expert or team of experts (e.g. estate planning, being audited, etc).
A security assessment (say, for example, a penetration test of a few IP addresses) may only take a day or two. But, by the end of the vendor selection process and even the shortest of engagements, you will be able to answer some key questions about the firm you selected including:
- Do they offer services catering to small companies like ours?
- Are the consultants as nimble as we are?
- Do they understand our business model and risk context?
- Are they willing to over-deliver?
- Heck – do we like them?
If you answer yes to all of these questions after your first engagement, then you are off to a good start with a new valuable relationship. Securing your environment from multiple threat vectors is critical to the success of your company. Having a trusted outside firm to help you do so as you grow your business is a powerful tool.
No comments:
Post a Comment