By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
IndebtaIndebta
  • Home
  • News
  • Banking
  • Credit Cards
  • Loans
  • Mortgage
  • Investing
  • Markets
    • Stocks
    • Commodities
    • Crypto
    • Forex
  • Videos
  • More
    • Finance
    • Dept Management
    • Small Business
Notification Show More
Aa
IndebtaIndebta
Aa
  • Banking
  • Credit Cards
  • Loans
  • Dept Management
  • Mortgage
  • Markets
  • Investing
  • Small Business
  • Videos
  • Home
  • News
  • Banking
  • Credit Cards
  • Loans
  • Mortgage
  • Investing
  • Markets
    • Stocks
    • Commodities
    • Crypto
    • Forex
  • Videos
  • More
    • Finance
    • Dept Management
    • Small Business
Follow US
Indebta > Small Business > Three Things To Do Before Hiring A Cybersecurity Company
Small Business

Three Things To Do Before Hiring A Cybersecurity Company

News Room
Last updated: 2023/06/05 at 8:41 PM
By News Room
Share
8 Min Read
SHARE

Edward Tuorinsky, Managing Principal of DTS, brings two decades of experience in management consulting and information technology services.

Contents
1. Know your end game.2. Take a hard look at the status quo.3. Run the numbers.

We’re a nation of sleepless business owners—up late worrying about the many aspects of business that we can’t control. The top of this list might include things like the threat of a cyberattack, meeting compliance standards and the cost of adding cybersecurity to everyday operations.

With the introduction of several security frameworks, you now have several approaches designed to keep your businesses safe. But it’s a little like being given a map without knowing your final destination—helpful but incomplete.

Implementing modern cybersecurity for most small- and medium-sized businesses requires the help of a managed network services provider (MNSP) and/or a managed security service provider (MSSP). Admitting you need help from a professional is an important step toward achieving the kind of security that can better protect your business, employees and customers. Before you search for an expert, though, there are three things you can do to be ready.

1. Know your end game.

Determine what level of cybersecurity or certification your business needs and what’s truly involved in that process. Obviously, you want to protect yourself against attacks and breaches. However, beyond that, there are a few reasons why companies may need enterprise-grade security.

• Many companies are starting to view cybersecurity as a requirement for doing business. They will only use vendors and partners who have invested in security, forcing your hand.

• Some companies are required by their state or industry to meet certain levels of cybersecurity or have a certification.

• Cybersecurity can be a competitive advantage. If there are 50,000 companies that do what you do, but only 75 of them have advanced cybersecurity, that can be a distinguishing benefit.

I’m seeing a huge push for small- and mid-sized companies to have some type of certification from a third party or to share their system security plan with others in their network. The question is, what do you really need?

To answer that, you’ll want to look at your specific contracts and partnerships for requirements. You’ll also want to research what certifications are advantageous in your market or industry. You can even get guidance from your insurance agent, for a certain level of security is required for cybersecurity insurance.

2. Take a hard look at the status quo.

Be realistic about where you stand. If you don’t know your stance, it could mean you aren’t doing enough.

It’s important to be brutally honest with yourself and others about your security posture. There are a lot of free tools and self-assessments you can use to determine your level or self-score, and of course, a third party can assess your stance. Here’s my advice: If you know you are lacking (no formal program, no policies, etc.), save yourself the hassle and headache of an assessment and move straight to remediation with a qualified service provider.

If you are working on cybersecurity (but not yet up to the level you need), you can use the 6-9-12 guide to determine how to get there. Note, though, that while this guide looks at your timeframe for achieving cybersecurity compliance, it doesn’t consider the size of your company, the complexity of your systems or your budget. According to this guide:

• If you have 12 months, you can hire the talent you need to implement basic cybersecurity or manage the process of an audit for certification.

• If you have nine months, you can use a combination of internal human resources and professional guidance.

• And if you have six months, you’ll probably need to bring on a full army of remediators and consultants to help you handle the technical parts of cybersecurity like migrating data and choosing network configurations—as well as write all of your policies and procedures and train employees.

As developing the specialized knowledge required to implement a sophisticated cybersecurity program is a full-time job in and of itself, I find that cybersecurity experts are usually necessary. A good pro will spend as much as 30% of their time on continuing education and keeping up with the latest news and trends.

3. Run the numbers.

Determine your budget and the metrics you’ll use to measure the business impact of cybersecurity.

Every business owner wants to do cybersecurity as fast and as cheaply as possible. Sadly, the kinds of steps that actually protect your business don’t happen overnight, and expertise and education can be costly. Skirting around the rules to try to get certified without actually increasing your cybersecurity posture leaves you at serious risk for a breach that can destroy trust in your company and land you in hot water with regulators or insurance companies.

As for setting a budget, my experience has shown:

• For bare-bones basics, like Level I for CMMC, expect to pay between $5,000 and $20,000 in labor, education or professional help.

• Remediation costs vary based on your network, your business and the level you’re aiming for, ranging from $20,000 to $100,000. Get a handle on the scope of work you need and get at least two estimates from certified providers.

• For certification audits, expect to pay for the cost of the audit itself plus a similar amount for preparation costs (your staff or a consultant spending time on cybersecurity), plus additional fees for staff training, travel (if the audit includes a physical visit) and other variables, for a grand total of $50,000 to $60,000.

• For ongoing security monitoring, recertification, software patches and other cybersecurity updates, budget $15,000 to $80,000 or more annually, depending on the standards and complexity of your system.

You can look at the impact cybersecurity investments have on your business in several ways: How much you’ve improved security, new business or contracts won or business maintained (that might have been lost if not for cybersecurity efforts).

Many now see cybersecurity as another cost of being in business like insurance, bookkeeping or payroll taxes. Most importantly, if cybersecurity has been the thing keeping you up at night, you can view your investments as the cost for peace of mind

Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?

Read the full article here

News Room June 5, 2023 June 5, 2023
Share this Article
Facebook Twitter Copy Link Print
Leave a comment Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Finance Weekly Newsletter

Join now for the latest news, tips, and analysis about personal finance, credit cards, dept management, and many more from our experts.
Join Now
Jamie Dimon tells Europe: ‘You’re losing’

Unlock the White House Watch newsletter for freeYour guide to what Trump’s…

An Apollo-backed insurer is coming for the UK’s pensions

Apollo has used its in-house insurer Athene to remake US private capital,…

Trump’s ‘intelligent’ copper tariffs will ‘wake people up’, says mining billionaire

Unlock the White House Watch newsletter for freeYour guide to what Trump’s…

Market volatility recedes as investors brush off Donald Trump’s tariff threats

Unlock the White House Watch newsletter for freeYour guide to what Trump’s…

Delta offers rosier outlook as flight demand ‘stabilises’

Unlock the Editor’s Digest for freeRoula Khalaf, Editor of the FT, selects…

- Advertisement -
Ad imageAd image

You Might Also Like

Small Business

Brilliant Or Lucky? 4 Key Insights For Ventures & Angels

By News Room
Small Business

A Conversation With Agile Expert Harry Narang

By News Room
Small Business

College enrollment is down, Gen Z losing faith in a degree. Here is a better option.

By News Room
Small Business

The Digital Cyrano De Bergerac Of Modern Business

By News Room
Small Business

Why Do We Stay In A Job When We Are Not Happy? Insights To Help You Get The Career You Deserve

By News Room
Small Business

Making A Large Language Model Transparent, Compliant And Reliable

By News Room
Small Business

The Important Initiative For Real Digital Marketing Results

By News Room
Small Business

The Future Of Real Estate

By News Room
Facebook Twitter Pinterest Youtube Instagram
Company
  • Privacy Policy
  • Terms & Conditions
  • Press Release
  • Contact
  • Advertisement
More Info
  • Newsletter
  • Market Data
  • Credit Cards
  • Videos

Sign Up For Free

Subscribe to our newsletter and don't miss out on our programs, webinars and trainings.

I have read and agree to the terms & conditions
Join Community

2023 © Indepta.com. All Rights Reserved.

Welcome Back!

Sign in to your account

Lost your password?