Perhaps your business has experienced a ransomware or malware attack, or maybe you want to ensure that you do not become the victim of one in the future. Whatever the reason, there might come a time when it becomes necessary for you to beef up your security. The question is, what do you do about it? How do you best ensure that the problem will be resolved, now and in the future?
What Is a Security Consultant?
"Security consultant" is a very broad term, covering professionals who manage a wide spectrum of specialties—everything from employee training to emergency planning, intrusion detection, building design issues, IT security and video surveillance. Some security consultants know a little about many of the areas in which these professionals work, while others are highly specialized. What they all have in common is their sole focus on serving their clients. As Campus Safety explains:
"A security consultant is an individual or group of individuals who have specialized knowledge in some facet of the security industry. A consultant should serve only the interest of his or her client. Persons who work with, for or receive compensation from a vendor, integrator or anyone else who may directly benefit from your project fall into a separate category."
Since security consultants cover so many bases, they serve their clients in different ways, depending on those clients' specific needs. Some, for example, are hired to assess their client's comprehensive IT security needs, while others might help provide recommendations to address a specific issue.
How Can I Hire the Best Security Consultant for My Business and Needs?
Hiring the best security consultant for your business begins by defining the IT (or other) problem you face. Once you've clearly defined the nature of your security challenge and what work you need to be done, you should speak with several candidates and ask each of them these five questions:
1. Can You Give Me a List of References?
For each consultant you interview, it is important to get references. Who have they worked with before? What type of work did they do for them? What were the results?
Of course, it is also necessary to speak with each of those clients to verify the consultants' assertions. However, you should also take it one step further, identifying previous clients who are not listed as references. After all, any consultant could cherry pick only those clients with whom they've had a positive experience. You need to know what clients not listed as references have to say about them.
2. Have You Worked on Projects Similar to Mine?
A consultant might list a particular specialty on his resume (like email migration or disaster recovery) and might even have training in that area—but it's important that he also has experience working a security problem like yours. Ask for a detailed description of work similar to the work you need done. How long did that consultancy last? What was the final cost? Most importantly, what were the results?
3. Who Will Be Working My Project?
If your consultant has a team with whom he works, you need to know who those people are and what experience and strengths they have. You also need to know which of them will be working on your project, and how much of the work each of them will do. Finally, make sure you find out who your principal contact will be. If problems arise during your consultant's work, you need to know whom you can contact, how to contact them, and how quickly they'll get back to you.
4. How Many Other Clients Do You Currently Have?
A solo consultant, or one who works with a relatively small team, can quickly become overwhelmed with too many clients, which could mean unreasonable delays and missed deadlines. Ask each consultant whether he's experienced such delays in the recent past, and, if so, whether any of those work interruptions have resulted in cost overruns. Be sure when you check with previous clients that you verify what the consultant tells you.
5. What Are Your Deliverables?
Don't forget to obtain a clear description of what the security consultant will deliver to you at the completion of the project. If training is involved, will they provide you with a training manual, or will they perform the training themselves? Will they write a report or series of recommendations, and if so, what will be included in the report? This might seem like an unnecessary step, but you don't want to engage a consultant only to discover that you did not get what you expected.
This might at first blush seem like a lot of work, and a lot of questions—but it is critically important to do your homework—after all, your company' security matters, and it matters that you get the best possible advice, guidance, and tools to most effectively serve both your business and your customers.
To learn more about the ways our cloud computing and storage, server maintenance, backup and disaster recovery, network security and IT consulting services can help your business increase its security, contact us today.