If your business lacks the resources, expertise and time to come up with a solid security strategy, hiring a security consultant might be the best move for you. With their years of experience across industries and various clients as well as knowledge on the latest threats and response strategies, a seasoned consultant can be a huge asset to your business. But how should you begin? Who should you hire? What services do you need? Here are the top questions to ask your security consulting company.
What Level of Security Do I Need?
At the start of the meeting, the right answer is that they do not know it. The consultant will first need to have a sense of your industry and its general needs. A red flag is a consultant who arrives with a suite of tools and readily sell you a one-size-fits-all package solution. without conducting a risk assessment, it is impossible for the consultant to come up with the right solution for your business.
What Security Frameworks are Important for My Business?
While a consultant should not make assumptions early in the relationship; but they should have a sense of the framework your business is running to meet compliance needs. Security services vendors should have a comprehensive understanding of regulations and frameworks, along with any state laws that are related to data breaches which are constantly changing and evolving.
Who Have You Worked for in the Past?
It is not advisable to buy anything without reading the reviews first. You have no easy access to ratings and reviews for a potential security consultation, but you can get a list of their former and current clients to get an idea of the kind of service they provide. Reach out to their clients and confirm and competency and skills of the vendor. Ask if they are satisfied with the solutions proposed to them and if they were properly implemented.
Will You Give Cost-Benefit Analysis for Recommended Solutions?
If you are considering hiring the services of a security consultant, you need to have enough budget for both their fees and the solutions they end up proposing for implementation. Budgets are not limitless, however, and you will have some tough decisions to make on your own. A good consultant will help you understand the total cost of their recommended solutions and inform you of the return on investment of each solution.
Who Will do the Actual Work?
Ask the potential consultant how they will get the work done. If they will review existing policies and practices, and make recommendations for the staff to implement, this should be reflected in the cost of the engagement. If you need to supplement a team or you have no on-staff security at all, ask the consultant who will do the work. The one making the sales pitch and the one who did the work might not be the same person.
How do You Handle Client Communication?
Ask up front how a potential consultant usually handles communication. A good vendor has a carefully outlined process for checking in on the progress. Look for the same quality project management practices that you would expect in any kind of business arrangement. It should have a meeting with stakeholders, budget documentation, work schedule, communication plan, regular updates and a project close meeting.
Before anything else, ask yourself this: Are you ready and willing to make changes? Make sure that your business is ready to take the advice of a consultant. Otherwise, hiring a consultant is pointless. You need to consider consultant fees and other potential costs, spare someone on your staff to spend time with the consultant, and get everyone trained any changes once they are in place.