Considering Hiring a Cybersecurity Professional? Here's What to Look For.
February 1, 2018
With the occurrence of cybercrimes affecting businesses increasing daily, many companies are looking for outside expertise to help them mitigate their risks. If your company has never engaged a cybersecurity professional before, you may be unsure of what to look for. The IRS suggests businesses use the following four steps when evaluating and selecting a cybersecurity professional:
1. Ask other business owners or professionals for recommendations and references.
2. Keep trust at the forefront of your selection process. Since any cybersecurity professional you hire will have access to sensitive data and systems within your organization, it is essential that you feel comfortable granting such access to them.
3. When interviewing candidates, make sure you learn how much experience they have in data protection. The IRS suggests asking questions such as:
- How does ransomware work and what can we do to protect our systems?
- What are the best options to securely back-up data and why are those options the best?
- Do you have suggestions regarding the following: data encryption, malware, firewalls, disaster recovery and remote access tools?
- Have you ever created a security plan for a similar business?
- Can you do an assessment of my systems and processes to find vulnerabilities or weaknesses? If so, will you then provide recommendations to strengthen my security?
- Will you conduct security simulation tests with our staff?
- What resources do you have to provide continuous staff education regarding security?
- Will you provide ongoing monitoring of my systems as security threats evolve? If so, how often do you recommend changes?
4. Once you have identified the cybersecurity professional or firm that you wish to engage, make sure that you execute a written agreement or engagement letter to ensure both parties understand how you will be working together.
For businesses that do not have an internal resource to help them safeguard their sensitive data and computer systems, hiring an independent cybersecurity professional or firm can be a wise decision. If your business decides to engage this type of resource, use the steps above to help you find the right fit for your company’s unique needs.