Prominent companies falling victim to hacker has become all too common in the news. Some of the larger breaches in security involve the compromise of thousands of customers’ information. Definitely not the kind of press you want, not to mention the irreparable damage to your business. This can be a little scary for a small business owner, especially if you consider that these large companies have the best cyber security money can buy.
There are companies that test cyber security. This service is called Penetration Testing (or pentesting). Most hacking victims, both large and small, fail to utilize this service. Choosing a company to PenTest your system is important, not only for your security, but also for your company’s reputation, and the safety of the customers’ personal data. You do not want to just give anybody access to your system and have them prod around at it, you want a company you can trust. If you are looking for a reputable company to test your security, there are six questions you need to consider.
Are they experienced? How long has the security testing company been in business? What sort of clients do they work with? What type of training has the technicians received? Ask several questions about the capabilities of the company, it is also acceptable to obtain client references and ask them about the quality of service they have received.
Do the testers belong to a standardizing organization? Ask the security company about the background checks they perform on their employees. These are the people to whom you are handing over the keys to your castle. It’s important to make sure they are not hired hackers in disguise. Good Penetration Testing companies have layers of background checks in place, and partner with organizations that certify technicians. A trustworthy PT company will share this information with you.
What certificates and degrees have the testers obtained? In the same way you would call the college and double check the education of an applicant applying for a high level job. You can also check with the standardization agencies that certifies the pentesting company. Be sure to also check with the agency, what is the current level of certification for the prospective company?
Are they equipped to handle the testing of an organization such as mine? Within the different companies that offer Penetration Testing, there are various schools of thought in regards to different methods of security testing. Talk to the PT company about your specific security needs, and get a feel if their methods will work for your organization.
Does the contract protect your company’s network and hardware? Before you let someone else tinker with your networks and systems, be sure to cover liability. Just like you would make sure a contractor is fully insured before giving him access to your home, so it is with Penetration Testing. It is best practice to draw up a contract making the PT company liable if they damage your system.
Get to know your Penetration Testing Partner, it is important that you are comfortable with the team you give access to your information too. Double check their credentials and make sure they have the skills to make your network impervious to hackers, because ‘once you’ve been hacked, there ain’t no goin’ back’. Contact us at Michell Consulting Group at 305-592-5433, we will be happy to discuss with you different solutions for your security needs.