If you’re afraid of having a cybersecurity professional take your money without delivering on their outlandish claims, there are some steps you can take to weed out the snake oil salesmen from the real cybersecurity experts.
Do the headlines about data breaches and information hacks have you worried, but you don’t know where to turn? You’re not alone. The headlines are becoming repetitive. And they’re in our face with even more regularity. If large organizations like Target, Equifax, and The Home Depot aren’t safe, then who is?
We recently chatted with a 35-year veteran in the IT and cybersecurity industry, Paul McGough, Founder and CTO at Qwyit LLC. He shared some very useful tips for IT professionals and business owners looking for much needed help with their information security.
Avoiding Snake Oil Salesmen
Where there is a pressing need and buyers confused about where to go for a solution, dishonest “solutions” providers will appear, ready to prey on the fears and desperation of their would-be buyers. Using this three-point checklist will help you avoid the imposters and find a cybersecurity partner that can really help:
1. Look for Transparency
Reputable cybersecurity firms will provide specific information about where they can help you. Rather than making broad claims about helping you with protecting sensitive information, they will provide specific information about the areas of cybersecurity with which they can help...and how they can do it. If you’re hard-pressed to find any information about how they do what they do, you’re alarms should be going off and it may be time to find a new partner or consultant you can trust.
2. Connect Claims With Details of Product or Service
Just because you see the words information security or cybersecurity all over a potential vendor’s website, that doesn’t mean they can deliver on the claims they are making with broad strokes. Look closely to see if you can connect the dots. If you can’t draw a logical line from the details of their product to the results their claims say they can deliver, then there’s a disconnect and reason for concern.
3. Find a Partner Who Communicates
A trusted cybersecurity solution provider will take the time to get “into the weeds” with you on the details, and help translate the technical details into understandable action points.
They will also admit mistakes and help you find better answers.
If you’re hearing broad claims followed up by a list of excuses, do yourself a favor and move on in your search for a better cybersecurity partner.
Information security certifications are a hot topic among IT professionals right now, but McGough warns against simply settling on a partner because they have a lot of letters behind their name on their business card. It takes a lot of real-world experience and industry knowledge to apply the knowledge taught by these cybersecurity courses. So, taking the time to learn how an IT professional has helped other clients or organizations in specific areas of cybersecurity will tell you more than his or her list of security certification credentials.
What Do Modern Cyber Attacks Look Like?
It’s tough to defend against the unknown. If you don’t know what to be on guard against, it’s difficult to take the steps you need to secure your sensitive information.
“The problem is widespread, but the solution...might be a little simpler than it appears,” McGough shared.
Understanding the four common steps to any organized data breach helps to wrap our minds around the approach of modern hackers. Gone are the days when most information hacks were happening with criminals getting their hands on data that was physically passed to the data input department doing data entry on mainframe computers.
Things are much more organized and methodical these days.
The 4 Steps to An Organized Data Breach
- Unauthorized Access
- Unauthorized Access Over Time
- Gathering Information
As you can see, the typical process starts with unauthorized access. This can happen due to weak passwords, improper authentication protocols or a number of other cybersecurity weaknesses.
“They’re not smash & grab jobs...when $500M is taken from a...cryptocurrency exchange, there is some serious planning going on,” McGough explained to shed light on the organized nature of today’s cyber attacks, both large and small.
Where To Turn For Help?
It’s confusing to know where to look for answers when no one seems to be “in charge” on the topic of modern data protection. McGough discussed a recent breach of credit card information from the restaurant chain, Chili’s, and explained how customers can often be left to fend for themselves.
Using the three steps discussed earlier will help you identify the right person or team that can help:
- Look for transparency
- Take a close look at the details of their product or service (and how they align with their claims)
- Find a partner that communicates
From there, you’ll want to identify the specific cybersecurity areas with which you need help. Once you focus in on a functional area, you can drill down into the policies and procedures specific to that part of your information security plan. For instance, maybe improper access is a known issue in your current IT environment.
Start a conversation with a trusted professional on best practices specific to authentication procedures. Finding a knowledgeable professional and tackling your specific needs area-by-area will make the overwhelming (and often frightening) topic of cybersecurity much more manageable for your business moving forward.
If you don’t use iTunes, you can listen to every episode here.