Three killer questions when selecting an IT Security company

In Blog, Knowledge, Uncategorized on

Security threat in a digital world has moved on a long way from the days when a firewall was deemed adequate protection. Now, even organisations with large in house IT teams are bringing in security and governance specialists to help them protect systems, data and people from security risk. So how do you select a quality provider when choosing an IT Security company?

In addition, regular independent testing is a robust requirement across IT Security and people security, to ensure Information Security is protected to the best of a company’s ability. The Information Commissioner’s Office (ICO) seek evidence of best practice should you experience a breach also, which independent testing supports.

For all these reasons smart companies are engaging specialist security and governance support. However, Boards and in house IT Teams can find it a minefield to select credible security specialist support.

Now, even organisations with large in house IT teams are bringing in security and governance specialists to help them protect systems, data and people from security risk.

2018 saw 55% of UK businesses reporting cyber-attacks, up from 40% in the previous year and clear evidence that the threat continues to increase exponentially. Criminals are targeting every business sector and as they quickly develop more sophisticated methods and companies are struggling to keep up.


Here are our three killer questions to ask when selecting an IT Security company:


Q.1 – What security credentials and expertise do you have?
  • Technical services are no longer mutually exclusive and clients need end to end solutions to meet their long term needs.  You should look for expertise across IT services, cyber security and telephony to ensure no gaps occur that will weaken your defences.
  • Cyber Essentials certification is fast becoming a supply chain requirement, so ensuring your supplier holds Cyber Essentials Implementer status is becoming critical.
  • In addition look for Security Check level clearance and CESG Certification (information security arm of GCHQ) across multiple disciplines.
  • CHECK penetration testing team leaders and Lead Auditors in the management systems for information security standards, ISO 27001 and ISO22301 will also ensure that the risk assessment and solutions your IT security team provide you with cover all aspects of Real World Security including people and process. There is little worth in investing substantially in IT alone if your people and process governance is not aligned to protect your investment in IT.
  • Explore cloud security for data storage and back up. The most secure environment is an in house environment, rather than hosted in third party server farms. This gives you peace of mind that you have robust and secure guardianship of your data.


Q.2 – What evidence do you have to confirm trust and reliability in the market?
  • Look for evidence across an array of sectors including a track record of success delivering solutions for banking and financial services, healthcare, manufacturing and legal services. This demonstrates success in some of highest threat and highest risk environments, which means you are in safe hands.
  • It is also prudent to look for evidence of track record in working with law enforcement agencies.
  • Look for Lead Auditors for ISO 27001, the highest standard of information security and compliance for robust real world security support.


Q.3 – Do you provide 24/7 support?
  • For some companies who may operate large complex IT networks and systems or trade across multiple time zones 24/7 support delivers value. But for most businesses it is an expensive resource that is often over sold and rarely needed.
  • A quality security supplier should explore this question with you, to understand the relevance for your circumstances and assure you if you DON’T need 24/7 support. Support hours with Business Continuity Planning is very different to 24/7 support. 24/7 reliable and 24/7 manned support are two different aspects. Your Service Level Agreement (SLA) should cover this aspect clearly.
  • Discussion to explore this should include delivering and managing systems that are 24/7 reliable with regular preventative monitoring and maintenance that means your support needs are met mostly within business hours.   Yes, there will be times when you need to arrange to manage upgrades or system testing out of hours, but that doesn’t mean you should assume you need to sign up to expensive 24/7 support contracts on a long term basis.


About Net-Defence

Net- Defence offers end to end secure business solutions through a blend of accredited security, secure IT and security governance  specialists. This allows the team to deliver a comprehensive service from network infrastructure and design to system upgrades, support and security testing backed by incredibly strong hardware buying power for our clients. We provide security expertise for a number of small IT support companies also.

Net-Defence is a Trusted Partner of the SBRC with a UK wide track record of looking after businesses, third sector organisations and high profile individuals. We are part of a 3rd generation UK family business employing over 550 people. Our stability and reliability coupled with security expertise has lead us to being trusted to protect some of the world’s most high profile brands and people, who place an extremely high value their data security and privacy and demand exceptional standards, as well as SME’s from our local offices in Stirling and Newcastle.

Regularly engaged by in house IT and Security Teams, our team is effective at working in partnership. Our Consultants are also skilled at delivering Board and Trustee security governance education workshops, regularly holding these for clients and the Institute of Directors. Enabling organisations to effectively project manage mixed Directors accountabilities across IT, Security, Data and People, to create and test robust security strategies fit for an era of evolving digital threat.

If you would like an obligation free chat to help understand what to look for across your own security support, contact us. Our friendly straightforward talking team are experienced in helping people navigate this in a structured way that supports your daily business operation.