The press has been inundated with cyber-attacks against businesses. Hacking, malware, and other horrible incidents involving customer data being compromised by a computer-based threat. If companies that have some of the best security in the world can be penetrated by a security threat, what hope can there be for small and medium sized businesses?
Penetration Testing (or pentesting) is the method by which a company would go about testing their cyber security. Finding a company to partner with for pentesting should not be taken lightly. After all, if you're entrusting your company's proprietary, fiscal, and other information to their abilities. But how do you make sure your company is in capable hands? There are six questions that everyone should ask to get them started in the right direction.
Are They Experienced? Before you even get into the specifics of the services they would provide to your company, you should find out how long they've been in business, what sort of clients they have worked with in the past, how experienced the individual technicians are, and any other questions or concern you might have regarding the capabilities of the company.
Do the testers belong to a standardizing organization? When letting an outsider access your protected files, it's important to know how the company performs security and background checks on their employees. An IT firm who employs a team of hackers waiting for their opportunity to exploit your companies information may seem like a nightmare - but it has happened in the past. To avoid this, most Penetration Testing companies do extremely thorough background examinations. There are several organizations that perform the certification.
What certificates and degrees have the testers obtained? Once you've learned which organization(s) that the pentesting company is affiliated with, you can next ask about any certification and courses they may have obtained. Within a standardization agency, there are different certification levels, degrees and training programs that the standardization agency offers.
Are they equipped to handle the testing of an organization such as mine? There are a few different schools of thought in regards to how the actual testing is done. It can vary from pentester to pentester. By talking to them, you should be able to get a feel if they have the right testing tools for your organization.
Does the contract protect your company's network and hardware? Anytime you let an outside organization into the inner-workings of your company's computers, you want to protect yourself in as many ways as possible. Before they begin their attempts to penetrate your company's infrastructure, make sure that the contract makes them liable if they damage it.
In the end, no one knows your company better than you do. Make sure that you're comfortable with the Penetration Testing Partner you've chosen. There is no going back once you've had a breach of security or loss of data. Contact XFER at 734-927-6666 / 800-GET-XFER to schedule a meeting to talk about your network's security.
Comments