Questions To Ask An Outside Provider

Before you hire an outside cybersecurity provider determine what work you want done and identify the assets you want secured.

By Laura Elan, MxD

Rising cybersecurity risk, coupled with an ongoing shortage of workers in the sector, puts many manufacturers in a tight spot. The solution for some, particularly small- and medium-sized firms, is hiring an outside provider.

Here are five things manufacturers should consider when taking that route:

Determine how much of the work you want to do in-house and how much you want to outsource.

Can a third party install cybersecurity measures and then hand over the dashboard to your company to monitor? Do you need ongoing support from an outside security operations center to identify and respond to threats? Answers to these questions will help you decide how much outside help you should hire.

One way to look at this is to compare it to home security. Some might feel they only need a lock on their door. Others want doorbell cameras accessible through their phones. Still others want motion detectors or sensors that alert outside security. Smoke detectors provide another comparison: Should your home smoke detector simply shriek with ear-piercing beeps or should it also alert the fire department?

Similar considerations apply to your business. Should a cybersecurity alert simply notify you, or should it call in help from outside your company? This is a decision you should make based on the resources you have, how much security you need, and how much you want to spend on in-house security versus outside services.

Identify the unique assets in your organization to find a cybersecurity company that can best protect them.

What do you have in your manufacturing plant? Where does the information from your plant go? What do you have that needs better security: software, data, equipment, intellectual property, or other sensitive data? These are essential items to inventory when researching cybersecurity firms. This way you can ensure that the firm you hire will monitor your specific assets and address the concerns specific to your organization and industry.

Which critical systems and information does your business store?

Do you have computer hard drives, email, or cloud-based information that is critical to your manufacturing plant? Ask the firms you consider what they will do to maintain the confidentiality, availability, and integrity of these sources and this information. These should be three of the most important goals of any third-party cybersecurity company.

What other help could a cybersecurity firm provide?

Could you benefit from a firm with a 24/7 help desk? Should this firm be able to assist with incident response, for instance if an employee clicks on a ransomware link and you need help remediating the cyber threat and its consequences? How soon do you need this response? Does the firm provide cybersecurity training or training resources for your employees? Can it help you craft cybersecurity policies and procedures to protect your business?

Get multiple quotes.

Many cybersecurity companies provide protection for small- and medium-sized businesses. If you clearly state your goals and needs, a company can provide accurate and comparable quotes for your unique business. Always make sure your cybersecurity firm is based in the United States. EP

Laura Élan is Senior Director of Cybersecurity for MxD Cyber: The National Center for Cybersecurity in Manufacturing, Chicago (mxdusa.org). Elan supports MxD’s cybersecurity projects and initiatives and leads the company’s Cybersecurity Steering Committee.