Do you know why the Golden Gate Bridge is orange? It's covered with a rust-proof paint that requires constant upkeep. Workers start at one end and go all the way to the other, and by the time they finish, they have to come back and start over again. It's a continuous process.
That's what your IT partner or cyber security consultant should do too. IT is a continuous process. You can't just set it up once and use it for years and years and expect everything to work properly. You have to look at it constantly.
For example, you have to plan for software upgrades when your provider stops supporting an old program. You have to budget for updates when old hardware is no longer supported and you won't be able to get parts to fix it if something happens. And you have to look at how all of that impacts your business.
So it's a continuous process when we're working with a managed service provider. They can take you through that continuous process and make it smooth on your budget and make it smooth on the way you run your business. So you don't have downtime and outages.
Lots of businesses try to get away with "set it and forget it" IT. They don't do anything to it until there's a problem, or when something stops working, or when something breaks, or when something's incompatible.
And at that point, you’re stressed because you're trying to fix the problem, and you're not looking at the entire situation.
It's like going to the hospital for a broken leg. They're just looking at your broken leg, they aren't checking to see if you have cancer. But if you take a more holistic approach, you'll be able to deal with those problems before they become major issues.
What is a Cyber Security Consultant?
A cyber security consultant is someone who has specialized training and experience in the field of cybersecurity.
There is a whole continuum of cybersecurity consultants. At one end, there's the IT guy who's studied cybersecurity and has some experience with it. At the other end, there are large companies that do cybersecurity audits for large businesses and make sure they adhere to certain business or cybersecurity regulations. And there's everything in between.
Cybersecurity is a broad and technical field that can create fear in a lot of business owners’ minds. It's so broad that they don't know where to start. It's also conceptual, so they can't feel it, or touch it, or stock up on it, which can keep them up at night.
Our mission is to provide peace of mind for that business owner. That's why we're committed to keeping up with the latest developments in cybersecurity. The threat landscape is ever-evolving, and we have to evolve with it.
A cybersecurity consultant is someone who can look at your business from a top-down perspective and assess:
- External Vulnerabilities
And then basically come back to you with a plan of here's how we need to remediate the things that we see as a problem.
How much does a cybersecurity consultant charge?
Cybersecurity is a specialized field but there is a fairly standard price range. It commands a higher rate than a typical IT technician or server and network technician.
The typical rates for cybersecurity consultants might be anywhere between $225-$300 per hour. But you don't want to judge solely based on the hourly cost. You want to look at an overall package.
You want somebody who can evaluate what you need and secure your data on multiple fronts. It's not about pointing out one single flaw to fix. It's about looking at multiple aspects of the business.
As a managed service provider, we're not a 100% cyber security consulting company. That's a different business. We are a managed IT service provider with an extreme focus on cybersecurity. And our focus is on keeping our clients safe from a cybersecurity standpoint.
What Cyber Security Regulations are Important for Businesses?
There are several important regulations for cyber security.
Computer Institute for Security 20 (CIS 20) is one cybersecurity regulation. Kamala Harris signed it into law when she was California's attorney general a few years ago. It’s essentially a guideline for cybersecurity that all businesses in California must adhere to. It hasn't been enforced, however, and most people don't know about it.
So literally people say, well, I don't have a compliance requirement. When you have a conversation with them, what compliance requirements do you have? What cyber security requirements? Well, we don't really have any, well there, the reality is everybody has a cybersecurity compliance requirement and responsibility.
If it's not CIS 20, there's another standard by the National Institute of Standards, it's called NIST 800-171. It's applied to companies that are doing business with the government, or manufacturing equipment that goes to defense or other government entities. That really is kind of the gold standard, and everything else is sort of subordinate to that.
We try to bring all of our customers’ security up to the 800-171 standard, whether they need it or not, because it is really the gold standard and it's all-encompassing.
What Should a Company Look For in a Cyber Security Consultant?
The first step in hiring a cybersecurity consultant is to look for a company with experience.
Instead of looking for a single consultant, business owners should look for a company that specializes in cybersecurity. You need to do some research on that company. You need to have some references from the company, and then you need to go through the assessment process, much like you would hiring a managed service provider. And you'll need to have an initial conversation so they can understand your requirements beforehand.
Questions For Hiring a Cyber Security Consultant Can Include:
- What's the landscape look like in your company?
- How many locations do you have?
- How many employees do you have?
- Does the staff work from home or on-site?
You need to understand where the vulnerabilities are. And then that company has to provide you with an assessment showing you the deficiencies that you need to address.
Most businesses learn about cyber security from their insurance provider. Everyone talks about cyber insurance today, and general liability insurance for companies often has a cybersecurity component now. That either comes from your insurance company or your client's insurance company.
Business owners who go this route are often presented with a 15- or 16-page cyber security and compliance questionnaire that they can't complete on their own. So they need to go to somebody who can evaluate it. Those questions give business owners a better understanding of what they need, however, if they look through those questions.
You can also go online and search for CIS 20 or Computer Institute for Security 20 guidelines. That will give you a really good overview of the guidelines that should be in place for every company.