Download our 17 Step Sales Process Today and start closing more monthly recurring revenue immediately.
Security is much more than just firewall and antivirus — we can all agree on that, can’t we? If you’re not in agreement with that statement, then we encourage you to read through this article. There is still some misunderstanding or underestimation of the level and different types of cyber-threats out there. Especially for smaller companies, the number of various liabilities for you would perhaps surprise you. Maybe not. Either way, “you deserve to be protected,” says the latest Intivix staff member Mark Simmerman.
“Good security governance starts with a risk assessment,” says Simmerman. “There is this old school thought that if you got a firewall and if you got antivirus on the endpoints you’re good to go. But, what we’re finding is the world has gotten a lot more complicated, and small and medium-sized businesses that thought they could forego taking security measures because they were ‘too small to be noticed’ are finding that they may be the primary targets of some of these attacks and breaches”.
“Because of the limited resources in business, security always takes a backseat. And, when we talk about security, I’m also including disaster recovery and business continuity in that in that area because your ability to recover is a key part of the security model.”
A question has arisen in conversations with Mark regarding the fact that certainly managed service providers may opt not to take on a client who refuses to acknowledge certain security risks. So, in putting your company at continued risk of a catastrophic breach and refusing to remedy it, you are not only endangering your enterprise, but you are also reducing the chance, in some cases, that a competent managed service provider will even take you on.
The remedy for this?
In Mark’s eyes, it’s better communication — letting small and medium-sized outfits know exactly what their risks are, and what consequences there will likely be should they refuse proper remediation. And yes, this can include security pros walking away, or perhaps bolstering a service level agreement (SLA) with language that basically says, “We have assessed your security risks, and they need [such and such done to remedy them], and because you refuse to make the expenditure, we ask that you hold us harmless if we are to provide this [lower level or other] level of IT services in case of a future security breach.”
Mark Simmerman and company like to get to the heart of the security matter with the most probing, in-depth security assessments in the industry. They may uncover things during the risk-assessment process that SMB owners don’t want to see. They may not want to allocate for expenditures in this area, but, in Simmerman and Intivix’ POV, this is foolhardy.
“The bottom line is, security is not a profit center for us. We’re trying to protect the value of the company. It’s about prevention, and helping companies reduce or mitigate disasters in some fashion,” explains Simmerman. “Equifax lost six billion dollars in value between September 7th and 15th of last year [due to security breach]. There was no [preventative security] step they couldn’t have taken that would not have helped them save some of that value,” Simmerman notes.
Simmerman goes on to discuss many other aspects of IT security that may have a direct or indirect effect on the average business, including the new NIST requirements, the bias currently held towards a technology-based solution as opposed to written policies of security awareness, and more. He speaks of how his expertise and that of the Intivix team is helping to make better SLAs and client relations by being more comprehensive. He speaks of some of the complex nuances involved in conveying what clients need versus what clients will agree to, involving things like more comprehensive acknowledgment regarding compliance.
“Ultimately the human link is probably the most vulnerable link in the security equation. And, although we can’t expect everybody to become a security expert, there’s a certain level of awareness and so about ‘what services can I deliver’ to enhance all three of those areas: people, processes, and technology,” says Simmerman.
To get the whole scoop on Mark and his thoughts on better computer network security in San Francisco, watch the entire interview with Mark Simmerman and MSP marketing pro Stuart Crawford of Ulistic LP.
The current requirements to be a CISSP include:
The CISSP credential is valid for three years; most holders renew by submitting Continuing Professional Education (CPE) credits. There is also a yearly membership fee required to maintain certification.
A Value-Added Thing
In 2005, Certification Magazine surveyed 35,167 IT professionals in 170 countries on compensation and found that CISSPs led their list of certificates ranked by salary. A 2006 Certification Magazine salary survey also ranked the CISSP credential highly and ranked CISSP concentration certifications as the top best-paid credentials in IT.
In 2008, another study concluded that IT professionals with CISSP certifications (or other major security credentials) tend to have salaries $21,000 higher than IT professionals without such certificates. However, there’s no proof that there’s any cause-and-effect between the certificate and salaries.
As of 2017, a study by CyberSecurityDegrees.com surveyed some 10,000 current and historical cybersecurity job listings that preferred candidates holding CISSP certifications. CyberSecurityDegrees.com found that these job openings offered an average salary of $17,526 more than the average cybersecurity salary.
ANSI certifies that CISSP meets the requirements of ANSI/ISO/IEC Standard 17024, a personnel certification accreditation program.
Are you an MSP looking to outsource a CISSP expert, as an addition to your company team? We promote managed service providers online throughout North America – contact a Ulistic agent today at (863) 451-3088 to by email at firstname.lastname@example.org to get started with our MSP marketing services!
Stuart Crawford serves as Creative Director and CEO with Sebring, FL and Fort Erie, ON-based Ulistic, a specialty MSP Marketing firm focused on information technology marketing and business development. He brings a wealth of knowledge and experience pertaining to how technology business owners and IT firms can use marketing as a vehicle to obtain success.