Why you Should be Researching the Qualifications of your IT Professionals

Have you ever considered the possibility that you may be entrusting the fate of your cybersecurity to people with no real IT qualifications? Are you vetting your IT consultants before utilizing them or simply trusting that they wouldn’t intentionally (or unintentionally) cause your business any harm?

Below is a true story from one of our employees while at a cybersecurity conference:

While at the cybersecurity conference, I encountered someone who highlighted an emerging danger in the cybersecurity world.

During one of the networking sessions where we got to meet other MSP’s, I struck up a conversation with a board member of a professional organization specializing in business continuity. We began talking about our career paths and how we got into cybersecurity when things took a strange turn.

Typically, I would have expected a board member to be an experienced and tenured professional, but it turns out that she had only recently entered the IT field and was only doing this part-time. Her full-time job was working with mannikins in a retail store environment.  This struck me as a dangerous problem when working with a third party in a highly trusted role such as IT consulting and management.

Trusting the technology and advice of a person with little to no accreditation or qualifications is extremely risky. While their intentions may be in the right place, your cybersecurity should never be left to chance. Simple and avoidable mistakes can have enormous consequences, especially in settings where there are high regulatory standards.

Certifications you Should be Seeing from your IT Professionals

While our industry lacks a professional accreditation body like that of accountants, lawyers, and doctors, we do have a program of third-party certifications that can give you some confidence. Look for some of these certifications either at the corporate or individual level when you are engaging with an IT Service Provider:

Corporate Certifications:

    • MSP Cloud Verify
    • SOC2 (Type 1 or 2)
    • ISO27001
    • CMMCAB RPO

Individual Certifications:

    • CISM
    • CISSP
    • CRISC
    • CDPSE

This can help you choose the right service provider, and avoid working with dummies. For more news, stories, & best practices, subscribe to our newsletter using the form below!

Get cybersecurity news, tips, and best practices delivered straight to your inbox.