Isolation, segregation, quarantine, school closures, offices closed, and the whole family stuck at home. You would think I’m talking about winter, snow, and measles. Instead, this is what we all have been living through since COVID-19 landed on our shores.
Especially professionally, I bet you figured you had all of the needed contingencies covered: fire, power outages, circuit failures, redundant hardware, data replication—you were ready, at least so you thought.
Yes, you did prepare for select individuals to work remotely or to have remote offices. However, you likely did not prepare for the majority of your organization to work remotely for weeks or months on end.
So, you scrambled and got it done—added more VPN users, more security tokens, additional laptops doled out, and you provided training. You were the voice of calm and offered the needed guidance. In short order, your company was open for business, employees had what they needed to work productively, and customers became confident in your company’s ability to continue to serve them. Now what?
Given the urgency, what you did not realize was how your role as an IT manager, CISO, CTO, or IT technician had changed, in some ways, maybe for the long term. Before the pandemic, maybe your company had five branches. Today you must be concerned about these five branches as well as 30 remote employees. Where can you turn for help to monitor these new environments?
Times like these are when relationships with trusted outsourced service providers become really valuable. However, given the changing dynamics, a contract review may be necessary. If you do decide that contract reviews are in order, the following are ten questions to ask.
- What has changed since you signed the services contract?
- Have there been changes since you last spoke with the vendor?
- Has report validation changed much?
- Have service upgrades or improvements been made?
- Are new benefits being offered in this new environment?
- Are you happy with your visibility?
- Are there services that you did not need before that might benefit you today?
- How will new services complement your current toolbox?
- How can you be proactively notified of new options?
- How can you leverage your vendor’s specialists?
Remember, involve co-workers or staff that will be part of your support team in the review process. Specifically, include those individuals who will be affected by the services provided or who are responsible for your company’s network security, especially if they are new to the organization. Finally, if you don’t ask, you will never know. It’s times like these that your vendors will be more than happy to help you in any way that they can, just not in person.
With more than 20 years of cybersecurity experience, Jerry’s expertise includes security architecture design, auditing, monitoring, training, and vulnerability assessments. He also maintains an in-depth knowledge of security regulations, including GLBA, HIPAA, SOX, and PCI compliance.