What do I have to lose?
A data breach or ransomware or any type of malicious hack onto your systems is very serious. 60% of businesses that suffer a cyber attack are out of business within six months*. So we're talking about your business. Your livelihood. Your reputation.
What if we already have IT handling that?
If by "handling that" you mean IT maintenance and help desk support, great. But if you mean managing your cyber risk and exposures and your legal responsibilities to your clients and government and state agencies, not good. You'd never let your accountant audit their own financials, but you're okay letting IT tell you everything is okay?
Are you trying to replace our IT?
No way. We want to work with your IT department or partner. We should work together to make your systems as secure and efficient as they should be. Not having outside eyes to your cyber risk and exposure is very bad idea (see above).
What should I do first?
Your first step should be to have a conversation with your IT department or contractor and say that you are subscribing to a "separation of concerns" for IT and cyber security. You should tell them that because of what you have to lose (see "What do I have to lose" above), you need to implement some checks and balances and that you are going to have a third party perform audits and assessments from time to time - we recommend at least once per quarter.
Do you sell services or take commissions from vendors?
Nope. No. Nada. In this day of heightened cyber threats as well as the dependence on stable technology solutions for the operations of their companies, we feel that there is an ever increasing need for a trusted advisor to help plan, lead and oversee the rollout of sustainable technology within a company. But not just any advisor. The advisor we you need has to have "no skin if the game" and should be completely unbiased and independent from the tempting lure of recurring revenue supplied by vendors when referred clients.