After we performed a cybersecurity audit for a company many years ago, the President and CEO assigned the recommendations to their IT consulting firm. What is different about this lead executive is that he gently applies firm pressure on their IT consultants to complete the recommended improvements. He’s kind and respectful to his consulting company, communicates expectations, asks many questions, and involves himself in cybersecurity decisions.
I admire seeing how he communicates, and I’ve asked his secret. He tells me he focuses on his responsibility to protect his workers’ and customers’ sensitive information. Everything else falls into place.
If the consultants need to charge money to implement changes, he asks us if we feel the price is fair and then decides. He makes sure his consultants know he’s holding them accountable by bringing us back every year to audit the systems and provide new recommendations.
The outsourced computer consulting company was never upset and eagerly followed the executive’s directives. The IT firm has great respect for the executive because of his bold leadership. I admire the proficiency of his IT consulting firm in meeting requirements, even when they are surprised a customer has higher expectations than most of their other customers.
Fast forward many years: This company is, and continues to be, one of the most secure customers we have. The leader’s no-nonsense approach to cybersecurity works best. Thieves might have stolen the air conditioning compressor units from outside their buildings, but no hackers have broken into their network!
If you outsource IT, your consultant company respects that you make the decisions. They’ll welcome audit recommendations and your directives if you’re willing to pay a fair fee. Their goal is to keep you happy, not the other way around.