We haven’t had any problems. We don’t have anything worth stealing. Our staff knows enough to keep us safe. There are a lot of things we tell ourselves to help us feel safe and secure. But network stability and security is one case where you can’t rely on the old phrase of “what you don’t know can’t hurt you.” The truth is, the more you know, the better. Information and outside expert opinions go a long way to improving things, which is why you should bother with a network and security assessment.
Having someone from the outside can help you avoid a situation where the assessment comes across as questioning the work of those responsible for managing your network and security. There is real value in having the assessment come from an outside party.
Outside consultants do these assessments for a living, they know what to look for, what questions to ask and what tools to use. They spend time crafting the right way to provide you with the detail and information you need to make the right decisions to improve your setup. With the volume of work they manage, they have access to tools to complete the assessment that we may not have.
After completing numerous assessments, a consultant has been exposed to more experiences and technical reviews than typical nonprofit staff. With this experience comes a different perspective and approach to security.
Budget and Buy in.
An external assessment can go a long way to opening a conversation about an organization’s technology needs. A specific list of needs and the potential risk of not making changes is valuable information to leadership. Building a budget based on the specific list of recommendations is easy. Then you have an idea of what you have to do and what it will cost.
Often funders want to know your stability and capacity. What better way to show them you take security and privacy seriously than to be able to say you have a third party expert assessment?
There are challenges though.
Know your consultant.
Many consultants have their own agenda and may use the assessment as an opportunity to steer you toward their services or products. So it may be a good idea to use a trusted consultant who is known by your peers, but is not your primary vendor.
Opinion vs. Fact.
When you review the assessment, have someone with expertise look it over with you and look for areas where the writer offered opinions, not facts. Most of the time these opinions are right and should be trusted, however you should also not just jump because Simon Says to.
When it comes to network stability and security, there is no one right answer. If there was only one right answer, we would all be doing it and would agree. Take the recommendations provided in your assessment seriously, but perhaps consider alternatives on how you implement it.
Regardless of the challenge, information is the key to security and stability. The best way to get this information is through a third party, expert opinion.