Introduce your business and what you do
I am the CEO a nonprofit organization that helps and supports immigrants, refugees, migrant workers, visible minorities, first-generation Canadians, and their families in succeeding, no matter the challenge.
What challenges were you trying to address with Secure Shield
I wanted to beef up the security at the organization. However, cybersecurity fell mostly in line with the MSP that is managing our IT, but I wanted to do more
What was the scope of their involvement
Our engagement with Secure Shield ensures that we have adequate security as well as protection for the future. They took over the different security programs that we had in terms of physical controls, administrative controls, applications, and networks — both internal and external. We use them for the entire program to help us safeguard ourselves from intruders.
How did you come to work with Secure Shield
We found Secure Shield online and had a referral. Then, I did some due diligence with a few other folks. I really wanted to look for a vendor that was local to the Kamloops BC area, and they fit the bill. There were two other ones that I investigated, but security wasn’t really their only focus.
Secure Shield is a bit more of a boutique shop with a very responsive service offering at a price point we can afford. So far, I’ve been happy with them.
How much have you invested with Secure Shield
We’ve invested around $10,000. It’s not a very big engagement yet — after all, we are a nonprofit
What is the status of this engagement
This is a multiyear engagement with Secure Shield. We chose them at the end of last year and started working with them early this year.
Could you share any evidence that would demonstrate the productivity, quality of work, or the impact of the engagement?
We have done the physical controls and just concluded the administrative controls. We’ve gotten the reports back from them and taken some action based on their feedback. We are taking on additional things at our own pace according to what we can afford. They knew that security is one of the aspects that I wanted to do better in, but I also must be realistic about the plate that we have. If we’re making progress and getting good feedback, we should be happy.
They gave us a timetable of when to expect the reports as well. They asked us when we wanted the work and how the pace should be so that we don’t have to take on too much at the same time. If it were up to me, in a more full-profit type of environment, I would’ve wanted it to be a bit more aggressive in terms of timeline. So far, they’ve been right along with us in terms of our pace.
What did you find most impressive about Secure Shield?
What’s most impressive for me is the intimate relationship that we have with them. Obviously, security is a serious issue. We wanted our vendor to take the matters of security seriously but at the same time be pragmatic about implementing the solutions that best fit our needs. More importantly, we needed to have the framework to go about doing it, and they did. For every control that they audited, we got a score. Based on that score, we easily communicate with the rest of the company where we are at and how we can best improve the score over time. It’s not like something we must do right away but something that we continue to work on in a multiyear fashion.
Are there any areas Secure Shield could improve?
So far, they’ve been pretty good. They do keep an eye on us and that’s all I expected to have.
What tips or recommendations could you share that might increase the likelihood of success with Secure Shield?
Really be clear about what you’re looking for and be realistic about balancing what you need short term and long term. I didn’t want was guys giving me recommendations right away.
With small businesses, you really need to make sure that the people that you work with can stand up to the recommendations they made over time. That’s why I wanted to have a multiyear engagement with a vendor that I can afford. I know I cannot pay for security experts in-house; I want to be able to bounce off ideas over time as needed, and they fit the bill.
Need expert support crafting your cybersecurity plan?
Contact us to develop a risk-based, business-aligned strategy that strengthens your organization’s defenses without overspending.
* * * * * *
Author: Lyle Melnychuk
With two decades of experience in information security, I pride myself on offering candid, straightforward insights. I am not typically concerned with political correctness, which has occasionally led to challenges, but more often than not, clients and colleagues come to value my direct, commonsense approach.
When approached with security in the right way, you’ll find that it’s not as complex as it’s often made out to be. I hope you find my writings on security and other topics engaging and valuable. My passion lies in helping others leverage technology to create positive change and contribute to making the world a better place.
