What does SecurityMetrics do?
Download the latest guide to PCI complianceDownload Now
SecurityMetrics was founded in 2000 and started out as a small security company specializing in vulnerability assessment scans. We have since transitioned to be a global leader of data security and compliance solutions and we continue to provide expert security and compliance services to companies around the world.
SecurityMetrics secures peace of mind for organizations that handle sensitive data. We have tested over 1 million systems for data security and compliance. Industry standards don't keep up with the threat landscape, which is why we hold our tools, training, and support to a higher, more thorough standard of performance and service, so you never have a false sense of security.
Why are security and compliance important?
Be proactive about security and not reactive to compromise. Don't wait to improve your security posture, even if it’s just doing the little things. Doing the little things reduces the risk of compromise, protects your brand, and helps you protect sensitive data.
Security is often looked at as an additional expense. We often hear small businesses say that they are too small to be a target, but what we have found is that nearly every organization will experience system attacks. These attacks can come from inherent security weaknesses in systems, technology, and software, as well as environment weaknesses that can linger from their initial set-up.
Cybercriminals will sit in an environment for years. They will try to hide and disguise themselves so that they can take whatever they can for as long as they can.
Security isn’t about being secure at a point in time; it is an ongoing process.
Over the years, we've seen repercussions from breached organizations. The most common financial repercussions are fees and fines, brand damage, and forensic investigation costs.
Other breach repercussions include:
Lost of trust from partners
Loss of trust from customers
Legal and civil ramifications
For these reasons, security and compliance are important and could be considered an investment in your business instead of a sunk cost.
To maximize your investment, have a plan to continue improving your security posture and updating your security.
We see a lot of companies performing risk assessments at least annually. Having a risk management plan is one of the most crucial ways of knowing where your weaknesses are and how to respond to a compromise. Having a third party come in with fresh eyes to assess your security posture and identify your risks can also be beneficial in helping you know how to mitigate risks and protect your data.
Industry Experience and qualifications
Across our team, we hold several certifications pertaining to security. We have more than 20+ years of experience with data security and compliance and have helped over 1 million customers.
We offer a full range of services that includes:
Other compliance services and assessments
What really sets us apart is who we hire. Jen Stone has experience with healthcare organizations, Mark Miner has experience in the hospitality industry, Mike Maughan works with data centers and PCI validation, and Michael Simpson has expertise in IT for Universities. This enables us to provide you with an assessor or pen tester that is familiar with your type of business. This way we can understand your process and secure your data based on how you do things within your industry. Each assessor also has a great support network that helps them tailor a security approach to your business and industry and meet compliance mandates. We have had a lot of good success and feedback from customers from this type of service.
We have extensive experience working with large global enterprises with their distributed networks and data processing environments.
Our core services are penetration tests, compliance assessments (especially PCI audits), and forensics. These three services work together to offer 360° data security to our customers.
A couple of years ago we had a customer who experienced a breach because of a vulnerability in one of their environments. By the time they connected with our forensics team, cybercriminals had been stealing sensitive data for almost an entire year. We helped them repair the breach and then they had us do a full penetration test on their systems. Now, we work with them annually to ensure their security is sufficient and effective. This customer experienced a shift in their mindset from “security is nice to have” to “we need security.”
We hope that each of our customers is able to recognize the importance of cybersecurity and compliance with security standards. We do our best to meet our customers’ needs by utilizing the broad range of our employees’ expertise and our decades of experience in cybersecurity.
It is our goal to have every customer we work with be satisfied with our superior customer service and attention to detail. Our customers choose us and stick with us because we prioritize quality over quantity. They appreciate the quality of service and PCI expertise that we provide.
Why Partner with SecurityMetrics?
Over the years, we've refined our auto processes to improve the customer experience
We understand the key to any effective project is consistent communication, successful implementation, and timely reporting. Our project team’s methodology and processes ensure that challenges are communicated, milestones are met, and reports are completed on time. We take these objectives seriously.
A big part of your success in passing your audit comes in our upfront effort to outline your scope, review your data flow, identify gaps against your specific requirements, and remediate items early on. This part of the assessment is the initial audit review. During this part, we identify the majority of issues that need to be remediated prior to doing the assessment. We assign our most senior assessors to this part of the audit process. This approach helps us provide a personalized assessment considering the unique elements of your business and the goals of your company and what you are looking to accomplish.
Throughout our professional services, you can expect to always have a minimum of three points of contact. These typically include your account manager, which is in the sales department, your coordinator, and your assessor (e.g., PCI auditor, pen test analyst, forensic investigator).
This simplifies communication and speeds up the turnaround on answers to your questions. In addition, we manage the workload of our assessors and security analysts to ensure they have the time needed to meet your deadlines.
After dealing with a number of QSA auditors, we found SecurityMetrics offered the most helpful and practical PCI advisement. We are delighted to work with them as we continue to strengthen our PCI environment.
PCI seems daunting - regardless of who you are - SecurityMetrics deployed professional, reliable and trustworthy people who enabled us to not only get through the process with ease, but also to educate us how to manage, control, and implement our strategy in the future.
- Greg Mahoney, USAG, Inc.
On behalf of all of us here at Orbis Payment Services, I wanted to take this opportunity to thank you for your outstanding help with our PCI compliance program. When there were issues to be dealt with, you brought solutions. When nerves were frayed, you brought calm. I hope we have the privilege of working with you for a long time.
-Bill Isetta, President and CEO, Orbis Payment Services, Inc.
HIPAA and security compliance is definitely the most confusing part of my job, but SecurityMetrics took the time to break it down and make it easier for me to put a plan in place. Now our practice is on the road to compliance. If you're not working with SecurityMetrics yet, you should be.
- Joanne Lynch, Fredericksburg Foot and Ankle Center
SecurityMetrics is the most retail friendly solution. At the small business level, frequently the person that has to interface with the tool is an owner or someone who has financial responsibility, but they may not necessarily be technically savvy with using online tools. We believe SecurityMetrics meets that need better than anyone else we've seen.
- Steve Methvin, Bozzutos
SecurityMetrics takes the complexity of PCI compliance and then rolls it into a simplified process for all of our merchants.
- Craig Lum, Card/Pay
We have been customers of SecurityMetrics for about eight years. We are so impressed with the patient and professional way that their staff treats customers. They do not hurry, seem tired, act annoyed or too busy to work with their customers. Every person I spoke to was great!
- Naomi Christman, The ProImmune Co, LLC
The relevance of ensuring proper ecommerce website security and protecting cardholder data continues to be paramount for our organization, and we could not manage this process better without the reporting tools and excellent technical expertise provided by SecurityMetrics.
- Jason Drake, Director of Infrastructure and Security, Premiere Sports Travel