5 Step Cybersecurity
5 Step Cybersecurity Solution©:
- Identify Exposures & Risks
- Compliant Plans & Procedures
- Implement, Monitor & Maintain
Step 1: Identify Exposures & Risks
Having your business connected the Internet is a risky thing! Employees bring unprotected phones and laptops to work. Businesses often have servers and laptops running out of date, unpatched, or unsupported operating systems and software. Malware can hide from your antivirus software and firewall. Hazards come from everywhere- from cyber criminals to your employees.
What to do? Well, in order to protect your business, you need to know what you have. And you need to know your vulnerabilities.
Step 1 of our 5 Step Solution© contains the tools needed to:
- Identify the devices on your network
- Identify old and unpatched software
- Identify weak policies (like employees using passwords that are easy to crack)
- Identify important or sensitive data you are storing (like SSN, credit card numbers, health information)
- Much more!
Step 2: Compliant Plans & Procedures
What do you do with all those risks and vulnerabilities that we found in Step 1? You start by making plans to lower those risks and fix those vulnerabilities. You create policies and procedures for your employees, vendors, and partners to follow. In a nutshell, you pick the risks you want to manage, and then decide how your company can best defend itself.
Templates for plans in our 5 Step Solution© include:
- Business Continuity Plans/Disaster Recovery Plans
- Password Policies
- Mobile Device Policies
- Encryption Policies
- Discounted Cyber Insurance Policies
- And More!
Our 5 Step Solution© can be customized to your needs, budget and expertise. We offer templates for you to manually complete, guided by FAQs developed for those who aren’t IT experts. Or, you can use our fast, easy to use online plan wizard to generate the documents. We also offer a Cyber Insurance Policy designed for you and endorsed by one of the world’s best insurance providers!
Many small businesses fail to understand how important it is to get their Plans/Policies and Procedures in place before a breach or disaster occurs! You don’t want to be caught off guard when an incident happens. These documents also prove to auditors, attorneys, judges, and your customers that you take cybersecurity seriously. This could result in a reduction of fines or penalties your business suffers after a breach.
Step 3: Training
Picture one of the following two scenarios:
- You got an email from Grandma that has a picture attached called “Cute Kitty Cat.jpg”. Harmless, right? Uh oh! Granny sent you a virus!
- Bill in accounting gets an email from your vendor requesting payment on an invoice. Bill clicks the link and pays the invoice. 3 days later, you notice $10,000 has been cleaned out of your bank account. Uh oh! You have been the victim of a Phishing scam!
How could you have prevented these two (real world) scenarios from happening? Training! Training! Training!
At Step 3, we teach your employees about the risks that we found, and train them – on how to react and what to do to prevent and respond to a security incident.
Training is one of the best ways to reduce your cyber risks. Long gone are the days when you put in a firewall and installed antivirus software to protect your employees.
Today, employees represent both your biggest risk and your biggest defense. An untrained employee will click that phishing link that allows the latest ransomware to encrypt your files. A well trained, vigilant employee, however, will know to hang up on that “tech support person” when the scam call comes in.
We offer employee training on topics such as:
- Cybersecurity 101
- Current scams and cyber criminal techniques
Our 5 Step Solution© training options include:
- Online Training
- White papers
Step 4: Implement, Monitor & Maintain
This is the step where you implement the technology and procedures to mitigate the risks and vulnerabilities in Step 1.
Cybersecurity is not a static concept. Businesses can no longer get away with installing antivirus software, a firewall, and train employees once. This isn’t the 1990’s.
Employees need to be retrained frequently to identify the latest threats and respond properly. Network traffic needs to be monitored. Logs from all of your devices need to analyzed for suspicious activity. Devices and software must be patched and updated. Asset and Vulnerability scans need to be rerun at regular intervals. Plans need to be reviewed. PCI and HIPAA compliance needs must be addressed.
Does your small business have to do all this? The short answer: Yes. Can a small business afford to of all of this? Of course not. Does your business have the expertise to do most of it? Probably not.
And that’s where we come in!
Our 5 Step Cybersecurity Solution© can be customized to meet your budget and IT know how. Options include:
- Log collection and analysis/correlation (SIEM)
- And industry leading Unified Security Management System that does it all.
- Automated Asset Discovery and Vulnerability Scans
- Network Monitoring
- Service Monitoring
- File Integrity Monitoring
- Online Training
- Online Policy Management
- Reporting (including reports for PCI, HIPAA, ISO, and NERC)
- Your Own Breach Coach
- Lots more
Step 5: Recordkeeping
By now, you probably realize that each step produces multiple documents that need to be stored. Furthermore, there might be laws that require you to keep documentation on hand for years!
Where are you going to put all those documents?
Once again, Ultimate Risk Services comes to the rescue. We use State-Of-The-Art, widely accepted, and easy to use technology to securely store and retrieve your records! Your documents will be available to you anywhere, at anytime.