fbpx

Managed Cybersecurity

ADVANCED CYBERSECURITY

With Our Shoulders, Security Hardening Isn’t Tough:
Harden Your Defenses.
Comply with Regulations.
Mitigate Business Risk.

Is your business having an active crisis? Don’t waste time:

CYBERSECURITY BREACHES IN MONTANA – KNOWING THE RISKS

We often only hear of major cybersecurity breaches. As a result, there seems to be a disconnect between the amount of emphasis put on this versus what we know about in our community.

For more info on dealing with cybersecurity incidents check out First Call’s Cybersecurity
Incident Response approach.

That said there are other factors to consider beyond industry.

LEGAL IMPLICATIONS: A construction company in Maine, Patco Construction, had $590,000 transfered away after intruders infiltrated their systems. Some of that money was recovered, however on-going legal suits between Patco and their banks lasted for years after the cybersecurity incident which caused further strain on the business.

DAMAGED REPUATION: In another incident, Wright & Filippis, a health-care company, was involved in a cybersecurity incident that involved patient personal health information (PHI) but they were unsure what happened to it or how it was used.  Aside from the unknown consequences of leaked PHI, Wright & Filippis was required by law to disclose this information so those potential affected could take the appropriate actions.

In both cases, the damage to each business’s reputation and operations
were significant.

FINANCIAL IMPACT: Montana organizations are coming to us for help. Real dollars are being stolen, entire server and workstation fleets are being held hostage by ransomware, reportable data breaches, organizations having to disconnect their business from the internet for days and weeks.

The ramifications are real and extensive. Make the investment today in cybersecurity solutions.

Average Cost of Cybersecurity Breach per Industry

Construction: $4,820,000

Banking: $5,970,000

Government: $9,440,000

Education: $3,860,000

Utility Companies $4,650,000

Non-Profits: $7,000,000

Education: $3,860,000

Utility Companies $4,650,000

Non-Profits: $7,000,000

Healthcare: $9,300,000

Hospitality: $8,640,000

Manufacturing: $4,350,000

ARE ANY INDUSTRIES MORE AT RISK THAN OTHERS?

The short answer is yes. The value of the data, the cost of downtime, or the trust factors associated with the relationships they manage cause some organizations to face higher risks. Most of these organizations already have regulatory bodies and/or frameworks: HIPAA, CMMC, FERPA, CJIS

Industries facing higher risk include:

Government

Healthcare

Banking, Credit Unions & Finance

Schools

Criminal Justice

Manufacturing

That said there are other factors to consider beyond industry.

Size: the more employees an organization has the greater the
risk controls needed and the greater the impact should an incident occur. An organization with 20 – 50 employees needs to have a strategy, 50-100 employees the depth and complexity will increase, 100-200 same thing, and so on.

Assets and asset value: This is where all frameworks start with questions about your data, their value, and impact on your business should they be affected.

In our experience, any organization using computers, email, and the internet has risks. Everyone needs fundamental protections in place, what we refer to as blocking and tackling.
As you grow larger or simply have great risk due to your industry, regulations, or asset value you must go beyond the blocking and tackling to advanced cybersecurity measures.

Cybersecurity Frameworks

Identify

Protect

Detect

Respond

Recover

Different Solutions for Different Roles 

IT Directors

Are you an IT Director looking to strengthen your team and reinforce your cybersecurity efforts? Look no further! Our Co-Managed Cybersecurity offerings are designed to complement and enhance your existing capabilities, making us the perfect addition to your organization. We’re not here to replace anyone; we’re here to support you and provide a valuable influx of resources. Let us join forces and work together to protect your organization. Reach out today to learn more about our friendly and personable solutions that will help you excel in your role and ensure the utmost security.

Business Owners & C-Level Executives

Business owners and C-Level executives deserve a trusted partner who can alleviate the burden of cybersecurity from their plates. We understand the challenges you face, from ensuring compliance and managing cybersecurity questionnaires to maintaining a reputable business and safeguarding against data loss. You need solutions that are effective and reliable. Discover how our tailored cybersecurity offerings can meet the unique needs of business owners and C-Level executives like you. Let us provide the peace of mind and protection you deserve. Learn more about our comprehensive solutions today.

ADVANCED CYBERSECURITY AND NIST

Our goal is to break conventional thinking that Advanced Cybersecurity as being too hard or too technical or too expensive. Advanced Cybersecurity boils down to having:

the right people,
the right processes and,
the right tools in place

Those people, processes, and tools are in place to Identify, Protect, Detect, Respond, and Recover, otherwise known as the 5 Pillars of the NIST Cybersecurity Framework

NIST, the National Institute of Standards and Technology, was tagged by the Federal powers that be to establish guidelines for organizations not already regulated by other frameworks to manage cyber risk.  They developed the 5 pillars to encompass the cybersecurity ecosystem.

NIST is one type of cybersecurity standard.  Depending on your industry, the type of compliance regulation will vary.  For example, in the Healthcare industry, the Health Insurance Portability & Accountability Act has created another set of standards for those organizations collecting patient information. Other highly regulated industries aside from Healthcare include government, schools, hospitality, and banking.

Achieving and maintaining compliance is required by law.

Our Cybersecurity Solutions Advisor will work with you to
create a plan to address the 5 pillars of the NIST framework
above.  The goal of our advanced cybersecurity offering is to
have the people, processes, and tools in place to create, refine
and manage those 5 pillars.

CYBERSECURITY CHECKLIST

What Blocking and tackling Should all organizations with more than 20 employees have in place?

Here is a quick check list of the cybersecurity protections we would recommend for any industry/organization at a minimum if you have more than 20 employees commonly using the internet/technology in their work.

While this may look like a lot some of the services are likely bundled into technology you already have. Others you likely need to add or at least beef up to establish alignment.

R

Advanced Antivirus

R

VPNs for remote workers and sites

R

Basic monitoring/alerting

R

Internet content filtering

R

Basic password hygiene practices/controls

R

Multi factor authentication

R

Advanced firewall

R

Wifi Encryption

R

Wifi Password protection

R

Basic Windows Patch Management

R

Basic Annual Security Gap Audit

R

Encrypted Backups (preferably Cloud based)

DO YOU HAVE AN
INCIDENCE RESPONSE PLAN?

Having a solid incident response plan is absolutely vital to protecting your organization in the face of cyber threats. Think of it as your organization’s roadmap for handling cybersecurity incidents, providing clear instructions on what to do when things go wrong. It’s like having a trusted playbook that helps you navigate through challenging situations, such as data breaches, ransomware attacks, or network intrusions.

1. Documentation and Accessibility:

  • Do you have a documented incident response plan that outlines the steps to be taken during a cyber incident? Is it easily accessible to all relevant stakeholders within your organization?
  • Has the incident response plan been reviewed and approved by management and key stakeholders? Is it regularly updated to address emerging threats and changes in your IT environment?

2. Incident Classification and Escalation:

  • Does your incident response plan define a clear process for classifying and categorizing different types of incidents based on their severity and potential impact?
  • Are there well-defined escalation procedures in place to ensure that incidents are promptly reported to the appropriate individuals or teams within your organization, such as the IT department, management, or legal counsel?

3. Incident Response Team:

  • Have you identified and designated a cross-functional incident response team responsible for executing the incident response plan?
  • Does the incident response team consist of individuals from various departments, including IT, legal, communications, and human resources, with clearly defined roles and responsibilities?

4. Communication and Coordination:

  • Does your incident response plan outline communication protocols to ensure effective coordination among different teams and stakeholders during an incident?
  • Are there established lines of communication with external parties, such as cybersecurity service providers, insurance providers, law enforcement agencies, and regulatory bodies?

5. Technical Response and Recovery:

  • Does the incident response plan detail the technical steps to be taken to contain, investigate, and remediate the incident? Are there predefined procedures for evidence preservation and data recovery?
  • Have you conducted tabletop exercises or simulations to test the effectiveness of your incident response plan and identify areas for improvement?

6. Continuous Improvement:

  • Do you have mechanisms in place to capture lessons learned from past incidents and update your incident response plan accordingly?
  • Is there a process for regularly reviewing and updating your incident response plan to reflect changes in your organization’s infrastructure, systems, or regulatory requirements?

Remember, having an incident response plan is like having a reliable guide by your side, helping you navigate the complex world of cybersecurity incidents. If you don’t have one yet, it’s strongly recommended to start developing it as soon as possible. Your organization’s resilience and ability to protect itself depend on it.

DO I EVEN NEED CYBER INSURANCE?

The reason cybersecurity insurance exists is because real risk is on the rise and enough people wanted to transfer some of the risk to an insurance carrier. If you are in a high-risk industry, your employee count is rising and your dependency on data/IT is increasing cyber insurance is a must-have.

When shopping for coverage be thinking about what risk you are looking to transfer to the carrier.

Here a couple of examples…

Cyber Terrorism

A rural electric co-op might want cyber terrorism coverage because they are worried about State actors taking down the electrical grid they manage.

Banks & Credit Unions

A bank or credit union should be thinking about full response and remediation services as undoubtedly forensics, call center services, public relations services, and costs will all be required.

A

Extortion/Ransom

The average company might simply be concerned with extortion/ransom payments and recovery services.

A

Regulatory Defense

A medical facility should consider regulatory defense and penalty coverages to avoid having to pay the legal defense fees and penalties in the event of a patient privacy records breach.

WEIGHING THE PROS AND CONS

Pros:

Financial Protection
Risk Transfer
Incident Response Support
Compliance Assistance

Cons:

Coverage Limitations
High Premiums
Complex Claims Processes
Risk Perception

Get Advice

Get advice from your cyber security consultant. (hint even a basic risk assessment will help steer you)

Work with your insurance agency.  Always avoid competing carriers or duplicate policy coverages.

SHOULD I GO WITH INHOUSE CYBERSECURITY OR SHOULD I OUTSOURCE?

INHOUSE CYBERSECURITY

Tailored to Your Organization

Quick Response and Flexibility

Deeper Knowledge of Internal Systems

Enhanced Trust and Confidentiality

Continuous Skill Development

OUTSOURCED CYBERSECURITY

Access to Expertise

Cost Saving

Scalability and Flexibility

24/7 Monitoring and Support

Advanced Technology and Tools

Compliance and Regulatory Requirements

ADVANCED CYBERSECURITY

What about advanced managed cyber security services for organizations with more risk and sophisticated needs?

For organizations with advanced protection needs First Call recommends everything in the above list and some additional services provided by 3rd party cyber security companies like First Call. Any cyber security consultant will highlight human error/user behavior as the number one security gap. Given that fact, more controls are needed as well as security awareness training and testing.

Recommended list:

Dark Web Monitoring Services

Security Awareness Training and Testing

Phish Testing and Reporting

Password Managers either user based or centrally managed

DNS Protection

Managed Detection and Response (MDR)

Security Policies and End User Agreements

Advanced Breach Detection

Security Log Auditing

Annual Security Gap Audit

The above services should be professionally onboarded and managed to ensure security is not a snapshot / point in time service but rather an ongoing managed service.

HOW MUCH DOES CYBERSECURITY

SERVICE COST?

Managed Service Providers, Cybersecurity Agencies and Managed Security Service Providers are going to have packaged services ranging from $10 per user per month to $200.  Many of the solutions out there are designed for enterprise or medium businesses (more than 200 employees) so be sure to engaged with vendors focused on smaller organizations with smaller budgets in mind.  First Call’s services can range between $10 and $40 per user per month depending on the size and scale of the organization and the services involved.

Organizations can also invest in a standalone risk assessments.  Costs vary but what you will find is with consultants it will be
higher because that is where they are making their money – in the assessment, not in the ongoing services to maintain an
organization’s security posture.

Leaders need to manage the risks affordably and many organizations with less than 200 employees struggle with this because many
of the tools, services and providers are priced for larger organizations.  Keep it simple: what will the blocking and tackling cost us?
What advanced services do we need and how much does that cost?  Perform this exercise all while keeping in mind the threat is real
and organization can no longer afford to do little or nothing.

Remember THIS.

The higher the price the more:

gaps their approach addresses.

professional services that are bundled in.

hours of coverage involved.

risk they are inheriting when an incident requires response and recovery services.

What is included within an Advanced Security

Agreement?

Endpoint (PC’s, Servers and Mac’s) Detection
and Response (EDR)

Deploy EDR

Configuration of EDR

Monitoring of EDR

Security Information and Event
Management (SIEM) / Security Operations
Center (SOC) / Managed Detection and
Response (MDR)

Configuration of devices for SIEM log storage.

Automatic collection of logs from devices configured to use the SIEM.

See quote for log retention duration details.

Desktop Application Patch Management

Automatic updating of desktop applications supported by Desktop Application Patch Management software.

Remote Monitoring & Alerting (8×5 or 24×7)

Monitoring of security events for devices connected to the SIEM.

Response to generated alerts based on severity.

Alerting in accordance with customer provided incident response plan.

SOC Response Desk

Remote resolution of events during First Call's operating hours either on a T&M or Fixed Price basis. The billing approach is dependent on other IT Services agreements with First Call.

Support for reporting as required for compliance or regulatory needs

3rd Party IT Audit Participation

Virtual Chief Information Security Officer (vCISO) audit participation.

vCISO review and recommendations upon audit conclusion.

*Up to 4 audits per year

virtual Chief Information Security Officer

(vCISO)

Cybersecurity Steering Meetings

Onboarding

Other advice, budgeting, solution quotes

Completion of vendor due diligence package requests from 3rd parties for First Call or any of its vendors.

Security Alignment Manager (SAM)

Pre-scheduled SAM sessions

IT security standards auditing

Proactive alignment with standards

Risk reduction

Security steering input

What Is A Security Alignment Manager (SAM)?

Think of a SAM like an auditor. They are regularly performing a review of your IT assets against cybersecurity standards. Finding the gaps, improving documentation, proactively reviewing the environment to reduce risk, improve standards alignment, documentation and proof for all involved.

This role involves understanding the organization’s devices, applications, networks, data, and users to ensure that the
appropriate cybersecurity measures are in place to protect them.

Key Responsibilities of a Security Alignment Manager:

Conducting risk assessments to identify potential security risks and vulnerabilities

Monitoring and reporting on the effectiveness of cybersecurity controls

Coordinating with internal teams to ensure that cybersecurity requirements are met.

Collaborating with external partners to ensure that security requirements are met.

First Call’s SAM plays a critical role in ensuring that an organization’s cybersecurity program is aligned with its overall business strategy and is designed to protect its critical assets from cyber threats

What Is A vCISO ?

First Call’s Virtual Chief Information Security Officer’s are our senior executives responsible for managing the overall security of our client’s information systems and data. Their primary role is to ensure that the organization’s information and data are protected from cyber threats.

Key Responsibilities of a vCISO:

Developing and implementing an overall cybersecurity strategy and roadmap for the organization.

Overseeing the development and implementation of cybersecurity policies, procedures, and guidelines.

Identifying and mitigating security risks and vulnerabilities in the organization’s information systems and networks

Managing the organization’s response to cybersecurity incidents and breaches

Overseeing the selection and implementation of cybersecurity technologies, such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) systems

Ensuring that employees are trained on cybersecurity best practices and are aware of their responsibilities in maintaining the security of the organization’s information and date

Collaborating with other stakeholders, such as the owners or executives to ensure that cybersecurity is integrated into the organization's overall strategy.

Our vCISO’s play a critical role in ensuring the confidentiality, integrity and availability of an organization’s information and data. As cyber threats continue to evolve and become more sophisticated, the role of the vCISO becomes increasingly important in protecting an organization’s critical assets from cyber attacks

Some Of Our Happy CUSTOMERS

Take Your Business to the Next Level:
Take Your Business to the Next Level:
You are Subscribed!
We will get in touch with you soon
We will get in touch with you soon