Data Protection & Cyber Security Program
Data Protection & Cyber Security Program
Accellis Technology Group (“Accellis”) leverages the NIST Cybersecurity Framework for minimizing the risk to our business and any related data. This platform provides specific guidance for implementing business data security controls while maintaining an effective overall security posture. Accellis data protection and cybersecurity controls include:
- Screening: All employees are drug screened and a background check is performed prior to hire including County Criminal, Felony, and Misdemeanor.
- Training & Education: Standard Operation Procedures and playbooks are communicated and provided to our employees for many common types of cybersecurity threats. Policies are governed by procedures or controls and reviewed annually. Any modification is tracked and reviewed by the SecOps Team. Polices are audited annually.
- Logging: Access to remote support tools by our engineers is logged and recorded.
- Information Access Controls: Accellis grants access through RBAC (Role-Based Access Control). RBAC provides a uniform way to grant and restrict access to systems and controls.
- Encrypted Communications: Access to run books or documentation created to manage a customer network is only transmitted via an encrypted connection. Storage of system passwords for customer networks is encrypted with AES-256-bit encryption including 2048-bit RSA public key, with unique keys for each customer and secure random keys unique to each password.
- Device Encryption: All Devices that may have access to Accellis data are encrypted. By leveraging MDM (Mobile Device Management) tool in Microsoft Azure our engineers can trigger encryption on the device or deny access to company information if encryption is not turned on. Devices can be remotely wiped if necessary.
- CORE SECURITY CONTROLS: Accellis utilizes the same next-generation hardware and software that we sell to our clients. Connectivity to the internet and network activity is monitored 24/7 by trained security engineers and analyzed for anomalies. Software is installed on the company computers that protect them from spam, malware, phishing, and dangerous file types. Our security incident response team works with the engineers to investigate any signs of threat or active data breach. Specific controls include:
- Barracuda Firewalls and Total Email Protection: Our employees are well trained on Barracuda security solutions, so it makes sense to use Barracuda firewalls at our edge with Total Email Protection. TEP offers machine learning anti-phishing protection and accounts takeover prevention. Our employees are required to maintain certifications from Barracuda for Network Security, Application Security, and Email Protection.
- DUO MFA: All of our software tools are protected with multifactor authentication using DUO’s security solution.
- Vulnerability Management: We run vulnerability scans across our network regularly and perform remediation based on CVSS (Common Vulnerability Scoring System).
- SOC: We monitor our team and network 24/7 through our SOC (Security Operation Center) which utilizes machine learning, proactive threat hunting, along with cloud monitoring of Office 365 and our Azure stack. Security incidents are escalated as part of our incident response plan to the proper personnel.
- Filtering: We use the same agent-based DNS filtering service sold to our clients for content filtering and threat protection.
- Office365 Security: Accellis encourages leveraging cloud platforms for businesses due to the advanced toolsets provided by the vendors. Accellis also uses Microsoft Office 365 for email and inter-company communications. By utilizing the security configurations in Office 365 Accellis can monitor access to data and even be alerted to data loss with Microsoft’s built-in tools for data classification.
- System Patching: System security patches and vulnerability management are controlled centrally through Intune and vulnerability scans are performed monthly.
- Storage & Data Retention: It is against company policy to store any data belonging to Accellis clients on an Accellis laptop or computer. Configurations or documents to support Accellis clients are stored securely within a SOC2 compliant cloud platform with multifactor authentication needed for access. Data is maintained only as long as is necessary to provide client services.
- Leadership: We have a highly trained security staff with certifications consisting of CompTIA Security+, CEH (Certified Ethical Hacker), CISSP (Certified Information Systems Security Professional), OSCP (Offensive Security Certified Professional.