As a business, you have an increasing responsibility to your clients and employees to protect their sensitive and personal information. As cyber threats and government regulations continue to increase, your ability to implement, and maintain an effective security program is critical to its long term stability and overall success.
Accellis helps simplify and streamline your cybersecurity and compliance efforts. We help you get in front of potential threats by ensuring your systems and policies are up-to-date with the today’s latest industry standards and expectations. Whether it’s a security assessment, penetration test, or compliance evaluation – our team of certified security experts can ensure you’re on the right track.
Accellis Cybersecurity Services
Accellis Technology Group’s layered cybersecurity approach includes four areas of defense: Application security, IT infrastructure security, education and policy enforcement, and continual assessment and improvement. View our detailed cybersecurity approach here.
Today’s technology landscape offers attackers and employees many more options for exploiting vulnerabilities and stealing your information. Vulnerability Scanning is a cost-effective way to protect your network infrastructure and data from being exploited. Our Vulnerability Management programs provides an analysis of any vulnerabilities that can be exploited within your firm.
Accellis uses state-of-the-art scanning systems to ensure the doors and windows are locked to prevent outside intruders from getting inside. Then, we’ll look deeper into your operating systems, applications, and workstations to identify security holes.
Accellis Vulnerability Management includes:
Internal & External Vulnerability Scanning
Vulnerability Scans come in two flavors, internal and external. External scans show the ‘holes’ the hacker can use to get in to your environment. Internal scans show you what someone could steal if they were to get inside your defense perimeter. Since vulnerabilities are created every day, it is important to run both internal and external vulnerability scans on a regular basis.
Analysis & Reporting
Accellis provides clear visibility into the physical and virtual risks inherent in your environment. We’ll prioritize any known security vulnerabilities and provide direction on defensive measures.
Remediation & Patch Management
Once there is a full picture of the vulnerabilities that exist, we will use this information to provide insight and direction on how to remediate any issues. Remediation and configuration adjustments can be done by Accellis or your IT provider.
A Penetration Test from Accellis provides you with a “snapshot in time” of your security posture and allows your firm to recapitulate your security around its evolving needs.
First, we run a full scan of your internal and external network. Once all potential vulnerabilities have been discovered, we’ll safely “hack” your environment by attempting to compromising your email system, firewalls, routers, web servers and other devices. We may also perform physical security testing or social engineering attacks, designed to test the security of your office and the knowledge and actions of end-users.
As part of this engagement, Accellis will deliver a detailed report listing exploits, breach point information, and recommendations for remediation.
Managed Security Services offers a comprehensive and continual approach to securing your organization. Our approach to Cybersecurity rests on four pillars: defense, persistent threat analysis, continual assessment, education and enforcement.
The core components of Accellis’ Managed Security Services include:
- Annual Penetration Testing – Provides a snapshot of your security posture, allowing us to create a your security program around your needs.
- Security Planning – Provides direction on the devices and policies that monitor and guard all point of ingress into your firm’s infrastructure.
- Internal & External Vulnerability Scanning – Continually searches for new exploits within your network so that they can be remedied before the system is compromised.
- Monthly Security Reporting – Provides details of all activity performed as well as analysis and recommendations for improvement.
- Policy Review – Ensures the rules and regulations by which your cybersecurity is governed is in line with the threat landscape.
- End-User Security Training – Provides consultation, best practices, and continual training on policies and procedures.
For firms looking to perform either one-time or regular security audits, Accellis delivers a comprehensive Audit and Assessment that includes the identification of critical (at risk) data, the physical/technical location of that data and the security measures in place to protect it from the most likely threats.
The most common security threats can include everything from Internal Resources, Random Hackers, Competitors, Nation States and more. Leveraging the standards established by NIST, SOC and ISO, Accellis will work with your firm to create visibility into your network, where your risk are and what you can do to properly defend yourself.
Key elements of the Accellis Cyber Security Assessment include:
Internal / External Vulnerability Testing
First thing we need is a snapshot of the network and everything on it. Understanding all available access points on the network is the first and most critical element of creating a proper defensive position. Then we run a check against your network security controls against all known attack vectors. This gives us the information we need to determine how to proceed.
Network Topology and Data Validation Report
Once we confirm and list everything on the network, a graphic of the network is created to visualize how the network is setup. From this high level vantage point we can determine if any network infrastructure needs to be reconfigured. Included in this step is the identification of critical / sensitive data on the network and the creation of an initial defensive position for that data.
Physical Security Review
The next step is to review the physical security you have protecting your network. Understanding where sensitive data resides on the network also requires a clear policy on the physical exposure that data may have. A walk-through of the facilities is done and any potential security risks are noted.
Network Security Best Practices Review
Once there is a full picture of all assets within the network, each cyber security device or appliance is analyzed against known best practices for configuration and implementation. We will typically analyze all firewalls, wireless routers and access points, intrusion detection and / or prevention systems (IDS / IPS), Whitelist systems, all servers, all workstations, all printers, and all backup systems.
Security Policy Review
Finally, a review of all written policies is completed. This important step to our security audit ensures that you have all key components of a quality Written Information Security Plan in place. If there are no written policies in place, Accellis can recommend policies specific to your needs. Backup, disaster recovery and breach response are some of the most common planning documents we collaborate on.
If your firm works with banks or insurance companies, chances are you have either already been hit with an audit or you’re about to be. Even if you feel that your firm has done a solid job of staying current with technology, you’re likely to be caught off guard by the sheer magnitude and overall expectations of such an audit.
Accellis will help evaluate your existing security practices against banking or insurance industry requirements. We can prepare your firm for compliance audits by reviewing where your existing infrastructure, identifying potential gaps in compliance, and making recommendations to improve security and minimize risk.
ISO Compliance Assessment
As the attacks on our Cyber Security are growing in number and sophistication, security compliance standards are becoming a necessary utility for organizations of any size and type. ISO 27001 is the standard developed by the International Organization of Standards and the International Electrotechnical Commission to address security practices within an organization. ISO 27001 is unique in its breadth of coverage and virtually every other security standard pulls from the ISO 27001 framework.
For over ten years, Accellis has developed expertise with keeping organizations secure and ensuring compliancy by focusing on technology, processes, and continual education. We have made investments in processes and software to efficiently and effectively bridge the gap between ease of use and security.
These documents are necessary to ensure compliance and keep your business running smoothly despite a dynamic workforce. Creating a Written Information Security Plan (WISP) is step one in this process of documentation. Accellis security team has experience in developing these types of written policies for the US government, law firms and local companies. We can help you scope out your environment and put the necessary policies in place.
Disaster Recovery Planning
While sounding so very simple, these documents are the most important thing to have in place second only to a firewall. Sitting down and planning for possible contingencies and writing out the solutions to those problems is very important. Accellis is here to leverage decades of knowledge to help you write a complete and fully scoped Disaster Recovery Plan. Regardless the size of your company, having a well thought out, step by step plan in place for when disaster strikes is going to ensure your company maximizes profits, as well as staying secure during a time of crisis.
While sounding quite complicated, Breach Plans are there to take the guess work out of what to do when a hacker breaches your system. If and when you realize your data has been compromised, will you know what to do? Regardless of whether data is known to be stolen – local, federal and industry specific guidelines may still mandate the notification of clients and authorities of the suspected breach. Accellis leverages local and national guidelines to help scope and document your Breach Plan and ensure a proper response should a disaster strike.
Our Happy Clients
“I am writing this letter to thank you for your outstanding work on the Security & Risk Assessment. Your expertise and attention to detail were tremendously valuable. You joined us at a very critical time as we were getting ready to be audited as part of a risk assessment ordered by one of our major suppliers. You were able to quickly understand the objectives and priorities and make quality recommendations to improve our network and security processes. The quality of your work was recognized and appreciated by other team members. Not only did you thoroughly review our systems and processes, but you were also able to assist with reviewing and improving our IT and IS policies. As a result of your work and recommendations, we passed our recent audit with flying colors.”
TriCor Employment Screening, Ltd.
“On behalf of our firm, I want to extend our thanks and appreciation to Accellis’ tremendous efforts yesterday in responding to the virus/worm that infected our network and workstations. I was out of the office when the virus hit but from what David, Jeff, Brian and others have reported, Accellis identified the nature and the scope of the issue even before we knew there was a widespread problem of any type. Accellis responded immediately and in force to root out the problem and restore our systems to working order in just a few hours – if not for those efforts, even we could see that the virus had the potential to shut us down for a much, much longer period of time. As Jeff said, we’ve wondered what might happen in an IT crisis, whether because of a virus, cyberattack, disaster in the server room, or other issue. Yesterday afternoon, we faced just such a scenario and Accellis more than proved it was up to the task.”
Kaman & Cusimano, LLC