As a business, you have an increasing responsibility to your clients and employees to protect their sensitive and personal information. As cyber threats and government regulations continue to gain momentum, the implementation and maintenance of an effective security program is critical to your firm’s long term stability and overall success.
Accellis helps simplify and streamline your cybersecurity and compliance efforts. We help you get in front of potential threats by ensuring your systems and policies are up-to-date with today’s latest industry standards. Whether it’s a security assessment, penetration test, or compliance evaluation – our team of certified security experts can get you on the right track.
Accellis Cybersecurity & Risk
Accellis Technology Group’s layered cybersecurity approach includes four areas of defense: Application security, IT infrastructure security, education and policy enforcement, and continual assessment and improvement. Discover our detailed cybersecurity approach here.
Today’s technology landscape offers attackers and employees many more options for exploiting vulnerabilities and stealing your information. Vulnerability Scanning is a cost-effective way to protect your network infrastructure and data from being exploited. Our Vulnerability Management programs provides an analysis of any vulnerabilities that can be exploited within your firm.
Initially, Accellis uses state-of-the-art scanning systems to ensure the doors and windows are locked to prevent intruders from getting in. Additionally, we can dive deeper into your operating systems, applications, and workstations to identify security holes.
Accellis Vulnerability Management includes:
Internal & External Vulnerability Scanning
Vulnerability Scans come in two flavors, internal and external. External scans show the ‘holes’ a malicious hacker can use to get into your environment. Internal scans show you what someone could steal if they were to get inside your defense perimeter. Since vulnerabilities are created every day, it is important to run both internal and external vulnerability scans on a regular basis. Let us help you protect your firm’s and your clients’ information.
Analysis & Reporting
Accellis provides clear visibility into the physical and virtual risks inherent in your environment. We’ll prioritize any known security vulnerabilities and provide direction on defensive measures.
Remediation & Patch Management
Once there is a full picture of the vulnerabilities that exist, we will use this information to provide insight and direction on how to remediate any issues. Remediation and configuration adjustments can be done by Accellis or your IT provider.
A Penetration Test from Accellis provides you with a “snapshot in time” of your security posture and allows your firm to recapitulate your security around its evolving needs.
First, we run a full scan of your internal and external network. Once all potential vulnerabilities have been discovered, we’ll safely “hack” your environment by attempting to compromising your email system, firewalls, routers, web servers and other devices. We may also perform physical security testing or social engineering attacks – designed to test the security of your office and the knowledge and actions of end-users.
As part of this engagement, Accellis will deliver a detailed report listing exploits, breach point information, and recommendations for remediation.
Managed Security Services offers a comprehensive and continual approach to securing your organization. Our approach to cybersecurity rests on four pillars: defense, persistent threat analysis, continual assessment, education and enforcement.
The core components of Accellis’ Managed Security Services include:
- Annual Penetration Testing – Provides a snapshot of your security posture, allowing us to create a your security program around your needs
- Security Planning – Provides direction on the devices and policies that monitor and guard all point of ingress into your firm’s infrastructure
- Internal & External Vulnerability Scanning – Continually searches for new exploits within your network so that they can be remedied before the system is compromised
- Monthly Security Reporting – Provides details of all activity performed as well as analysis and recommendations for improvement
- Policy Review – Ensures the rules and regulations by which your cybersecurity is governed stays in line with the threat landscape
- End-User Security Training – Provides consultation, best practices, and continual training on policies and procedures for end-users
For firms looking to perform either one-time or regular security audits, Accellis delivers a comprehensive Audit and Assessment that includes the identification of critical (at risk) data, the physical and technical location of that data, plus the security measures in place to protect the data from the most likely threats.
The most common security threats can include anything from internal resources, random hackers, competitors, nation states and more. Leveraging the standards established by NIST, SOC and ISO, Accellis will work with your firm to create visibility into your network. Where we will discover network security risks and what you can do to properly defend your firm.
Key elements of the Accellis Cyber Security Assessment include:
Internal / External Vulnerability Testing
First, we will take a snapshot of your firm’s network – understanding all available access points on the network is the first and most critical element of creating a proper defensive position. Second, we run a check against your network security controls against all known attack vectors.
Network Topology and Data Validation Report
Once we confirm and create a list of everything on the network, a graphic of the network is created to visualize how the network is setup. From this high level vantage point, we can determine if any network infrastructure needs to be reconfigured. At the same time, we will identify critical and sensitive data on the network, then create an initial defensive position for that data.
Physical Security Review
During the physical security review, we will understand where sensitive data resides on the network. A walk-through of the facilities is done and any potential security risks are noted.
Network Security Best Practices Review
Once there is a full picture of all assets within the network, each cybersecurity device or appliance is analyzed against known best practices for configuration and implementation. We will typically analyze all firewalls, wireless routers, access points, intrusion detection, prevention systems (IDS and IPS), Whitelist systems, all servers, all workstations, all printers, and all backup systems.
Security Policy Review
Finally, a review of all written policies will be completed. This important step to our security audit ensures that you have the key components of a quality Written Information Security Plan in place. If there are no written policies in place, Accellis can recommend policies specific to your firms’ needs. Backup, disaster recovery and breach response are some of the most common planning documents we collaborate on.
If your firm works with banks or insurance companies, chances are you have either already been hit with an audit or you’re about to be. Even if you feel that your firm has done a solid job of staying current with technology, you’re likely to be caught off guard by the sheer magnitude and overall expectations of such an audit.
Accellis will help evaluate your existing security practices against banking or insurance industry requirements. We can prepare your firm for compliance audits by reviewing your existing infrastructure, identifying potential gaps in compliance, and making recommendations to improve security and minimize risk.
ISO Compliance Assessment
As attacks on cybersecurity grow in number and sophistication, security compliance standards are becoming a necessary utility for organizations of any size and type. ISO 27001 is the standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to address security practices within an organization. ISO 27001 is unique in its breadth of coverage and virtually every other security standard pulls from the ISO 27001 framework.
For over ten years, Accellis has developed expertise in keeping organizations secure and ensuring compliance by focusing on technology, processes, and continual education. We have made investments in processes and software to efficiently and effectively bridge the gap between ease of use and security.
These documents are necessary to ensure compliance and keep your business running smoothly despite a dynamic workforce. Creating a Written Information Security Plan (WISP) is step one in this process of documentation. The Accellis security team has expertise with developing these types of written policies for the U.S. government, law firms and region-specific companies. We can help you scope out your environment and put the necessary policies in place.
Disaster Recovery Planning
The Disaster Recovery Planning documents are the most important thing to have in place, second to a firewall. Sitting down and planning for possible contingencies and writing out the solutions for extraordinary events is critical. Accellis is here to leverage decades of knowledge to help you generate a complete Disaster Recovery Plan. Regardless the size of your company, having a step-by-step plan in place is going to ensure your company maximizes profits, as well as staying secure during a time of crisis.
Breach Plans are used to take the guessing work out, when a hacker breaches your system. If and when you realize your data has been compromised, will you know what to do? Regardless of whether data is known to be stolen – local, federal and industry specific guidelines may still mandate the notification of clients and authorities of the suspected breach. Accellis leverages local and national guidelines to help scope and to document a proper response to malicious hacking breaches.
Our Happy Clients
“I am writing this letter to thank you for your outstanding work on the Security & Risk Assessment. Your expertise and attention to detail were tremendously valuable. You joined us at a very critical time as we were getting ready to be audited as part of a risk assessment ordered by one of our major suppliers. You were able to quickly understand the objectives and priorities and make quality recommendations to improve our network and security processes. The quality of your work was recognized and appreciated by other team members. Not only did you thoroughly review our systems and processes, but you were also able to assist with reviewing and improving our IT and IS policies. As a result of your work and recommendations, we passed our recent audit with flying colors.”
TriCor Employment Screening, Ltd.
“On behalf of our firm, I want to extend our thanks and appreciation to Accellis’ tremendous efforts yesterday in responding to the virus/worm that infected our network and workstations. I was out of the office when the virus hit but from what David, Jeff, Brian and others have reported, Accellis identified the nature and the scope of the issue even before we knew there was a widespread problem of any type. Accellis responded immediately and in force to root out the problem and restore our systems to working order in just a few hours – if not for those efforts, even we could see that the virus had the potential to shut us down for a much, much longer period of time. As Jeff said, we’ve wondered what might happen in an IT crisis, whether because of a virus, cyberattack, disaster in the server room, or other issue. Yesterday afternoon, we faced just such a scenario and Accellis more than proved it was up to the task.”
Kaman & Cusimano, LLC