Business IT Support

As a business, you have an increasing responsibility to your clients and employees to protect their sensitive and personal information. As cyber threats and government regulations continue to gain momentum, the implementation and maintenance of an effective security program is critical to your firm’s long term stability and overall success.

Accellis helps simplify and streamline your cybersecurity and compliance efforts. We help you get in front of potential threats by ensuring your systems and policies are up-to-date with today’s latest industry standards. Whether it’s a security assessment, penetration test, or compliance evaluation – our team of certified security experts can get you on the right track.

Accellis Cybersecurity & Risk

Our Approach

Accellis Technology Group’s layered cybersecurity approach includes four areas of defense: Application security, IT infrastructure security, education and policy enforcement, and continual assessment and improvement. Discover our detailed cybersecurity approach here.

Accellis Cybersecurity Approach Image
Vulnerability Management

Today’s technology landscape offers attackers and employees many more options for exploiting vulnerabilities and stealing your information. Vulnerability scanning is a cost-effective way to protect your network infrastructure and data from being exploited. Our Vulnerability Management programs provides an analysis of any vulnerabilities that can be exploited within your firm.

Accellis uses state-of-the-art scanning systems to ensure the doors and windows are locked to prevent intruders from getting in. Additionally, we can dive deeper into your operating systems, applications, and workstations to identify security holes.

Accellis Vulnerability Management includes:

Internal & External Vulnerability Scanning

Vulnerability Scans come in two flavors, internal and external. External scans show the “holes” a malicious hacker can use to get into your environment. Internal scans show you what someone could steal if they were to get inside your defense perimeter. Since vulnerabilities are created every day, it is important to run both internal and external vulnerability scans on a regular basis. Let us help you protect your firm’s and your clients’ information.

Analysis & Reporting

Accellis provides clear visibility into the physical and virtual risks inherent in your environment. We’ll prioritize any known security vulnerabilities and provide direction on defensive measures.

Remediation & Patch Management

Once there is a full picture of the vulnerabilities that exist, we will use this information to provide insight and direction on how to remediate any issues. Remediation and configuration adjustments can be done by Accellis or your IT provider.

Additional Resources:

Vulnerability Management Flyer
Sample Internal Vulnerability Remediation Report
Sample External Vulnerability Remediation Report

Penetration Testing

A Penetration Test from Accellis provides you with a “snapshot in time” of your security posture and allows your firm to recapitulate your security around its evolving needs.

First, we run a full scan of your internal and external network. Once all potential vulnerabilities have been discovered, we’ll safely “hack” your environment by attempting to compromising your email system, firewalls, routers, web servers and other devices. We may also perform physical security testing or social engineering attacks – designed to test the security of your office and the knowledge and actions of end-users.

As part of this engagement, Accellis will deliver a detailed report listing exploits, breach point information, and recommendations for remediation.

Accellis uses state-of-the-art scanning systems to ensure the doors and windows are locked to prevent intruders from getting in. Additionally, we can dive deeper into your operating systems, applications, and workstations to identify security holes.

Accellis Penetration Testing:

Standard Penetration Testing

Many firms simply engage us to perform a standard penetration test on their network. This involves internal and external scanning plus attempts to breach the most severe vulnerabilities. These engagements are custom tailored to the firm. Actions may include: penetration testing (with internal/external vulnerability scanning), web scraping, socially engineered attack, and physical breach attempts. Services can be performed remotely or onsite, depending on engagement needs. The amount of time and pressure we put on hacking the network is determined on a case-by-case basis. Some firms will authorize us to hack-til-we-drop, while others want us to take our best shot within a limited time series.

Best Match Penetration Test

The Best Match Penetration Test spans (90) days and includes (3) external vulnerability scans and (3) internal vulnerability scans. After each month, Accellis works with the firm to implement the necessary patches, closing gaps in real time. During the third month, after our final scans, we will exploit the top external attack vector(s) over a period of time in an attempt to breach the network. This methodology works to rigorously improve security before the final breach attempt, resulting in improved outcomes when it comes time to breach the network.

Network Assessment

Our Network Assessments offer a comprehensive approach to improving performance, continuity and security at your organization. We will evaluate your hardware and software systems to create a snapshot in time. We will compare this snapshot to industry best practices and security and compliance standards such as ISO, NIST, FINRA, IRS 1075, SEC, HIPAA and others. All assessments can be performed remote but most firms elect to send our engineer(s) onsite, often to multiple offices.

Network Assessment Options:

  • Network Assessment (Free) – Provides a network hardware & equipment analysis along with security evaluation. Here we are looking at the network equipment and software, along with antivirus, antispam, firewall, backups, and disaster recovery. We run a light external vulnerability scan across (16) IP addresses. Our reports outline 10-30 priorities concerns, depending on what is uncovered.
  • Network Assessment (Paid) – Provides a network hardware & equipment analysis along with security evaluation (unlimited IPs). This assessment can be simple or extremely robust. Each engagement is custom tailored to the firm. All assets in all offices will be identified and inventoried; a topology will be rendered; we will conduct staff interviews; we will evaluate user support quality; we will perform a Network Architecture review, including leveraging our tremendous expertise in virtual desktops, virtual servers, and cloud data services; we will review all Information Technology Policies at the firm;  and we will perform a Digital Configuration Review, testing all equipment and software for setup, security, performance, and compliance with industry standards like ISO, NIST, FINRA, SEC, IRS 1075, ABA model rules 1.2 & 1.6, HIPAA, and more. A comprehensive report will be rendered which will speak to the snapshot as it is, and how it must be in today’s competitive landscape.
Security Assessment

For firms looking to perform either one-time or regular security audits, Accellis delivers a comprehensive Audit and Assessment that includes the identification of critical (at risk) data, the physical and technical location of that data, plus the security measures in place to protect the data from the most likely threats.

The most common security threats can include anything from internal resources, random hackers, competitors, nation states and more. Leveraging the standards established by NIST, SOC and ISO, Accellis will work with your firm to create visibility into your network. Where we will discover network security risks and what you can do to properly defend your firm.

Key elements of the Accellis Cyber Security Assessment include:

Internal / External Vulnerability Testing

First, we will take a snapshot of your firm’s network – understanding all available access points on the network is the first and most critical element of creating a proper defensive position. Second, we run a check against your network security controls against all known attack vectors.

Network Topology and Data Validation Report

Once we confirm and create a list of everything on the network, a graphic of the network is created to visualize how the network is setup. From this high level vantage point, we can determine if any network infrastructure needs to be reconfigured. At the same time, we will identify critical and sensitive data on the network, then create an initial defensive position for that data.

Physical Security Review

During the physical security review, we will understand where sensitive data resides on the network. A walk-through of the facilities is done and any potential security risks are noted.

Network Security Best Practices Review

Once there is a full picture of all assets within the network, each cybersecurity device or appliance is analyzed against known best practices for configuration and implementation. We will typically analyze all firewalls, wireless routers, access points, intrusion detection, prevention systems (IDS and IPS), Whitelist systems, all servers, all workstations, all printers, and all backup systems.

Security Policy Review

Finally, a review of all written policies will be completed. This important step to our security audit ensures that you have the key components of a quality Written Information Security Plan in place. If there are no written policies in place, Accellis can recommend policies specific to your firms’ needs. Backup, disaster recovery and breach response are some of the most common planning documents we collaborate on.

Accellis Rapid Fire Cybersecurity Assessment:

Rapid Fire Security Test (Light) 

This assessment covers several critical security elements including perimeter defenses, system updates and patching, publicly exposed information, policies for security controls and even end-user awareness for social engineering attacks.  When combined, these elements establish the overall risk profile for your organization. Action list includes: ingress exposure testing, external scans, internal network topology, web data scraping, and light internal scans.

Rapid Fire Security Test (Advanced) 

The Advanced Rapid Fire Penetration Test includes everything in Light, plus evaluation of the Written Information Security Policy and increasing the intensity of internal scans from light to extreme.

Compliance Assessment

If your firm works with banks or insurance companies, chances are you have either already been hit with an audit or you’re about to be. Even if you feel that your firm has done a solid job of staying current with technology, you’re likely to be caught off guard by the sheer magnitude and overall expectations of such an audit.

Accellis will help evaluate your existing security practices against banking or insurance industry requirements. We can prepare your firm for compliance audits by reviewing your existing infrastructure, identifying potential gaps in compliance, and making recommendations to improve security and minimize risk.

ISO Compliance Assessment

As attacks on cybersecurity grow in number and sophistication, security compliance standards are becoming a necessary utility for organizations of any size and type. ISO 27001 is the standard developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) to address security practices within an organization. ISO 27001 is unique in its breadth of coverage and virtually every other security standard pulls from the ISO 27001 framework.

For over ten years, Accellis has developed expertise in keeping organizations secure and ensuring compliance by focusing on technology, processes, and continual education. We have made investments in processes and software to efficiently and effectively bridge the gap between ease of use and security.

Written Policies

These documents are necessary to ensure compliance and keep your business running smoothly despite a dynamic workforce. Creating a Written Information Security Plan (WISP) is step one in this process of documentation. The Accellis security team has expertise with developing these types of written policies for the U.S. government, law firms and region-specific companies. We can help you scope out your environment and put the necessary policies in place.

Disaster Recovery Planning

The Disaster Recovery Planning documents are the most important thing to have in place, second to a firewall. Sitting down and planning for possible contingencies and writing out the solutions for extraordinary events is critical. Accellis is here to leverage decades of knowledge to help you generate a complete Disaster Recovery Plan. Regardless the size of your company, having a step-by-step plan in place is going to ensure your company maximizes profits, as well as staying secure during a time of crisis.

Breach Planning

Breach Plans are used to take the guessing work out, when a hacker breaches your system. If and when you realize your data has been compromised, will you know what to do? Regardless of whether data is known to be stolen – local, federal and industry specific guidelines may still mandate the notification of clients and authorities of the suspected breach. Accellis leverages local and national guidelines to help scope and to document a proper response to malicious hacking breaches.

Our Happy Clients

Clients

“I am writing this letter to thank you for your outstanding work on the Security & Risk Assessment. Your expertise and attention to detail were tremendously valuable. You joined us at a very critical time as we were getting ready to be audited as part of a risk assessment ordered by one of our major suppliers. You were able to quickly understand the objectives and priorities and make quality recommendations to improve our network and security processes. The quality of your work was recognized and appreciated by other team members. Not only did you thoroughly review our systems and processes, but you were also able to assist with reviewing and improving our IT and IS policies. As a result of your work and recommendations, we passed our recent audit with flying colors.”

Anastasia Sagerman
TriCor Employment Screening, Ltd.

“On behalf of our firm, I want to extend our thanks and appreciation to Accellis’ tremendous efforts yesterday in responding to the virus/worm that infected our network and workstations.  I was out of the office when the virus hit but from what David, Jeff, Brian and others have reported, Accellis identified the nature and the scope of the issue even before we knew there was a widespread problem of any type.  Accellis responded immediately and in force to root out the problem and restore our systems to working order in just a few hours – if not for those efforts, even we could see that the virus had the potential to shut us down for a much, much longer period of time. As Jeff said, we’ve wondered what might happen in an IT crisis, whether because of a virus, cyberattack, disaster in the server room, or other issue.  Yesterday afternoon, we faced just such a scenario and Accellis more than proved it was up to the task.”

Jay Cusimano
Kaman & Cusimano, LLC