Protection 24/7 from cyberattacks that threaten your reputation, network security, and critical data
It only takes one cyberattack to end a business. As cybercrime continues to rapidly evolve in frequency and sophistication, so must your business security plan. You need confidence that your company’s sensitive data is as secure as your physical assets – and the only way to achieve that is with total network security.
Most businesses simply don’t have the time, resources, or expertise to effectively manage their security alone. But why PCG for cybersecurity? What differentiates us? At the top of the list is our team of cybersecurity specialists and expertly managed security services that deliver peace of mind with a reliable, end-to-end cybersecurity plan that’s tailored to your business.
Fighting Cybercrime
Cybersecurity can be described as an arms race between bad guys (hackers and their associates) and good guys (the rest of us), with each leg requiring the good guys to deploy a new generation of technology to stay safe. But this analogy is incomplete because technology alone is insufficient to protect us.
What’s truly needed is a cyber hygiene plan including not only appropriate technologies, but also management policies (aka governance), good IT practices, user training, and user supervision. PCG continually raises the bar on cybercrime to keep our clients and community safe every day.
Effective Cybersecurity Controls
Our cyber hygiene packages are the cornerstone of our cybersecurity strategy and provide the technologies, tools, and guidance needed to keep employees, systems, and data safe. We’ve implemented a multi-part security architecture with a broad range of security controls, which defines how we interact with our own IT systems and those of clients. We devote significant resources to planning, managing, documenting, and delivering on this program.
- Information Security Council (ISC): Our senior security engineers oversee all cybersecurity aspects for our company and clients. ISC members meet regularly, and are responsible for driving PCG’s ongoing vulnerability and risk management processes, and adapting our practices and policies to evolving needs.
- Written Information Security Plan (WISP): Central to our security program is a WISP that details the company’s policies with regard to cybersecurity controls, employee information security policies, along with privacy and related issues. Our cybersecurity controls are based on the NIST Cybersecurity Framework. Our WISP is reviewed and updated regularly by our ISC and Management Team.
- Technical Controls: To implement controls specified in our WISP, we leverage a broad range of security technologies to protect our network, our endpoints, our email system, our information assets and our physical premises.
- Managed Detection and Response Service (MDR): Our state-of-the art managed detection and response operation that proactively monitors our environment 24,7 for security-relevant data including potential threat activity and software and system vulnerabilities. We monitor a broad range of system behavior to identify suspicious events, and to block or kill suspicious processes.
- Strict Credential Management Policies: All our employees are required to use strong passwords and multifactor authentication for all user and admin access. We do not generally hold or store client user credentials such as PC and domain passwords and have strict policies for handling them for circumstances where we do need to hold them.
- Mandatory Security Training: We require all staff to participate in regular cybersecurity training, including specialized training for privileged users and periodic phishing simulations.
Client Responsibilities
PCG alone can’t protect our clients from cybercrime. Your security is a shared endeavor, with ultimate responsibility lying with the executive leadership team. Each client is independently the owner of their information assets, the authority over the policies and practices of their IT users, the arbiter of the MSP services they utilize, and the decision maker on how much risk they take.
Our security practice guidance focused mainly on recommendations in the past. But now, we define some baseline standards that clients must acknowledge and meet. This protects you, PCG, our team, and the greater PCG community from the side effects of cybercrime.
Baseline Standards
- Endpoint protection: All servers, backup appliances and workstations must be protected by an EDR threat detection agent – in addition to the antivirus
- Password policies: All clients must use strong, unique passwords that comply with our current password standards; password policy must be documented and distributed to users
- Password enforcement: All clients must operate a Microsoft domain configured to enforce password policies within the domain
- Network boundaries: Each client office with two or more computer users must be protected by a PCG-approved firewall
- Remote access: All remote access to the corporate network must be via a VPN or similar technology
- Multifactor authentication (MFA): All users must have MFA in place at a minimum for email access and for remote access to the corporate network
- Email protection: All email accounts must be protected by a PCG-approved email security program
- Employee training: All computer users must receive computer security training including, at a minimum, annual training, and quarterly phishing simulations
- Unsupported computers: No computers with unsupported (out-of-date) operating systems may attach to or be accessible from the corporate network
- Employee-owned computers: Clients that allow employee-owned computers to access their corporate network must have a PCG-approved policy in place
- Back-up: All clients must have a back-up service for all servers and other systems storing data deemed critical to the business’s operation, to include cloud or other off-site backups
- Cyber insurance: All clients must maintain cyber insurance covering both the insured and third-party claims, with a limit appropriate to the scale of the business
And just as homeowners supplement common sense precautions with proactive services like security systems, we also recommend that clients supplement baseline standards with additional proactive security services. These services add capabilities such as proactive monitoring to identify and remediate active threats and vulnerabilities, a risk management process, and a rapid cloud-based disaster recovery as a service (DRaaS).
Fighting Cybercrime Together
While cybercrime will be around forever, PCG is committed to working with clients so they can focus their energy and resources on their core business. We leverage a broad range of technologies, both within our own operations and as services, to our clients. We provide our clients comprehensive risk assessments to ensure that their cybersecurity investments are priorities to keep their IT assets safe. We can deliver strategic, policy, and best practice guidance, documentation, user training, and more. Together we can raise the bar on cybercrime!
Contact us to schedule a no-obligation security risk assessment score card (average scores are often Cs and Ds). Prices for full audits avary depending on industry, compliance requirements, and number of controls.
A Proactive Approach to Cybersecurity & Risk Management
The most effective way to maintain total network and information security is by being proactive. Just because you haven’t been targeted yet doesn’t mean you’re safe.
PCG uses the latest cybersecurity technology to build impenetrable business networks that keep intruders out and ensure your critical assets are never compromised. We assess unique needs, determine where vulnerabilities lie, and create customized action plans to protect businesses from every possible threat.
Don’t wait until a cyberattack hits!
Put your cybersecurity in the hands of trusted professionals whose proven security solutions ensure your business is fully protected from every type of threat, 24 hours a day and 7 days a week.
Contact us today for a free security risk assessment of your network
PCG is extremely responsive when I ask for help. We have developed a great partnership over the years together and I feel I always get the guidance I need for keeping our networks running smoothly. We never use to take Security seriously, but PCG was persistent to let us know the risks and why protecting our assets was essential when handing critical client data.
Manufacturing Company