Cyber Security

Protect your business 24/7 from cyber attacks that threaten your network security, your critical data, and your reputation.

It only takes one cyber attack to end a business. As cyber crime continues to rapidly evolve in frequency and sophistication, so must your business security plan. You need confidence that your company’s sensitive data is as secure as your physical assets – and the only way to achieve that is with total network security.

But the fact of the matter is that most businesses simply don’t have the time, resources or expertise to effectively manage their security alone. And that’s where PCG comes in.

Our team of Cyber Security Specialists and expertly managed security services will ensure your peace of mind with a reliable, end-to-end cyber security plan that’s tailored to your business.

Raising the Bar on Cyber Crime

Cyber-Security is often described as an arms race between the bad guys (hackers and their associates) and the good guys (the rest of us), with each leg of the race requiring the good guys to deploy a new generation of technology to stay safe. But this analogy is incomplete because technology alone is insufficient to protect us from Cyber Crime.

What is actually required is a framework of measures including not only appropriate technologies, but also management policies (aka “governance”), good IT practices, user training and user supervision. At PCG, we are continually seeking to keep our clients and community safe by “raising the bar” on Cyber-Crime, protecting them from growing threats to their businesses. Both we and our clients have critical roles to play in achieving this goal.

An Effective Cybersecurity Program

As an IT Managed Service Provider, we provide our clients with the technologies, tools and guidance they need to keep their IT systems safe.  To this end we have implemented a multi-part security architecture, with a broad range of security controls, that defines how we interact with our own IT systems and those of our clients. We devote significant resources to planning, managing, documenting and delivering on this program.

Here are some highlights of our cybersecurity program:

  • Information Security Council (ISC): We maintain an ISC comprising senior security engineers who are tasked with overseeing all aspects of cybersecurity for our company and clients. The ISC members meet regularly, and are responsible for driving PCG’s ongoing vulnerability and risk management processes, and adapting our practices and policies to evolving needs.
  • Written Information Security Plan (WISP): Central to our security program is a WISP that details the company’s policies with regard to cybersecurity controls, employee information security policies, along with privacy and related issues. Our cybersecurity controls are based on the NIST Cybersecurity Framework. Our WISP is reviewed and updated regularly by our ISC and Management Team.
  • Technical Controls: To implement the controls specified in our WISP we leverage a broad range of security technologies to protect our network, our endpoints, our email system, our information assets and our physical premises.
  • Managed Detection and Response Service (MDR): We operate a state-of-the art managed detection and response operation that proactively monitors our environment 24×7 for security-relevant data including potential threat activity and software and system vulnerabilities. We monitor a broad range of system behavior to identify suspicious events, and to block or kill suspicious processes.
  • Strict Credential Management Policies: We require all of our employees to use strong passwords and multi-factor authentication for all user and admin access. We do not generally hold or store client user credentials such as PC and domain passwords and have strict policies for handling them for circumstances where we do need to hold them.
  • Mandatory Security Training: We require all of our staff to participate in regular cybersecurity training, including specialized training for privileged users and periodic phishing simulations.

Responsibilities of The Client

Of course, PCG alone cannot protect our clients from cyber-crime. The security of our clients is a shared endeavor, with ultimate responsibility lying with the executive leadership of each client organization. It has to be this way because each client is an independent entity that is also the owner of their information assets, the authority over the policies and practices of their IT users, the arbiter of which MSP services they utilize, and the decision maker on how much business risk they take.

Until now, our guidance to clients on their security practices has been mainly in the form of recommendations. But while many do follow these guidelines, we now believe that the time has come to define some baseline standards that all of our clients must acknowledge and meet. Doing so is in their own interest, and helps to protect PCG, our team and the greater PCG community from the side-effects of cyber-crime.

Our baseline standards for 2023 are listed below:

  • Endpoint protection: All servers, backup appliances and workstations must be protected by an EDR threat detection agent – in addition to the anti-virus.
  • Password policies: All clients must use strong, unique  passwords that comply with our current password standards. The password policy must be documented and distributed to users.
  • Password Enforcement: All clients must operate a Microsoft domain configured to enforce the password policies within the domain.
  • Network boundaries: Each client office with two or more computer users must be protected by a PCG-approved firewall.
  • Remote access: All remote access to the corporate network must be via a VPN or similar technology.
  • Multi-Factor Authentication (MFA): All users must have MFA in place at a minimum for email access and for remote access to the corporate network.
  • Email protection: All email accounts must be protected by a PCG-approved email security program.
  • Employee training: All computer users must receive computer security training including, at a minimum, annual training, and quarterly phishing simulations.
  • Unsupported computers: No computers with unsupported (out of date) operating systems may attach to or be accessible from the corporate network.
  • Employee-owned computers: Clients that allow employee-owned computers to access their corporate network must have a PCG-approved policy in place.
  • Back-up: All clients must have a back-up service for all servers and other systems storing data deemed critical to the business’s operation, to include cloud or other off-site backups.
  • Cyber insurance: All clients must maintain cyber insurance covering both the insured and third-party claims, with a limit appropriate to the scale of the business.

And just as many homeowners choose to supplement common sense precautions with proactive services like a home security system, we also recommend to many of our clients that they supplement these baseline standards with additional proactive security services. These additional services can add capabilities such as proactive monitoring to identify and remediate active threats and vulnerabilities, a proactive risk management process, and a rapid cloud based DRAAS (disaster recovery as a service).

Raising The Bar Together

While Cyber-Crime will be with us for the foreseeable future, PCG is committed to working with our clients to allow them to focus their energy and resources on their core business. We leverage a broad range of technologies, both within our own operations and as services, to our clients. We provide our clients with Comprehensive Risk Assessments to help ensure that their cybersecurity investments are priorities in keeping their IT assets safe. We can deliver strategic guidance, policy and best practice advise, documentation, user training and more: everything our clients need to play their own critical role. Together we can raise the bar on Cyber-Crime.

Contact us today to schedule your complimentary, no-obligation security risk assessment score card (We see scores of C and D on average). Prices for full audits are approximately $4,000 to $6,000 depending on the Industry/Compliance and number of controls.

Our Proactive Approach to Cyber Security and Risk Management

The most effective way to maintain total network and information security is by being proactive. Just because you haven’t been targeted yet doesn’t mean you’re safe.

At PCG, we take advantage of the latest cyber security technology to build impenetrable business networks that keep intruders out and ensure your critical assets are never compromised. We will assess your unique needs, determine where your vulnerabilities lie, and create a customized action plan to protect your business from every possible threat.

PCG is extremely responsive when I ask for help. We have developed a great partnership over the years together and I feel I always get the guidance I need for keeping our networks running smoothly. We never use to take Security seriously, but PCG was persistent to let us know the risks and why protecting our assets was essential when handing critical client data.

Manufacturing Company

Don’t Wait Until After a Cyber Attack – Secure Your Network Today

Put your cyber security in the hands of the trusted professionals at PCG. Our proven security solutions will ensure your business is fully protected from every type of threat, 24 hours a day and 7 days a week.

It all starts with a free security risk assessment of your business network. Contact us today to secure your spot!