Cybersecurity

Protection 24/7 from cyberattacks that threaten your reputation, network security, and critical data

It only takes one cyberattack to end a business. As cybercrime continues to rapidly evolve in frequency and sophistication, so must your business security plan. You need confidence that your company’s sensitive data is as secure as your physical assets – and the only way to achieve that is with total network security.

Most businesses simply don’t have the time, resources, or expertise to effectively manage their security alone. But why PCG for cybersecurity? What differentiates us? At the top of the list is our team of cybersecurity specialists and expertly managed security services that deliver peace of mind with a reliable, end-to-end cybersecurity plan that’s tailored to your business.

GLOBAL CYBERSECURITY EXPERTISE from LOCAL EXPERTS

cybersecurity expertise

CUSTOMIZED CYBERSECURITY

vCIO Strategic Planning

Endpoint Detection & Response

AI / Phishing Protection

MFA

Security Awareness Training

Web Content Protection

Password Management

Vulnerability Scanning

Technology Standards

PCG’s technology standards are covered in role-based cyber hygiene packages. From our basic bundle for low-risk users to our complete bundle for high-risk users like executives or Finance, HR, and IT departments, these packages cover everything including threat protection, security training, multifactor authentication, monthly IP address scanning, and more.

  • Cyber Hygiene Complete – Designed to provide medium to high-risk users with comprehensive protections against a wide range of cybersecurity attacks. Strongly recommended for executive management and all personnel with access to sensitive information including finance, human resources and IT management.
  • Cyber Hygiene Standard – Tailored for moderate risk users such as office workers with broad access to the internet and your corporate network, but with no access, or very limited access, to sensitive information.
  • Cyber Hygiene Basic – Provides more focused protections for users who use email but otherwise do not have broad access to the internet from corporate IT resources. The major concern with these users is to protect against cyberattacks delivered via email.

Bundle coverage/component

Basic

Standard

Complete

Based on user security RISK PROFILE

Low

Moderate

Medium-High

Email Protection

Email Spam Protection

AI-Based Phishing Detection

User Protection

Security Awareness Training (PhishMe)

Curated Security Training Videos

Workstation Protection (PC/Notebook)

AV/Malware Protection

*

*

*

Web Content (DNS) Protection

Standard EDR Threat Detection

AV/Malware/EDR Threat Detection (SentinelOne)

24/7 SOC Support (SentinelOne)

Credential Protection

Password Management (Keeper)

Dark Web Monitoring (Keeper BreachWatch)

Multifactor Authentication (Cisco Duo)

Network Protection

Monthly IP Address Scanning

Fighting Cybercrime

Cybersecurity can be described as an arms race between bad guys (hackers and their associates) and good guys (the rest of us), with each leg requiring the good guys to deploy a new generation of technology to stay safe. But this analogy is incomplete because technology alone is insufficient to protect us.

Cybercrime will be around forever, so we’re committed to working with clients so they can focus on their core business. We leverage a broad range of technologies, both within our own operations and as services. We provide comprehensive risk assessments to ensure that clients’ cybersecurity investments are priorities and we deliver strategic, policy, and best practice guidance, documentation, user training, and more.

What’s truly needed is a robust cybersecurity strategy that includes:

Effective Cybersecurity Controls

Our cyber hygiene packages are the cornerstone of our cybersecurity strategy and provide the technologies, tools, and guidance needed to keep employees, systems, and data safe.  We’ve implemented a multi-part security architecture with a broad range of security controls, which defines how we interact with our own IT systems and those of clients. We devote significant resources to planning, managing, documenting, and delivering on this program.

  • Information Security Council (ISC): Our senior security engineers oversee all cybersecurity aspects for our company and clients and meet regularly. They drive PCG’s ongoing vulnerability and risk management processes, and updating our practices and policies as threats evolve.
  • Written Information Security Plan (WISP): Central to our security program is a WISP that details policies related to cybersecurity controls, employee information security, and privacy issues. Our cybersecurity controls are based on the NIST Cybersecurity Framework. Our WISP is reviewed and updated regularly by our ISC and Management Team.
  • Technical Controls: To implement controls specified in our WISP, we leverage a broad range of security technologies to protect our network, our endpoints, our email system, our information assets and our physical premises.
  • Managed Detection and Response Service (MDR): Our state-of-the art managed detection and response operation that proactively monitors our environment 24/7 for security-relevant data including potential threat activity and software and system vulnerabilities. We monitor a broad range of system behavior to identify suspicious events, and to block or kill suspicious processes.
  • Strict Credential Management Policies: All PCG employees are required to use strong passwords and multifactor authentication for all user and admin access. We do not generally hold or store client user credentials such as PC and domain passwords and have strict policies for handling them if required.
  • Mandatory Security Training: We require all staff to participate in regular cybersecurity training, including specialized training for privileged users and periodic phishing simulations.

Policies & Procedures

  • Endpoint protection: All servers, backup appliances and workstations must be protected by an EDR threat detection agent – in addition to the antivirus
  • Password policies: All clients must use strong, unique  passwords that comply with our current password standards; password policy must be documented and distributed to users
  • Password enforcement: All clients must operate a Microsoft domain configured to enforce password policies within the domain
  • Network boundaries: Each client office with two or more computer users must be protected by a PCG-approved firewall
  • Remote access: All remote access to the corporate network must be via a VPN or similar technology
  • Multifactor authentication (MFA): All users must have MFA in place at a minimum for email access and for remote access to the corporate network
  • Email protection: All email accounts must be protected by a PCG-approved email security program
  • Employee training: All computer users must receive computer security training including, at a minimum, annual training, and quarterly phishing simulations
  • Unsupported computers: No computers with unsupported (out-of-date) operating systems may attach to or be accessible from the corporate network
  • Employee-owned computers: Clients that allow employee-owned computers to access their corporate network must have a PCG-approved policy in place
  • Back-up: All clients must have a back-up service for all servers and other systems storing data deemed critical to the business’s operation, to include cloud or other off-site backups
  • Cyber insurance: All clients must maintain cyber insurance covering both the insured and third-party claims, with a limit appropriate to the scale of the business

And just as homeowners supplement common sense precautions with proactive services like security systems, we also recommend that clients supplement baseline standards with additional proactive security services. These services add capabilities such as proactive monitoring to identify and remediate active threats and vulnerabilities, a risk management process, and a rapid cloud-based disaster recovery as a service (DRaaS).

Client Collaboration & Being Proactive

PCG alone can’t protect its clients from cybercrime. Security is a shared endeavor, with ultimate responsibility lying with the executive leadership team. Each client independently owns their information assets and is the authority over their IT policies, practices, and users; the arbiter of the MSP services they utilize; and the decision maker on how much risk they take.

Maintaining total network and information security means being proactive. We use the latest cybersecurity technology to build impenetrable business networks that keep intruders out and ensure critical assets are never compromised. We assess unique needs, identify vulnerabilities, and create customized action plans to protect businesses from every possible threat.

Our security guidance focuses on defining baseline standards that clients must acknowledge and meet. This protects you, PCG and its team, and the greater PCG community from the side effects of cybercrime.

Don’t wait until a cyberattack hits! Put your cybersecurity in the hands of trusted professionals whose proven security solutions ensure you’re fully protected from every type of threat, 24/7. Reach out today for a free cyber risk score!*

BOOK A CONSULT > CALL NOW > GET PRICING >
*Prices for full audits vary depending on industry, compliance requirements, and number of controls.

PCG is extremely responsive when I ask for help. We have developed a great partnership over the years together and I feel I always get the guidance I need for keeping our networks running smoothly. We never use to take security seriously, but PCG was persistent to let us know the risks and why protecting our assets was essential when handing critical client data.

Manufacturing company