What We Do
Step 1 – Assessment
We conduct an in-depth, your business. The last thing any business wants to do is advise all their clients they have been breached, especially one that possesses confidential information. Maintaining an understanding of risks and vulnerabilities is an ongoing responsibility that changes over time . . . rust doesn’t sleep, and neither to hackers!
We will help you ensure your firm has a proper risk assessment in place to guard against future cyber incidents, streamline remediation efforts and avoid regulatory fines. Some aspects of the assessment:
- Security Gap Assessment
- Compliance Risk Assessments
- HIPAA, PCI, GDPR, CCPA, ISO 27000, NIST CSF, CIS, others
- Dark Web Assessment
- Email Security Assessment (o365, others)
- Cloud Security Assessment
Step 2 – Report and Plan
We return with a detailed report of your deficiencies including our plan to resolve them, which involves implementation of tools as well as some best practices. No matter how good the software is, they can always be defeated by an employee acting unwittingly. Solutions are custom-tailored to your law firm’s environment, from 24/7 threat monitoring to on-going system vulnerability management with employee behavioral analysis. We can include CISO On-Demand, Managed SOC, Managed Detection & Response (MDR), Endpoint Detection & Response (EDR), SIEM & Log Monitoring and Threat Intelligence We can explain all the alphabet regulations here, but the key is to identify the specific set of cyber security protocols (aka “framework”) appropriate for your law firm. We are big fans of NIST CSF, PCI DSS and the CIS Top 20.
Step 3 – Implementation
We implement the cyber security plan, with applications and methodologies. As a Managed Security Service Provider (MSSP), we include software for endpoint monitoring, employee training, etc. Employee errors are among causes of cyber incidents, so VRICyber routinely and surreptitiously tests employees to identify their state of vigilance. Employees who need training are identified, and results are reported to management.
Step 4 – Ongoing Administration
We set up an annual all-inclusive plan with 12 payments to pay for the Assessment as well as the monthly costs. A cyber security threat is the most time-sensitive situation an organization will ever encounter, and pushing out consistent updates keeps us ahead of the bad guys. Vigilance may be increasing, but threats continue to go undetected long after the initial infiltration. Cyber criminals are getting higher and higher returns, and their increasingly sophisticated extortion tactics and persistent phishing attacks continue to catch employees and systems off guard. And the true cost of a ransomware attack can multiply in nanoseconds when operations stall and the law firm’s reputation takes a hit.
Step 5 – Renewal
At the end of the year, we conduct another security assessment and start over again. The University of Maryland estimates that law firm’s data breach and hacked in every 39 seconds, and as soon as cyber security consultants shore up one vulnerability, hackers figure out ways around it. Just when you learn how to hit a fastball, the pitcher learns how to throw a curve! It is cat and mouse between the criminals and cybersecurity consultants; so vigilance is required.
We can throw the ball deep too! There are some custom testing that can further reduce your digital exposure to cyber criminals which include Email Penetration, Penetration Testing, Vulnerability Assessments, Web Application Testing, Social Engineering, etc.
Assessments with Incident Response
VRICyber’s security experts and forensic analysts can rapidly respond to a cyber event, creating a full picture of all pertinent detection, determining the appropriate response, and can be involved in notification activities related to the incident.
- Data Breach Response
- Malware Investigation
- Business Email Compromise
- Phishing Response
- Payment Card Investigations
- Insider Threat
- Intrusion Analysis
- Computer Forensics
We are here to protect you from having a cyber event, but in the event one occurs, we are positioned to remove the threat, minimize damages, and identify the source.
Expert cyber security for small to medium sized businesses.