2. Agency Solutions
Welcome
Tony Dials Brian Shell Eric Goldberg
ComResource
Chief Technology Officer
ComResource
Director of Systems,
Network & Security
ComResource
Agency Solutions
Engineer
3. Agency Solutions
Who We Are
v
• IT Solutions company based in Columbus, OH
• Over 25 years of industry experience
4. Agency Solutions
• Device Protection
• Network Protection
• Software Protection
• VOIP Protection
• Government Compliancy
Cybersecurity
• Device Protection
• Network Protection
• Software Protection
• VOIP Protection
• Government Compliancy
• Incident Response Plan
• Disaster Recovery
• Audit trail
5. Cybersecurity Event means any act or attempt,
successful or unsuccessful, to gain unauthorized
access to, disrupt or misuse an Information System
or information stored on such Information System.
- New York Department of Financial Services
Agency Solutions
6. Agency Solutions
Cybersecurity Stats
$200,000
Average impact on
companies
60% of Attacks
due to employee/
management negligence
43% Cyber Attacks
target small businesses
62% of Phishing
steal at least one user logon
68% of SMBs
have no
disaster recovery plan
1 in 323 Emails
are malicious
7. Partner with a Trusted IT Company
"If you spend more time on coffee than on IT security, you will be hacked.
What’s more, you deserve to be hacked.”
- Richard Clarke, White House Cybersecurity Advisor, 1992-2003
"It takes 20 years to build a reputation and few minutes of cyber-
incident to ruin it.”
- Stéphane Nappo, Global CISO at Société
"There was this absolutely horrible moment where I realized there
was absolutely nothing at all that I could do.”
- Amy Pascal, Former CEO of Sony Pictures
9. Agency Solutions
What Should You Expect from Your
Cybersecurity MSP?
Ability to off-load IT Tasks
Expertise in multiple industries
Trained & focused Subject Matter Experts
Skilled in Networking, Email, Wireless, PC, Firewall, VPN & Security
Cybersecurity best practice protocols
Continuous monitoring and maintenance of your environment
10. Cybersecurity Program Each Covered Entity shall
maintain a cybersecurity program designed to protect
the confidentiality, integrity and availability of the
Covered Entity’s Information Systems.
- New York Department of Financial Services
Agency Solutions
11. Agency Solutions
New York Compliancy Regulations
https://www.dfs.ny.gov/docs/legal/regulations/adoptions/dfsrf500txt.pdf
Cybersecurity Policy
Data Retention
Disaster Recovery
Cybersecurity Event Notification
(within 72 hours)
Incident Response Plan
Control Access Privileges
Application Security
Risk Assessment
Training and Monitoring
Multi-Factor Authentication
Encryption of Nonpublic
Information
Violations can incur fines of $250,000 or one
percent of total banking assets.
12. Agency Solutions
Critical Next Steps:
1. Manage access privileges
2. Cybersecurity event notification
3. Third-party provider security policy*
* If you are not supported by an experienced MSP, your cost may be greater, and you
may not be able to recover your systems
When a Breach Occurs…
13. Agency Solutions
Virginia Data Security Act
Cybersecurity Program
Cybersecurity Event
Investigation
Cybersecurity Event
Notification to Commissioner
Cybersecurity Event
Notification to Impacted
Consumers
The Act is Effective
July 1st, 2020
14. Agency Solutions
How ComResource Can Help!
Setup hardware policies and practices
Establish the proper security for devices, software, and collaboration
Review current infrastructure and assess weaknesses
Assess the proper licenses and security templates
Setup Multi-Factor Authentication(MFA)
Setup encryption procedures
Review data retention, backup procedures, and Data Recovery
options
15. Agency Solutions
The Implementation Process
-
Assess
• Online Assessment
• Customized Phone Survey
Estimate
• Cost Summary
• Timeline Estimate
Implement
• Infrastructure Delivery
• Training / Education
Support
• Engagement Model
• Create Support Procedures
16. Agency Solutions
Appendix: Assessment Focus Areas
• Information Security (antivirus and firewall, passwords)
• Data Governance and Classification (what types of data do you store and where)
• Asset Inventory and Device Management (physical count of computers)
• Access Controls and Identity Management (passwords and who has access)
• Business Continuity and Disaster-Recovery Planning and Resources (backups)
• Systems Operations and Availability Concerns (procedures if you are hacked)
• Systems and Network Security (antivirus and firewall)
• Systems and Network Monitoring (antivirus and firewall)
• Systems and Application Development and Quality Assurance (antivirus and firewall)
• Physical Security and Environmental Controls (locked doors, logging off at night)
• Customer Data Privacy (require passwords)
• Vendor and Third-Party Service Provider Management (assurances that your partners are secure)
• Risk Assessment (above)
• Incident Response (above)
Editor's Notes
We have a webinar and small presentation on getting the right security setup for your office also.