As IT professionals we know from experience that everything begins and ends with security. Infrastructure, cloud-based storage, usability, access control, application access, personal records, business protocols, etc. - each has a direct connection to the security architecture of every business. Our regimented approach ensures that all possible intrusion interruptions are eliminated. All successful engagements with Cayfour are repeatable and visible to the customer. We will demonstrate through reporting and live monitoring how the business infrastructure was operating and demonstrating that it is no longer vulnerable to threats or reliability issues.
We begin our engagement with a complete and thorough evaluation of the entire information technology environment. With security at the forefront of each step, we dive deep into each business element. We focus on the primary areas that are most likely to cause you problems.
OUR MULTI-LEVEL ASSESSMENT
Security Audit: Policies & Protocols
First, we examine your personnel use of policies and protocols. Most successful hacks are due to weak or unchanging passwords. There’s a strong likelihood that we could obtain all of your passwords in about 15 minutes, unless you are following strict guidelines for password creation and management.
If you are storing it digitally, we will conduct a penetration test to see if we can gain access. If we can, we will recommend the appropriate fix. If you are keeping much of your data on paper, we’ll examine how you are controlling access to your files, particularly those files that contain sensitive information. Additionally, we will recommend a digital approach to storing your data in the cloud, where it is secure, backed-up regularly and uses a secondary site to ensure that you will never lose data. This approach probably won’t apply to all of your stored data needs, we will focus on that data that is most critical to your business, or would cause the most damage if it were leaked, lost or stolen. In this process, we will examine how you set up data access protocols to ensure that only people with a need to know have access to sensitive data.
Data Transfer & Sharing
We will look at your data creation and transfer protocols and how you are securing your data both in transit and at rest. We will look at your security from a “Defense in Depth” perspective to ensure that you are securing your data holistically to include physical access, access control and cyber security or malware protection.
Hardware & Applications
As part of our hardware analysis, we will review the applications that you are running on each machine (e.g., are they required on each machine, do they open a door to hackers if they’re connected to the internet, etc.). We’ll evaluate the age of your machines and how well they are maintained (e.g., do they have the required patches and upgrades, etc.) and does the age of your hardware allow the use of the latest anti-malware applications and protocols.
Finally, we will conduct a standard security audit to include a comprehensive penetration test to find the holes. In our final report, we will provide recommendations for remediation that are scalable (i.e., those that will grow with your business) and an option for a quarterly “tune-up” and semi-annual audit with the goal of getting you in shape and keeping you there.
Ensuring business uptime means thoughtful and continually evaluated planning. From the edge to the core, Cayfour will highlight warning areas and plan for their hardening within a timeframe and within the given budget. Complete security is expensive, but our experience will guide the process in a way that fits the financial risk. We take security seriously. We’ve built the team and the protocols to guarantee a good night’s sleep.