Cybersecurity Preparedness Assessment
As you know, following the best practices outlined by the FCC Cybersecurity Tip Sheet is a good way to be prepared and become more resilient to possible attacks. According to the National Small Business Association, one in five small businesses fall victim to cyberattacks and, of those, 60% go out of business in six months.
Merysol Security’s Cybersecurity Preparedness Assessment is a confidential study that lets the business owner have a realistic and accurate view of how prepared their IT Infrastructure is to handle a cyber attack. The resulting report not only outlines the areas where the IT appears vulnerable but describes in detail the actions to take and the type of tools to procure to remediate the weakness.
The Cybersecurity Preparedness Assessment consists of the following steps:
> It begins with a meeting, typically one-hour long, between the business owner and his/her IT representative (if available); and a Merysol Security Expert. In this meeting the assessment process is presented, anticipated cooperation from the business is discussed, and the deliverable report is explained along with the expected duration of the engagement.
> Merysol Security delivers a site questionnaire. This tailored questionnaire is intended to take inventory of the business’ cyber exposure. The Customer’s person in charge of IT ( 80% of the time is the business owner), fills out the questionnaire either by himself/herself, or with help from Merysol Security. When completed, it is submitted to Merysol Security.
> Merysol Security analyses the information provided and prepares the deliverable report. The report is provided to the Customer in electronic form (pdf).
> A meeting is scheduled to discuss the report findings and recommendations. Next steps, if any, are discussed
The duration of this Assessment is highly dependent on the complexity of the operation and the time it takes the Customer to fill the questionnaire, but typically should last 2 weeks.
Nowadays it is common for small businesses to engage a Managed Service Provider (MSP) or a Managed Security Services Provider (MSSP) to be their IT expert rather than hire the IT expert in-house. This assessment would help the Customer understand how well the vendor is performing and whether adjustments need to be made.