A History of Shaping Futures…Through IT Advisory Services
80% of all hacker attacks target small businesses
72% of businesses that suffer major data loss shut down within 24 months
60% of small businesses do not back up their data
With highly publicized incidences of data loss and increasing security risks, many organizations struggle to develop and maintain a strong information technology control environment. Ask yourself is your business prepared in the event of a cybersecurity breach? Now is the time to take stock of your cybersecurity health, securing information through best cybersecurity practices; identifying your risks and the types of cyberthreats; and learning best practices for guarding against cyberthreats.
Marvin and Company’s IT audit professionals have experience working with a wide variety of industries of all sizes. We partner with you to ensure your organization is secure and is following best practices related to Information Technology.
A security audit is a specified process designed to assess the security risks facing your business and the controls or countermeasures adopted by your business to mitigate those risks. Marvin and Company’s IT audit team will interview key personnel, conduct vulnerability assessments, catalog existing security policies and controls, and examine IT assets covered by the scope of the audit. Specific questions the audit will seek to answer include:
- How difficult are passwords to crack?
- Do network assets have access control lists?
- Are disaster recovery plans in place and tested on a regular basis?
- Are personal computers regularly scanned for adware or malware?
- Who has access to backed-up media in the organization?
These are just a small sample of the questions that the security audit will attempt to answer. It is important to understand that a security audit is a continuous process that should deliver continuous improvement to your business.
What is vulnerability management and does my company need it? Vulnerability management is the practice of identifying, classifying, remediating, and mitigating vulnerabilities in company applications, software, operating systems and networks. Vulnerability management should not be considered optional anymore; in fact many information security compliance, audit and risk management frameworks require organizations to maintain a vulnerability management program.
Our goal during a vulnerability assessment is to answer the question “Where are my companies’ security holes?” To do this our team will break the assessment down into 5 parts:
- Discover: Uncover forgotten devices & organize your host assets according to their role in the business (Visually map the network)
- Assess: Scan for vulnerabilities everywhere (perimeter, internal networks, Cloud servers) –accurately and efficiently
- Prioritize: Identify the highest business risks using trend analysis, Zero-Day and patch impact predictions
- Remediate: monitor vulnerabilities over time and manage exceptions (Remember the data is only as good as the last time it was updated. Just like an audit, the data reported is only relevant to the last time an asset was assessed)
- Inform: Customize comprehensive reports to document progress for business executives and IT staff
Security Awareness Training and Simulated Phishing Platform:
Old-school security awareness training doesn’t hack it anymore. Today, your employees are frequently exposed to sophisticated phishing and ransomware attacks.
- Baseline Testing
- We provide baseline testing to assess the Phish-prone™ percentage of your users through a free simulated phishing attack.
- Train Your Users
- The world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.
- Phish Your Users
- Best-in-class, fully automated simulated phishing attacks, hundreds of templates with unlimited usage, and community phishing templates.
- See the Results
- Enterprise-strength reporting, showing tats and graphs for both training and phishing, ready for management. Show the great ROI!
The System Really Works
After years of helping our customers train their employees to better manage the urgent IT security problems of social engineering, spear phishing and ransomware attacks, we decided to go back, and look at the actual numbers over a 12
We aggregated the numbers and the overall Phish-prone percentage drops from an average of 15.9% to an amazing 1.2% in just 12 months. The combination of web-based training and frequent simulated phishing attacks really works.
Please Contact Us
For additional information, please contact our Network Manager John J. Unser:
Telephone: 518-785-0134 ext. 4581
With more than 14 years of experience in the IT field, John holds multiple certifications from CompTIA, Microsoft, QUALYS, CIW, VMware, ITIL and Cisco Systems. John has worked in various areas including tier II - III support, network design/implementation, and IT auditing.