Our Holistic Approach to Cybersecurity
Businesses across the country are being impacted by Data Breaches, Ransomware and Malware Attacks that shut down and compromise networks. To combat these sophisticated attacks, you need to take a holistic approach to cybersecurity. The first step in reducing your exposure and threat risk is to carefully evaluate your systems. These systems are not just IT-related; they also include the staff, policies and procedures, and training. Having a holistic approach enables you to carefully analyze every single aspect of their infrastructure and identify Risks and Vulnerabilities that would enable a hacker to gain access to the systems.
Implementing effective security measures requires a buy-in from all of the stake-holders. If they do not take security seriously, or if they provide poor leadership, the entire business will suffer.
Rings of Security
A layered approach to Cybersecurity and HIPAA Compliance (if applicable) provides the fortitude you need to protect you and your business. Firewalls and anti-virus software, are important, but will not prevent many different types of cyberattacks. Hackers can often gain access to your network by compromising your improperly configured firewall or delivering malicious code via email.
Cyber Security Audit/Risk Assessment
Black Talon Security takes a holistic approach to Cybersecurity. We will work closely with your business or practice to understand and identify all aspects of the network, and specifically understand who has access and where data is stored. By doing a deep-dive into this, we identify weaknesses in the network that would enable unauthorized access to your data and/or the network.
A cybersecurity audit requires a very detailed discussion with the business and the IT company to understand the full-scope of the network. We also work closely to make sure all entry points and devices are properly secured.
A risk assessment is performed in order to identify where confidential information, intellectual property, critical business operations, PII or ePHI is stored and how it is accessed in order to minimize the chances of data loss or theft. For healthcare providers, we also deploy special software on your network to identify devices that may be out of compliance...resulting in a HIPAA violation.
Employee Education/Phishing Emails/SOPs
Did you know that 70% of data breaches are the result of an employee action. Employees who have not been properly trained can leave you and your business highly exposed to phishing and spear phishing attacks. How? Have you ever received an email from your "bank" asking you to validate your login and password? New attack techniques are becoming so advanced, that they often trick the most careful users. Scammers trick you into giving out personal information such as your bank account numbers, passwords and credit card numbers for malicious reasons, by disguising themselves as a trustworthy entity.
Our training concept is simple. We empower you and your staff to make informed decisions when it comes to interacting with websites and email. We teach a mindset and methodology that helps you dissect emails and differentiate safe emails from threat emails.
Through live webinars, we will educate you and your team on how to prevent falling victim to these scams. Black Talon Security will also develop and implement SOPs that will provide you and your staff with safe communication practices.
There are so many areas of a network that are vulnerable to attack due to outdated equipment, software, security holes that have not been patched, weak passwords, etc. A vulnerability scan utilizes several methods and technologies to expose the weaknesses in your network. Black Talon Security provides a remediation plan and works closely with you and your IT company to close the security vulnerabilities.
Penetration testing (also called pen testing) is the practice of testing a computer system, network or web application to find vulnerabilities that an attacker could exploit. The penetration test is performed by an ethical hacker who utilizes the same tools, techniques and procedures as a criminal in order to breach your network. It is a much more advanced process than vulnerability scanning and may take hours or days to complete.
The main objective of penetration testing is to determine security weaknesses. A pen test can also be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents.
A Payment Card Industry scan analyzes your external facing network for certain vulnerabilities that would enable a hacker to gain access to credit card information. A PCI scan is not concerned with protecting patient data, it is a standard that banks and credit card processing companies use to protect credit card numbers. PCI Scans are absolutely not a substitute for Vulnerability Scanning and Penetration Testing
HIPAA & Security Scans (for Healthcare Entities or those that store ePHI)
Enables us to identify certain areas on your network that contain patient data, credit cards, social security numbers, out of date user accounts, weak passwords, etc. This is not a vulnerability scan and must be used in conjunction with one to protect your data. This scan is often used to identify areas of your network that are not HIPAA compliant.
The minutes, hours and days following a breach often dictate how severe the outcome of the breach will be. It is imperative that you deal with a cybersecurity firm that truly understands all aspects of breach response and remediation. Many state and federal laws dictate how a breach must be handled. Evidence and data must be carefully preserved. Systems may need to be shut-down and brought back online systematically in order to prevent further attacks or loss of data. Determination on how the threat actors breached the system and analysis of forensics data is required to help the business understand their overall risk and proper course of action.
Upon notification of a breach, Black Talon Security can put "boots on the ground" to provide command and control of the situation. Will will coordinate efforts between legal, IT and insurance companies...ultimately taking you through very controlled and thorough processes to help maximize the chances of a positive outcome for the business and your clients.