Do you classify your company as:
Both Cybersecurity & IT/MSP

Do you have insurance industry client experience?
Yes

How many insurance agencies do you have as clients?
3

Geographic range of your insurance clients:
National

States in which you have clients:
Texas, Missouri, Colorado, California, New York

Do you offer client references?
Yes

Have you had experience with recovering a client from a cyber event?
Yes

If a client is located out of state, how do you handle on-site service calls?
Local Contractor. Occasionally we will fly one of our technicians in.

Do you require all technicians with your company to have certifications?
No

What percent of your business is managed services as opposed to break/fix?
100%

Do you support local hardware?
Yes

Do you have a data center?
No

Do you offer managed/hosted solutions, such as AWS?
No

How long have you been classified as an MSP?
10 years

Do you offer 24×7 monitored support?
Yes

What types of support do you offer?

• Break/fix – service as needed
• Set number of hours monthly, annually, etc.

What is the country of origin for your help desk?
USA

Do you have Professional Liability Errors and Omissions insurance in place?
Yes

Do you offer a flexible range of contracts and plans for support?
Yes

Do you provide a risk assessment for a new client?
Yes

Do you offer an implementation plan of technology requirements based on your evaluation?
Yes

What do you consider to be your technology specialty?
Microsoft and Google environments.

Do you have certifications with Microsoft, Network Management and Cyber Security?
Yes

Do you offer an SLA?
Yes

Are you in compliance with the NY Cyber 500 Regulations?
No

Do you support email?
Yes

Do you provide email backup/archiving solutions?
Yes

Can you help setup and configure SP, DKIM, and DMARC?
Yes

Do you provide email encryption?
Yes

Do you provide a spam filter?
Yes

Do you provide a managed email threat filter?
Yes

Do you provide best-practice training for email activities?
Yes

Do you provide an email threat filter?
Yes

Is the email threat filter customizable based on triggers or is it a static message?
Based on Triggers

Are links inside email messages scanned before opening?
Yes

What products do you provide for EDR?
Huntress, Bit Defender

Does your EDR solution use behavior patterns or is it based on only a database of known virus signatures?
Behavior-based

Is your endpoint solution real-time protection?
Yes

Is your endpoint solution monitored by your company or does the client monitor it?
Monitored by Company

Are you able to detect devices that do not have protection installed?
Yes

Do you provide Managed Endpoint Protection that is compliant with applicable regulatory requirements?
Yes

Do you provide a dedicated support person to clients?
Yes

Do you provide endpoint protection for a distributed workforce (Work from home, for example)?
Yes

Does your EDR solution allow for automatic updates?
Yes

Does your EDR solution include a virtual firewall solution?
Yes

Do you provide vulnerability scanning?
Yes

Is vulnerability scanning for External Networks, Internal Networks, or both?
Internal Networks

How frequently can the scans be conducted?
Monthly

What software do you use for your vulnerability scans?
Vonahi

Do you include automatic vulnerability scanning capabilities?
No

Can you help remediate discovered vulnerabilities?
Yes

Do you provide penetration testing by a certified consultant?
Yes

Do you use AI-based penetration testing?
Yes

Do you do remediation validation after your penetration test findings are addressed?
Yes

Do you provide network security monitoring?
Yes

Do you provide a SOC (Security Operations Center) for 24×7 monitoring?
Yes

Is your network security attended by a person?
Yes

Do you offer multi-factor authentication solutions?
Yes

Do you provide automatic patch management?
Yes

Do you provide a Cybersecurity Risk Assessment?
Yes

Is the assessment based on NIST?
Yes

Does your assessment provide a score based on Likelihood and Impact?
Yes

How long does the assessment typically take?
1 week

Do you provide services for writing a Written Information Security Plan (WISP)?
No

Do you provide a Written Security Policy for Third-Party Service Providers?
No

Do you offer e-cycling or other data disposal services for non-public information?
Yes

Do you provide assessments on an ongoing scheduled basis?
Yes

Do you provide forensic analysis in the event of a security breach using a certified forensics consultant?
No

Do you provide state cyber compliance guidelines, recommendations, and solutions for any state an agency may operate?
No

Can you create or provide an incident response plan that aligns with breach notification requirements?
Yes

Do you provide regular (at least monthly) reporting indicating status of protections and any alerts identified?
Yes

Do you provide regular scans for PII (Personal Identifiable Information) on local devices and report the location of those files monthly, at the minimum?
No

Do you provide a backup and restore solution?
Yes

Is backup onsite?
No

Is backup offsite cloud-based?
Yes

Frequency of backup?
Depends on need. We suggest incremental.

Are snapshot backups available?
Yes

Do you provide an Incident Response Plan that is in line with regulatory requirements?
Yes

Do you provide a disaster recovery plan?
Yes

Do you assist in resolving any cyber event issues?
Yes

Do you provide immediate response once a cyber event is reported?
Yes

Have you had experience with recovering a client from a cyber event?
Yes

Do you provide staff security awareness training?
Yes

What products do you use for Security Awareness Training?
Huntress SAT

Is the training managed by your company or the client?
Company

Do you provide frequent short training videos?
Yes

Are the videos monitored to ensure they are watched?
No

Do you include assessments and\or certifications?
No

Do you provide phishing email simulations that are tracked?
Yes

Are users who fail the simulations automatically added to re-training?
Yes

Can reports on training activity be provided?
Yes