CYBER-Provide reports on training activity?

Yes

CYBER-Offer flexible range of support contracts/plans?

Yes

CYBER-How on-site service calls handled for out-of-state-clients?

Local Contractor. Occasionally we will fly one of our technicians in.

CYBER-Have E&O insurance in place?

Yes

CYBER-Offer client references?

Yes

CYBER-Provide regular scans for PII on local devices and report location of files?

No

CYBER-Provide automatic patch management?

Yes

CYBER-Insurance industry client experience?

Yes

CYBER-Automatic vulnerability scanning capabilities included?

No

CYBER-Provide disaster recovery plan?

Yes

CYBER-Provide assessments on ongoing scheduled basis?

Yes

CYBER-Provide staff security awareness training?

Yes

CYBER-Provide forensic analysis in event of security breach using certified forensics consultant?

No

CYBER-EDR solution include virtual firewall solution?

Yes

CYBER-Technology specialty?

Microsoft and google environments.

CYBER-Provide regular reporting indicating protections status/identified alerts?

Yes

CYBER-Require all technicians to have certifications?

No

CYBER-Support local hardware?

Yes

CYBER-Set up/configure SP/DKIM/DMARC?

Yes

CYBER-Provide Cybersecurity Risk Assessment?

Yes

CYBER-Endpoint solution monitored by?

Monitored by Company

CYBER-Provide tracked phishing email simulations?

Yes

CYBER-States in which you have clients

Texas, Missouri, Colorado, California, New York

CYBER-Endpoint solution protection real-time?

Yes

CYBER-Have certifications with Microsoft/Network Management/Cyber Security?

Yes

CYBER-Types of support offered?

[Break/fix (service as needed), Set number of hours monthly, annually, etc.]

CYBER-Offer SLA?

Yes

CYBER-Provide endpoint protection for distributed workforce?

Yes

CYBER-Vulnerability scanning for External/Internal Networks?

[Internal Networks]

CYBER-Provide dedicated support person to clients?

Yes

CYBER-Provide risk assessment for new clients?

Yes

CYBER-Offer implementation plan of technology requirements based on evaluation?

Yes

CYBER-Network security attended by a person?

Yes

CYBER-Geographic range of your insurance clients?

National

CYBER-Provide immediate response once cyber event reported?

Yes

CYBER-Number of insurance agency clients?

3

CYBER-Provide frequent short training videos?

Yes

CYBER-Cyber Risk Assessment time to take?

1 week

CYBER-Training videos monitored?

No

CYBER-EDR solution allow for automatic updates?

Yes

CYBER-Products used for security awareness training?

Huntress SAT

CYBER-Offer managed hosted solutions?

No

CYBER-Frequency of backups

Depends on need. We suggest incremental.

CYBER-Provide network security monitoring?

Yes

CYBER-Provide Written Security Policy for third-party service providers?

No

CYBER-Provide state cyber compliance guidelines/recommendations/solutions where agency operates?

No

CYBER-Provide WISP writing services?

No

CYBER-Experience with recovering client from cyber event?

Yes

CYBER-Have data center?

No

CYBER-Backups on-site?

No

CYBER-Offer 24x7 monitored support?

Yes

CYBER-Snapshot backups available?

Yes

CYBER-Backups off-site cloud-based?

Yes

CYBER-EDR solution behavior or database based?

Behavior patterns

CYBER-Email threat filter based on triggers or static message?

[Based on triggers]

CYBER-Provide penetration testing by certified consultant?

Yes

CYBER-Vulnerability scan frequently

monthly

CYBER-Provide backup and restore solution?

Yes

CYBER-Help desk country of origin?

United States

CYBER-Support email?

Yes

CYBER-Assist in resolving any cyber event issues?

Yes

CYBER-Create/provide incident response plan aligned with breach notification requirements?

Yes

CYBER-Provide Managed Endpoint Protection compliant with regulatory requirements?

Yes

CYBER-Links inside email messages scanned before opening?

Yes

CYBER-Provide email threat filter?

Yes

CYBER-Provide SOC for 24x7 monitoring?

Yes

CYBER-Endpoint Detection and Response (EDR) products

Huntress, Bit Defender

CYBER-Provide best practice training for email activities?

Yes

CYBER-Email backup/archiving solutions?

Yes

CYBER-Provide Incident Response Plan in line with regulatory requirements?

Yes

CYBER-Offer e-cycling/other data disposal services for non-public information?

Yes

CYBER-Offer MFA solutions?

Yes

CYBER-Cyber Risk Assessment score based on Likelihood and Impact?

Yes

CYBER-Provide managed email threat filter?

Yes

CYBER-Detect devices without protection installed?

Yes

CYBER-Users failing simulations automatically added to re-training?

Yes

CYBER-Provide vulnerability scanning?

Yes

CYBER-Remediation validation after penetration test findings addressed?

Yes

CYBER-Vulnerability scan software

Vonahi

CYBER-How long have you been classified as an MSP?

10 years

CYBER-Provide email encryption?

Yes

CYBER-AI-based penetration testing?

Yes

CYBER-Provide spam filter?

Yes

CYBER-Security awareness training managed by?

Company

CYBER-Percent of business managed services?

100

CYBER-Training videos include assessments/certifications?

No

CYBER-Company classification

Both Cybersecurity and IT/MSP

CYBER-Help remediate discovered vulnerabilities?

Yes

CYBER-Cyber Risk Assessment based on NIST?

Yes