CYBER-Provide reports on training activity?

Yes

CYBER-Offer flexible range of support contracts/plans?

Yes

CYBER-How on-site service calls handled for out-of-state-clients?

We will fly to the client as needed, but we can dispatch local peers for support if required.

CYBER-Share WISP templates?

Yes

CYBER-Have E&O insurance in place?

Yes

CYBER-Offer client references?

Yes

CYBER-Provide regular scans for PII on local devices and report location of files?

Yes

CYBER-Provide automatic patch management?

Yes

CYBER-Insurance industry client experience?

Yes

CYBER-Automatic vulnerability scanning capabilities included?

Yes

CYBER-Offer questionnaire/other resource to manage third-party service provider risks?

Yes

CYBER-Align WISP plan to insurance industry compliance drivers?

Yes

CYBER-Provide disaster recovery plan?

Yes

CYBER-Provide assessments on ongoing scheduled basis?

Yes

CYBER-Provide staff security awareness training?

Yes

CYBER-Provide forensic analysis in event of security breach using certified forensics consultant?

Yes

CYBER-EDR solution include virtual firewall solution?

Yes

CYBER-Technology specialty?

Security, nobody does it better. We prevent bad things, and offer a top not help desk for the day to day issues.

CYBER-Provide regular reporting indicating protections status/identified alerts?

Yes

CYBER-Require all technicians to have certifications?

Yes

CYBER-Support local hardware?

Yes

CYBER-Set up/configure SP/DKIM/DMARC?

Yes

CYBER-Provide Cybersecurity Risk Assessment?

Yes

CYBER-Endpoint solution monitored by?

Monitored by Company

CYBER-Provide tracked phishing email simulations?

Yes

CYBER-States in which you have clients

All states

CYBER-Endpoint solution protection real-time?

Yes

CYBER-Have certifications with Microsoft/Network Management/Cyber Security?

Yes

CYBER-Types of support offered?

[Set number of hours monthly, annually, etc.]

CYBER-Offer SLA?

Yes

CYBER-Provide endpoint protection for distributed workforce?

Yes

CYBER-Vulnerability scanning for External/Internal Networks?

[External Networks, Internal Networks]

CYBER-Provide dedicated support person to clients?

Yes

CYBER-Provide risk assessment for new clients?

Yes

CYBER-Offer implementation plan of technology requirements based on evaluation?

Yes

CYBER-Network security attended by a person?

Yes

CYBER-Geographic range of your insurance clients?

National

CYBER-Provide immediate response once cyber event reported?

Yes

CYBER-Number of insurance agency clients?

50

CYBER-Provide frequent short training videos?

Yes

CYBER-Cyber Risk Assessment time to take?

Speed is dependent on size and scope of project, could be a week, could be a few weeks.

CYBER-Training videos monitored?

Yes

CYBER-EDR solution allow for automatic updates?

Yes

CYBER-Products used for security awareness training?

Our products are routinely evaluated, so my answer here may be different in 12 months. Currently we use BreachSecureNow

CYBER-WISP frameworks able to work with?

PCI DSS, HIPPA, GDPR IV, NIST 800-53, NIST 800-171, CIS, CIS 8.0, ISO 27992, ESSENTIAL EIGHT

CYBER-Offer managed hosted solutions?

Yes

CYBER-Frequency of backups

Depends on need, can be adjusted, but generally nightly

CYBER-Provide network security monitoring?

Yes

CYBER-Provide Written Security Policy for third-party service providers?

Yes

CYBER-Provide state cyber compliance guidelines/recommendations/solutions where agency operates?

Yes

CYBER-Provide WISP writing services?

Yes

CYBER-Experience with recovering client from cyber event?

Yes

CYBER-Have data center?

Yes

CYBER-Backups on-site?

Yes

CYBER-Offer 24x7 monitored support?

Yes

CYBER-Help customize WISP plan?

Yes

CYBER-Snapshot backups available?

Yes

CYBER-Backups off-site cloud-based?

Yes

CYBER-EDR solution behavior or database based?

Behavior patterns

CYBER-Email threat filter based on triggers or static message?

[Based on triggers]

CYBER-Provide penetration testing by certified consultant?

Yes

CYBER-Vulnerability scan frequently

As often as needed.

CYBER-Provide backup and restore solution?

Yes

CYBER-Help desk country of origin?

United States

CYBER-Support email?

Yes

CYBER-Assist in resolving any cyber event issues?

Yes

CYBER-Create/provide incident response plan aligned with breach notification requirements?

Yes

CYBER-Provide Managed Endpoint Protection compliant with regulatory requirements?

Yes

CYBER-Links inside email messages scanned before opening?

Yes

CYBER-Provide email threat filter?

Yes

CYBER-Provide SOC for 24x7 monitoring?

Yes

CYBER-Endpoint Detection and Response (EDR) products

We use a managed version of Defender

CYBER-Provide best practice training for email activities?

Yes

CYBER-Email backup/archiving solutions?

Yes

CYBER-Provide Incident Response Plan in line with regulatory requirements?

Yes

CYBER-Offer e-cycling/other data disposal services for non-public information?

Yes

CYBER-Offer MFA solutions?

Yes

CYBER-Cyber Risk Assessment score based on Likelihood and Impact?

Yes

CYBER-Provide managed email threat filter?

Yes

CYBER-Detect devices without protection installed?

Yes

CYBER-Users failing simulations automatically added to re-training?

Yes

CYBER-Provide vulnerability scanning?

Yes

CYBER-Remediation validation after penetration test findings addressed?

Yes

CYBER-Vulnerability scan software

This changes as needs change. We don't sit with just one.

CYBER-How long have you been classified as an MSP?

Since the term existed, we've been providing managed services since 2000.

CYBER-Provide email encryption?

Yes

CYBER-AI-based penetration testing?

Yes

CYBER-Provide spam filter?

Yes

CYBER-Security awareness training managed by?

Company

CYBER-Percent of business managed services?

99

CYBER-Training videos include assessments/certifications?

Yes

CYBER-Company classification

Both Cybersecurity and IT/MSP

CYBER-Help remediate discovered vulnerabilities?

Yes

CYBER-Cyber Risk Assessment based on NIST?

Yes