Cyber-attacks target every kind of business. Many "hacks" are automated (think viruses and e-mail spam) so even if you don't think you're on anyone's radar, you can still be hit, and lose valuable data or the ability to carry out your business. Maine businesses are vulnerable. For example, Augusta's City Center was shut down for two days in April 2019 when they were hit by a ransomware virus -- the kind that locked up their data and threatened to delete it if they didn't pay $100,000 to the hacker.
Securing information systems is difficult particularly because it requires knowledge of many aspects of the technology, not only coding but also databases, networking, server administration, hardware, and even a bit about user psychology. My knowledge in each of these areas comes from over 20 years working with, researching, and teaching about information technology. I'd like to use that knowledge to help you identify and manage the risks you face.
No organization can be completely secure from all threats, but any business can strive for improvement in that direction. One of the first things you will need is to assess your current risks and identify the low-hanging fruit -- those things that you can do most easily that will significantly reduce your risks.
My most basic offering is a cybersecurity audit that will help you get this process going. I'll visit your location, ask lots of impertinent questions about your IT setup, and help you work through a questionnaire and some worksheets to identify vulnerabilities and threats, and quantify your risks. During the visit, I'll also help you perform some of the easiest and most powerful risk-mitigation measures, such as installing antivirus software, adopting a corporate security policy, or linking your employees to video training.
At the end of my audit, you'll receive a detailed report assessing your cybersecurity situation based on the NIST standards, and a prioritized list of recommendations for further risk mitigation. This will be something you can show to your insurance agency, your customers, your investors, or other business partners; and if you repeat it a year later, you'll have concrete evidence of improvement.
One of the easiest things to get wrong in application development is security. Web and mobile apps that are coded quickly often leave the door open to hackers, pranksters, and other malevolent forces such as spam. As a veteran developer, PhD, and certified cybersecurity pro, I can help you find and plug vulnerabilities like these:
Many of the most damaging "hacks" target your employees first, their computers second. A fraudulent e-mail may trick you into clicking on a link that downloads malware, or a voice on the phone claiming to be from the IT department may trick you into giving up your password (these are known as "phishing" attacks). The best way to prevent these "social engineering" attacks is by training employees. As a Ph.D. and former faculty member at Arizona State and UMaine, training is one of my greatest strengths.
As with other aspects of cybersecurity, there is a lot of low-hanging fruit. I can offer a half-day seminar to a pretty large group that will raise awareness of the most significant threats and arm your employees with tools and strategies to prevent many of the most common "hacks". This will improve your cybersecurity audit result and may be the minimum expected by your insurance company, investors, for government contracts, etc.
If that doesn't meet your needs, we could scale it up or down. I could design a multi-day training series with hands-on activities to prepare your team for the worst that could happen, including simulated incident response procedures and/or disaster recovery plans. Or going the other direction, I could set up watch-at-your-own-pace video training and give you reports on who has watched which lessons.
There are many levels of continuous monitoring of your cybersecurity situation possible. On the technical side, I could monitor your security logs, including firewalls and intrusion detection systems, remotely from my office and give you regular reports. On the organizational side, I can set up video training and monitor employee participation, as well as regularly checking compliance with password policies and the like.
There are also a number of third-party tools I can set up for your organization. For example, a dark-web scan keeps an eye on some of the seedy anonymous websites where identity theft occurs, and can alert us if any of your employees' usernames and passwords come up for sale. The value of tools like this is well above their price, if only you have an experienced professional to configure them for you.
Rates are negotiable based on circumstances. To learn more about the discounts I can offer, call 207-307-1457.
|Cybersecurity audit (0-20 employees)||$1800|
|Cybersecurity audit (20+ employees)||call|
|Half-day employee training (up to 40 attendees)||$2400|
|Development of corporate security policy, disaster recovery plan, etc||call|
|Vulnerability scanning & penetration testing||call|
|Ongoing technical and/or policy monitoring||call|
|Security-oriented code review & retrofit||call|
|Standard cybersecurity consulting rate||$600/day