Overview

We don't believe in a "Lone Ranger" approach to cyber security. We don't expect to gallop in on a horse, throw out the "cyber security protection," and gallop off into the sunset, and neither should you. If you are serious about security, you will want to know where you are today, where you are compared to your competitors, and how to get from your present position to a much more secure security posture.

Small Business Profiles

We work with small businesses with 6- to mid-sized firms with 100 employees. We classify firms with fewer than six employees as Single Office/Home office (SOHO) companies. We do have services to support SOHO companies, depending on how they manage their infrastructure.

Analysis Paralysis

It isn't easy knowing where to start and what should be done, and that's where we can help. The Constant Query structured program begins with the basics, a risk assessment of where you are today, identification of areas that need to be corrected from immediate/critical through low or no impact, and a corrective action plan for how and why the identified risks should be addressed.

We help you create or update incident response and communications plans

We provide team building exercises and training so that if an incident occurs, you know how to respond and stop the attacks

Policies and Procedures

You have a business plan; in a nutshell, it defines where you want to go and how you plan to get there. The same is true for your cyber security policies. What do you need to protect? How do you protect your information? What should employees be aware of? How do you respond to an incident? Your business may also need to meet legal and regulatory requirements for financial data, health care information, or privacy compliance, and that’s why it’s important to have a cybersecurity policy.

Getting started

Your policies can range in size from a single one-sheet overview for user awareness to a large document covering everything from network security to working with vendors or suppliers. The policies must be documented and maintained periodically. They are not something to create, file and forget. Constant Query can help you create your policies or help with a gap analysis of your current policies vs. current best practices and security frameworks. As part of our security program, we can create and review policies for the following:

  • Information Security Policy
  • Acceptable Use
  • Incident Response Policy
  • Incident Response Communications Plan
For extended programs, we can also help review your Business Continuity Plan (BCP) and/or Disaster Recovery Plan (DR) and, if you have them, Network Security, Data Mapping, Vendor Management, Email, and social media communications.

Training and Response

Policies should clearly identify roles and responsibilities, including Who issued the policy and who is responsible for its maintenance and enforcement. Who (and how) users are trained on security awareness and who responds to and resolves security incidents. Constant Query's security program encompasses all of these areas, from security awareness testing to incident response exercises that allow you to test and improve your incident response procedures for everything from phishing emails to ransomware attacks.

Vendor Management

Once you have policies in place, it is important to ensure that any vendors and suppliers with access to your systems also have a cyber security practice that keeps your network from harm. Constant Query can help administer your vendor management program. Constant Query can also help you respond to Vendor DDQ questionnaires if your customers ask you for the same information to protect their systems.

Why Us

Confidentiality

Confidentiality means protecting your non-public information from unauthorized access. You decide who is authorized to access the information and under what conditions. You will not open your financial data or your client's private information to anyone with an internet connection.

Failure to maintain confidentiality means that the above scenario is exactly what can happen. We read about this kind of failure, called a breach, unfortunately, quite regularly with breaches involving millions of records exposing everything from social security numbers to medical records and sensitive financial information.

A breach cannot be remedied in an overwhelming number of incidents. Secrets, once revealed, cannot be taken back, and if your organization is the source of the breach, you may face legal, regulatory, financial, and reputation loss. While we read about large company breaches, the truth is most breaches come from small businesses, and many small businesses that experience a breach do not recover.

Constant Query's "Cybersecurity, Small Business Edge" programs can help you improve and maintain the confidentiality of your information.

Integrity

Integrity, or in this context, data integrity, refers to the accuracy and validity of data that you manage. Corrupt or compromised data has no value but can be costly and dangerous to the organization, depending on it. Data integrity can be compromised in several ways. Each time data is copied or transferred, it presents an opportunity for unintentional or unauthorized alteration. Maintaining data integrity is a core focus of any cyber security framework. Processes should be in place to encrypt data-at-rest and data-in-motion to prevent theft and tampering. Access controls should be in place to prevent unauthorized access to data. The data itself should be classified so that resources can be appropriately allocated to protect data as required.

Constant Query's "Cybersecurity, Small Business Edge" programs can help with the assessment and improvement of your overall cyber security posture and data integrity. Constant Query can help you create or review your Data Classification and Data Mapping policies and procedures.

Availability

Availability means that your systems and information are available for use whenever you need them.