Frequently Asked Questions (FAQs):
The small business self risk assessments are a collection of interactive documents on multiple subjects ranging from how secure your laptop is to preventing ransom-ware from getting to your systems. They apply to both home and business. These documents present you with specific questions about what you have, how it compares to what is considered 'more secured', and point to our articles on how to fix or patch whatever problems you have. Many of these articles attempt to not re-invent the wheel so we do reference other internet resources to help you out if necessary. Remember, you do not need to be an expert to apply safe-security practices or to apply effective security controls. Each question we ask in a risk assessment is weighed in importance by us. Your risk level will vary depending on your answers. After you finish a risk assessment for a particular topic, you can email it to yourself for reference or just save and print out the PDF file- It will show your risk level as well as all the issues you may need to fix and links to our guide documents. You can even forward this reference email to an IT contractor to do the work for you if you want, though they will need to be logged into your account to view our guides. You can take any risk assessments as many times as you would like.
Our small business self risk assessments are based off our own qualitative analysis methods, allowing us to quickly identify potential risks as well as determine the magnitude/likelihood of potential consequences to assets and resources that are vulnerable to these risks.
There are 2 sets of risk assessments:
- Foundational Risk Assessments - These assessments get you to a great baseline of cyber-security to stop cyber attackers.
- Defense In Depth Risk Assessments - These assessments add extra layers of security to help achieve "Defense In Depth", more completely protecting from cyber attackers.
After you complete any risk assessment, you have a choice for our system to save your risk assessment score. This risk assessment score will aid you getting an overall risk evaluation of your cyber security on 'Overall Business Cyber Risk Score' page. You get an evaluation grade that will tell you where you're at and keeps track of your assessment scores, etc.
All risk assessments are meant to done once per year since we update them throughout the year reflecting fixes and safeguards that protect from the newest security threats. Doing a single risk assessment might take around 10 or so minutes to complete, but following the assessments's recommend fixes may take more time for you to apply.
You should absolutely retrain your cyber security awareness at least once a year. You also need to assess your risk of a cyber security breach at least once per year. The cyber security landscape changes almost on a daily basis so periodic, if not regular, retraining and risk reassessments are highly highly recommended.
We happen to provide security awareness training and risk assessments for nearly all aspects of your small businesses. We update our classes constantly as the threat landscape changes, so that when you return to retrain the next year, there will always be some notable important differences- so it's important that you take *all* the awareness classes and risk assessments you have access to yearly.
As a member of GetCyberSecured, you get access to our exclusive Reminder Service.
We highly recommend signing up for this service below to help you stay on track with keeping your life and computer systems highly secure.
With this simple service, we'll automatically send you periodic reminder emails about when to use any GetCyberSecured services you've subscribed to for up to 3 years, enough time for you understand and schedule these event patterns in your personal calendar.
- Get reminders to start and complete your security awareness training as well as Risk Assessments.
- Get reminders of when it's ideal to make backups of your systems.
- Get reminders of when it's ideal to update your systems.
- Get reminders before key dates related to protecting your identity.
- Get yearly notifications to do your Risk Assessments (RA's).
- You'll get notified periodically when we make significant updates to any content that you may want to check. Sometimes we may notify you that we put new content up relating to recent big cyber attack events, news, and fixing these issues.
- We may send out greatly beneficial information, products, or services that we believe would help you be even more secure.
To learn more about what a DISO is (as featured on our pricing page), visit below:
This is a very useful and special page that shows a letter grade/ranking easily signaling to you where you are at in your securing. It also shows what securing activities you have done and what you have left to do. This grade/rank is great to brief to the small business owner if you're a DISO.
This page takes into account all the risk assessment results, security awareness training, and some extra questions to give you the letter grade/rank.
This is an ongoing service of ours as part of a membership with us (Prepared and CyberSecured). An alert will basically alert you (via email or text message) when a device/computer of yours needs attention because of a new issue or vulnerability that targets that device/computer.
How it works:
Generally on a weekly basis, we put out a blog post mentioning all the newest threats that have appeared. You can elect to receive an alert if a *relevant* threat related to what computer systems and devices you have needs security attention. If there are no alerts for you, then you'll never get a text message and/or email about it.
Within your membership area, you can setup whether you get an sms (text message) to your phone and/or an email message and what alerts you want, and you would base it on what IT systems or devices you have. You'll never hear from us if the alerts you pick never have any publicized security issues we find. If there is an issue publicized with what you chose, you get sent an SMS and/or email.
The knowledge-base is a private section of GetCyberSecured.com. You basically search for questions asked previously by users to see if you can get your questions answered instantly before you talk to one of our cyber security professionals. There are no user's private information in the knowledge base.
In our higher level plans, we have policy generators that allow you to generate a policy. The policy comes from a template and you can modify it to fit your business. After the policy is generated in a pdf or text (email) format, you may use it for your business if all checks out after your own legal review.
The following policies can be generated through GetCyberSecured:
- Computer & Internet Usage
- Data Protection
- Confidentiality Policy
- Cyber Security
- Bring Your Own Device (BYOD)
- Social Media
The security awareness course teaches and tells you about security awareness through scenario based exercises. You read and answer questions in the following categories:
- Safe Computer and Web Browsing
- Social Engineering
- Social Engineering 2 -Phishing
- Social Networking and Social Media
- Office Security
Completing these sections can take 10-20 minutes each.
All packages are priced per year and thus, you can complete any courses or assessments within that time, or not complete them. We highly highly recommend yearly retraining to learn about the always-changing security landscape.
All courses and assessments are at your own pace. The medium plan containing many risk assessments may take 30 minutes to an hour total to complete all of them, if not more. Following recommendations or guides referenced in the material may several hours, days, weeks, or months, depending on what all you need to fix. Figure all this time into your membership.
All Courses and assessments are generally tailored for business's with PC's using the latest Windows OS or Mac OS and iOS/Android mobile devices.
All you or your employees require to view courses is an internet-connected web browser, (Chrome, Safari, Firefox, Edge) circa 2017.
Simple. There is a 15-day money back guarantee. You can cancel your membership at anytime within 15 days of the initial purchase of a membership plan and get your money back if you're not satisfied. Just send us a message within 15 days through our contact page if you want to cancel with your money back.
While our plans are meant for the initial prevention of security issues for small businesses, you can review our sections on fixing and post break-ins to appropriately respond to an incident. You are also welcome to ask any questions you'd like to our cyber security professionals on issues that you have regarding this, assuming you're in that level of membership.
None of our services are designed to help you pass all audits, though they might end up doing so if you follow our cyber-secured system.
We do cover securing aspects for compliance requirements for HIPAA, PCI-DSS, and GDPR in our defense-in-depth risk assessments. We are not considered a de-facto source for securing for these compliance standards, only the official sources of the regulations can tell you exactly what you need to do, but we do try to point you in the right direction for following these standards from a cyber-security point of view.
We provide you the tools and information to secure your small business procedures and practices. We do cover protecting your website(s) from cyber attacks in our "Defense in Depth" risk assessments.
Protecting a website from cyber attacks can get very technical and may require a specialized security expert for web apps. We try to keep with the security fixes that almost anyone can do so we offer practical fixes that most people can apply themselves, or at least point you to services that may best help you.