Cybersecurity Services for Central Ohio Businesses

Providing managed cybersecurity solutions to small and medium sized businesses in Columbus and all over Ohio.

About Cloud Cover's Cyber Security Services

We provide cyber security consulting, services and support for Columbus, Central Ohio and beyond. We provide Managed Cybersecurity as a Service for your business for a predictable monthly cost. Our local team of security experts monitor, manage and help you prevent cyber attacks to keep your business and critical data safe and secure. Have specific compliance needs? We can tailor our solutions to help you get compliant and stay compliant.

Proud to be local. Areas we serve in Ohio:

Columbus Metro area including

Pickerington

Pickerington

Worthington

Worthington

Dublin

Dublin

Westerville

Westerville

Gahanna

Gahanna

downtown

Downtown

Grove-city

Grove City

Hilliard

Hilliard

Outside of Columbus

Also providing remote Cybersecurity services throughout the Midwest.

Lancaster

Lancaster

Newark

Newark

Zanesville

Zanesville

Athens

Athens

Mansfield

Mansfield

Marion

Marion

Delaware

Delaware

Celina

Celina

Coldwater

Coldwater

St. Marys

St. Mary's

Cyber Security Planning

What makes a good cyber security plan for small businesses?
Your cyber security plan should include multiple layers of security.  You plan isn't a one time project but a continuous journey.  Consider how malware could reach your data and what can be done along the way.  Physical security for your home or business is a good analogy.  You might have a gate and a "protected by alarm company" or beware of the dog sign to deter attackers.  You lock your door to slow them down.  You might let your neighbors know when you go on vacation and turn on your alarm system to let you know in case something happens. You plan should include the following pieces at a minimum
  • Group 298

    Spam Filter

  • Group 298

    Phishing testing and training

  • Group 298

    DNS Filtering

  • Group 298

    Internet Filtering

  • Group 298

    Device Configuration

  • Group 298

    Backups

01
Spam Filter

Everyone know a spam filter is important. However, it's also important to move beyond the basics with services such as Microsoft Advanced Threat Protection.

02
Phishing testing and training

Inadequate cybersecurity training can have serious financial consequences. The most effective form of training involves short 2-3 minute videos sent to employees after they click on a fake phishing link.

03
DNS Filtering

DNS filtering is the process of using the Domain Name System to block malicious websites and filter out harmful or inappropriate content.

04
Internet Filtering

Internet content filtering can and should be performed at multiple layers. Content filtering allows you to block certain categories of websites based on your organizational policies. It also filters malware.

05
Device Configuration

Hardening devices makes a different in whether or not an attack succeeds and how fast it can spread. Following a standard like the Center for Internet Security is a good place to start.

06
Backups

Backups are the last line of defense. They are formally included in the NIST (National Institute of Standards) frameworks. You can read more about the NIST Cybersecurity Center of Excellence here. There are many types, brands, flavors and permutations of backups.

We can help you plan and decide what works best for your team. Different businesses have different needs depending on industry, size, budgets and compliance needs. We work with you and your team when things change and hold weekly or quarterly meetings to make sure we stay ahead of the curve and scale and grow with your team. 

Cyber Security Insurance Consultations

There are two main types of cyber insurance options available to businesses, first party cyber insurance and third party cyber insurance. First party cyber insurance is designed to protect the business itself against losses caused by a data breach or other cybersecurity incident. This type of insurance covers the business’s own costs related to the incident, such as forensics investigation costs, business interruption losses, and related reputational damage. Third party cyber insurance focuses more on protecting the business from legal liabilities associated with a cybersecurity incident. This type of coverage will provide protection for claims made against the company by customers, vendors, or other third parties alleging financial loss due to an incident, as well as cover legal costs associated with defending those claims. We can help make sense of your policy, your application and your needs.

This is a personal decision for each business owner to make.  Start with these questions when preparing to talk to your insurance agent.

  • Group 298

    What does it cost your business to be down for a day?

  • Group 298

    How long would it take you to rebuild your IT systems from scratch?

  • Group 298

    What would the harm be to your reputation if you lost client information?

  • Group 298

    Are you spending enough on good quality security now. Security spend should be about 25-50% of your overall IT budget.

  • Group 298

    Do you train your employees?

  • Group 298

    Do you regularly review phishing test results?

  • Group 298

    Have you talked with your peers? A business owner once told us he was the only one in his peer group that hadn't suffered through a ransomware attack.

Email Security


Protecting your emails from cyber threats is essential. Not only does it protect the sensitive information of your customers and employees, but also maintains the integrity of your brand. You'll need to secure your Office 365 environment AND your devices. Many businesses are hesitant to due to cost or lack of understanding of what's involved. Understanding how to secure your email is complicated. Understanding how to work with someone to secure your email is not. And, the cost is small relative to other IT investments. Your Microsoft Secure Score is a good place to start.

We  can help manage your licensing and decide what layers to put in place to secure your email. 

ORH91S1-1

Phish Testing and Training

Roughly 90% of attacks start with a phishing email.  The most effective defense against phishing is training.  Phishing training can be as short as 2-3 minute videos presented to employees right after they fail a test. We "phish" your team and send training videos so that you and your employees can learn about how to spot a phishing attempt and keep the threat top of mind.

Types of Phishing Attacks

  • Email Phishing

  • Smishing

  • Spear Phishing

  • Angler Phishing

  • Whaling

  • Search Engine Phishing

IT and Cyber Compliance

IT compliance isn't just for large corporations.  Compliance programs help small businesses adhere to best practices which protect sensitive data and ensure business continuity.

01

Avoiding Legal Consequences

Non-compliance with IT regulations can result in hefty fines and penalties, which can have a significant impact on a small business's financial health. 

02

Protecting Sensitive Data

Compliance helps businesses take measures to protect sensitive data, such as customer information and financial data, from cyber threats and data breaches.

03

Meeting Customer Expectations

Compliance regulations help businesses demonstrate their commitment to protecting customer data, which can help build trust with their customers.

04

Boosting Business Efficiency

Compliance ensures businesses have proper data management, IT security, and disaster recovery plans in place. Complying with best practices help small businesses improve their efficiency, reduce IT risks, and ensure business continuity in case of unforeseen events.

To learn more about our IT and Cybersecurity Compliance Services check out our page

Data Loss Prevention


Data loss prevention (DLP) is a strategy for protecting confidential or sensitive information from unauthorized access. It involves identifying, monitoring, and protecting data in transit and at rest. DLP solutions can monitor and protect data stored on hard drives, cloud storage systems, email servers, networks, and other connected devices. DLP adheres to the Pareto Principal. A relatively small amount of work can get you most of the benefits. You may already be paying for DLP features in your Office 365 plans. We can set your team up with the appropriate layers of DLP to maximize your protection.

189lB

Zero Trust

Zero Trust is a combination of "never trust, always verify" combined with "least access."  Traditional security assumed if you were in the building you were allowed to go where you wanted.  Zero Trust is the digital equivalent of locking the interior doors.  The goal is to prevent unauthorized access to data and services.  Zero trust may require a change in an organization’s philosophy and culture around cybersecurity.

Identity

Device

Network

Application

Data

Traditional

Passwords

Basic Inventory

Flat network

On-prem

File permissions

Zero Trust

MFA SSO

Compliance Enforcement

Segmented Network

Cloud Based SSO

Encryption DLP

Zero trusts moves from passwords to MFA and Single Sign-On.  MFA provides a higher degree of confidence that it's you rather than a hacker sitting in a dark room pretending to be you.  Single sign-on formalizes the concept of identity rather than separate systems that just consider a username and password.   SSO works based on a trust relationship established between the party that holds the identity information and can authenticate the user and the service or application the user wants to access.  It's the electronic version of a driver's license.  Other businesses trust your license is valid and in effect trust the State of Ohio to verify your identity more than they would trust themselves to verify your identity.

Click the button to learn if Zero Trust strategies are appropriate for your business:

Dark Web Scans

A dark web scan is a process that searches the dark web for any compromised company data. The dark web is a part of the internet that is not accessible through traditional search engines, and it is often used by cybercriminals to sell or trade stolen data. A dark web scan can detect early signs of a data breach, allowing you to take immediate action to prevent further damage. By regularly scanning the dark web, you can monitor if any of your business's sensitive information is being traded or sold.

A dark web scan is an effective and affordable tool for small businesses to detect and prevent data breaches. It can help protect your business's reputation, comply with industry regulations, and provide comprehensive monitoring of compromised data. By implementing a dark web scan, small business owners can mitigate the risk of data breaches and safeguard their businesses against potential losses.

Incident Response Planning


Most plans have these seven elements in them.  It's not necessary to have all of these elements and many aspects will not be feasible for companies without large in-house IT teams.  Some elements like preparation are absolutely the responsibility of business owners and require your specific knowledge to complete.  No IT company or even IT employee knows as much about different parts of your business as you.

Incident-Response-Cycle
01

Preparation

02

Identification

03

Notification

04

Containment

05

Eradication

06

Recovery

07

Post-incident Activities

Learn more about Incident Response plans and how to create yours here or work with us to create a plan that works for you and your team. 

Multi-Factor Authentication (MFA)

Everyone understands the important of MFA.  Everyone uses MFA to access their back accounts and email.  Most owners and managers don't have a grasp on what percentage of their applications are protected by MFA or what it would cost to add protection to a system.  

  • Group 298

    Can help you be compliant: Many industry regulations, such as HIPAA and PCI-DSS, require the use of MFA to protect sensitive data. By implementing MFA, small businesses can comply with these regulations and avoid costly fines and penalties.

  • Group 298

    Is Cost-Effective: Implementing MFA is relatively low cost and can provide significant security benefits. Many MFA solutions are cloud-based, which means there is no need to invest in additional hardware or software.

  • Group 298

    Is User-Friendly: MFA solutions are easy to use and can be customized to meet the needs of your business. Many solutions offer a variety of authentication options, such as text messages, biometric scans, or push notifications, allowing users to choose the option that works best for them.

Ransomware Prevention

Ransomware Prevention Checklist

  • Group 298

    Provide training to employees. 

  • Group 298

    Run phishing tests

  • Group 298

    Insist on MFA.  Everywhere

  • Group 298

    Observe and participate in backup and disaster recovery testing

  • Group 298

    Review cyber insurance applications

Security Layers
In 2011, Lockheed Martin published its Cyber Kill Chain framework.  The model describes steps attackers go through in order to breach, destroy or gain control of systems.  Modern Ransomware Protection attempts to interrupt attackers at each phase in their process by using software, policies and education.

Ransomware Prevention


If you think you have fallen victim to ransomware attack, first, don't panic. Second, don't deal with this alone.  If you think you might be infected by Ransomware, we can help. Let us assess the situation and help you decide the best course of action. We have helped many companies get out of paying, get their data back or pick up the pieces if it's just too late. Don't do this alone, contact us.

Portrait of a smiling customer service representative with an afro at the computer using headset-1

Penetration Testing

A penetration test, often referred to as a “pentest,” is a human or group of humans performing an authorized simulated attack on a computer system, network or web application to evaluate its security posture. The process is used to identify potential vulnerabilities and misconfigurations that could be exploited by malicious actors.

Many times "vulnerability scan" and "penetration test" are used interchangeable.  They are very different things in terms of cost and the information they provide. 

01
How is a penetration test different than a vulnerability scan?  
02
Which one do you need? 
03
What does it cost?
04
Isn't there a less expensive option?.

Managed Cybersecurity Services FAQs

For even more FAQs about managed cybersecurity services check out our page:

Columbus, Ohio Cybersecurity as a Service

What are managed cybersecurity services? 

Our managed cybersecurity services help Ohio businesses managed their risks and mitigate threats. With threat intelligence, system monitoring, incident response and vulnerability patching, we keep your business safe, 24 x 7. Everything is priced out in a subscription service with the layers your business needs according to your budget, complexity and comfort levels.

Why does my Ohio business need cybersecurity?

The threat landscape for Columbus based and Ohio based businesses is growing. Most businesses that are hit with a cybersecurity attack go out of business within 6 months. We reduce the threat, the impact and keep your data safe with our layered solutions. Our team of security experts allows your business to take advantage of enterprise level cybersecurity without the budget of a large corporation.

 

Can my business afford managed cybersecurity services? 

You can't afford not to invest in security. Small and medium sized businesses are being attacked more and more every day. Attackers know that these businesses typically do not have the budget to invest in security. Some of the tools and solutions we put in place cost very little and even the smallest business can afford to beef up their security. We tailor the services for what your specific business needs and can invest. But you can't afford to simply not invest in your cybersecurity.