Skip to content

The Blueprint

Overview

vFoundry has created a Cybersecurity Blueprint for small and medium sized businesses designed to be agile, effective and affordable. We use a Recovery First philosophy paired with Harm Reduction strategies to continuously improve your Cybersecurity posture over time.

Recovery First is a philosophy that if anything disastrous should happen, you can recover critical, revenue generating operations in a known timeframe. Recovery First is the safety net.

Harm Reduction is the strategy we use to focus on the biggest risks to your business rather than all possible risks. You can’t do it all so we let Recovery First handle everything else that might go wrong. Harm Reduction is the implementation of risk-based, proactive plans, processes and tools that are tuned to your unique operations. You can improve your security without putting a drag on your business operations.

The vFoundry Blueprint uses these two strategies to ensure that you are as safe as you can be with the resources you have. It is right sized for your business and meets you where you are at in this moment in time. We evolve with your business as it grows and changes.

We start small and improve your posture every month while maintaining the gains you made the month before. This continuous improvement model keeps costs low and predictable with the knowledge that you’re on the right path.

No giant projects, out of control costs, or one-and-done solutions. We are with you every day to make sure that program runs smoothly. We integrate with your business as if we were your in-house Cybersecurity department.

We are not an IT support service. We work with your existing IT provider to implement Cybersecurity solutions and best practices. We compliment your IT team but do not replace them.


Recovery First

Recovery First is you last line of defense against business interruptions from various incidents, include a Cybersecurity compromise. We create and maintain 5 critical recovery functions so that you have foreknowledge of how you will operate in a crisis. Your business is always changing and so must your recovery processes. Keeping these up to date is an ongoing challenge that vFoundry does with you.

Included in your vFoundry Recovery First service offering are the following:

  • Business Continuity Planning
  • Disaster Recovery Testing
  • Incident Response Training
  • Cloud Recovery Software and Services
  • Email Archiving and Retention

Business Continuity

A Business Continuity Plan (BCP) is a guide for your organization on how to operate while recovery processes are underway. Recovery can take hours, days or even weeks. Your Business Continuity Plan reduces the financial damage during the crisis by keeping specific revenue generating operations going. Do you know how long it will take to recover services in the event of an incident (Cybersecurity or otherwise)?

Disaster Recovery

Disaster recovery is more than just having backups and restoring them. Many backups are stored in Cloud services that can take days to recover. Are the most important services recovered first? Do your IT and employee’s know what order services should be restored? Have you tested your recovery process to see if the true restoration time is acceptable? Are you keeping up with the new processes and technology you’ve introduced in the last quarter to be sure they’re included in your plan?

We work with you and your IT team to design, implement and test your recovery strategy. We keep your plan up to date as technology and your business change.

Incident Response Planning

The faster you and your employees can identify that something bad is happening, the less damage the attacker can do. Incident Response Planning is an important part of containing and limiting damage. Do your employees know what to do when they notice something suspicious? Are they trained to say something and are they rewarded for doing the right thing?

Cloud Recovery

Can your Cloud Provider recover a deleted document from 45 days ago? Did you overwrite an important document and now cannot retrieve a backup copy? Google Workspace and Microsoft Office 365 do not provide those services. They promise service availability but that doesn’t help when files are deleted or overwritten.

Email Archive and Recovery

Email services are a critical repository of information about your business, client interactions, and operations. When an employee leaves, do you have to keep paying for their account because you don’t want to lose their email? Do you have a regulatory requirement to maintain email records for a period?

Harm Reduction

Cybersecurity harm reduction means taking practical steps to lower the chances and impact of cyberattacks on your business, rather than trying to eliminate all risk-which is rarely possible. The goal is to make your business a less attractive and more resilient target for cybercriminals, while also preparing to respond and recover quickly if something does go wrong.

Security Awareness Training

Security awareness training is crucial for a small business because it empowers employees to recognize and prevent cyber threats, reducing the risk of costly data breaches and protecting the company's reputation.

Employee and Contractor Access Review

Regularly reviewing who has access to your systems helps prevent unauthorized entry and protects sensitive business data. Regular reviews are time consuming, and our automated system ingests reports and begins the removal workflow for you with checks and balances along the way. In addition to the security benefits, clients save thousands of dollars every year by not paying for accounts and services that are no longer in use.

Third Party Risk Management

We assess and monitor your key vendors to prevent them from introducing hidden risks to your business. Additionally, we evaluate new vendors to ensure they meet minimum security standards that will safe-guard the data you share with them. We track your business and customer data that you’ve shared with these 3rd parties and initiate data removal processes when contracts terminate, or regulatory obligations are triggered.

Mailbox Archiving and Protection

Securely archiving and protecting your emails ensures important communications are safe from loss or cyber threats. Your email provider will not restore messages that have been deleted for more than 30 days, don’t use advanced Phishing protection tools or provide managed retention policies to meet compliance requirements.

Password Sharing and Management

Stop storing and sharing company passwords insecurely. You can’t rely on just a browser’s password storage for your business. A password manager simplifies secure login management and prevents risky password sharing among staff. It prevents access from being lost when an employee leaves the company and can alert you when one of your companys passwords has leaked onto the dark web. We provide 1Password for every employee that’s centrally managed by the business. In addition, your employees are entitled to a free 1Password Family plan for their own personal use.

Vulnerability Management

We identify security vulnerabilities in your computers and browsers and report them to you or your IT team before attackers can exploit them. You’ll never stay unpatched for very long and have assurance that your employees are updating their systems regularly.

Privacy Program Management

Our privacy solutions help you safeguard customer and employee information, building trust and credibility. We catalog where your data resides, who it’s shared with and what to do when a CCPA/GDPR request is received. Online forms for access requests and deletions flow to the the appropriate people and vendors to fulfil the request.

On/Off Boarding of Personnel

We streamline access setup and removal, reducing the risk of lingering accounts or accidental data exposure.

Email Delivery and Reputation Management

We ensure your emails reach customers’ inboxes and protect your domain from being misused for spam or phishing.

Risk Assessments and Risk Register

We help you identify, document, and prioritize your biggest cybersecurity risks so you can address them proactively.

Firewall Review

Regular firewall checks keep your network defenses strong and up-to-date against evolving threats.

Beyond Anti-virus – Anomaly Detection and Response

Our advanced endpoint detection goes further than traditional antivirus, catching threats before they cause harm.

PCI Compliance

We guide you through securing payment systems to protect cardholder data and maintain customer trust.

Cyber Insurance Support

We help you understand and meet the security requirements needed to qualify for and maintain cyber insurance.

Secure Software Development Practices

Our experts ensure your business applications are built with security in mind, reducing vulnerabilities from the start.

Penetration Testing

Simulated attacks reveal hidden weaknesses so you can fix them before real attackers find them.

Compliance Support

We provide hands-on support to help you meet industry standards and demonstrate your commitment to security.