Cybersecurity Services that Focus on Family Offices

Our service line was specifically developed to increase cybersecurity maturity and resilience among family offices and small and midsize businesses:

• Cybersecurity Auditing
• Comprehensive Cybersecurity Program Development
• Virtual Chief Information Security Officer Service
• Executive Cybersecurity Communiqué

Cybersecurity Auditing

We perform threat assessments focusing on an organization’s assets and technology infrastructure covering the following areas:

• Inventory and Control of Enterprise Assets
• Inventory and Control of Software Assets
• Data Protection
• Secure Configuration of Enterprise Assets and Software
• Account Management
• Access Control Management
• Continuous Vulnerability Management
• Audit Log Management
• Email and Web Browser Protections
• Malware Defenses
• Data Recovery
• Network Infrastructure Management
• Network Monitoring and Defense
• Service Provider Management
• Applications Software Security
• Incident Response Management
• Penetration Testing

The output of the assessment is an evaluation of risks across the enterprise. For those risks that we determine to be unacceptable, recommended safeguards will be provided.

Comprehensive Cybersecurity Program Development

A Comprehensive Cybersecurity Program serves as a work plan and roadmap that lays out in clear, actionable language: initiatives, new processes, changes to existing processes, suggested vendors, new technologies, suggested written policies, recommended insurance policies, and education programs that when properly implemented will help ensure the continuity of the organization amid cyber risk.

• Governance
  We will evaluate the current governance structure from a cybersecurity perspective and make suggestions to ensure that the Cybersecurity Program has the proper levels of oversight and visibility within the organization.
  
• Education & Awareness
  We will evaluate current education and awareness practices and make suggestions for improvements. If no education program exists, we will make suggestions on vendors, training frequency and types of training sessions that should be conducted for the organization.
  
• Insurance
  We will evaluate any existing cybersecurity insurance policies and suggest providers and policies if none exist.
  
• Partners
  We will suggest partners to fulfill areas of the Cybersecurity Program as necessary.
  
• Policies, Procedures & Processes
  We will review existing policies, procedures and processes that have an impact on the organization’s cybersecurity posture. We will also suggest amendments and additions as necessary.

Virtual Chief Information Security Officer

Once we've laid out a Comprehensive Cybersecurity Program for your enterprise, we're happy to help you plan and implement the various pieces of it. We provide the following suite of services for a simple monthly fee to bring your plan to life:

• Implementation Management
  We've identified what needs to be done to enhance your cybersecurity posture, now let us oversee the implementation of our recommendations.
• 1:1 Advisory & Coaching
  These advisory conversations will be tailored to the individual's understanding of the concepts, depending on where they currently stand on the cyber maturity and hygiene continuum. If needed, coaching will be provided to IT staff.
• Vendor Selection & Management
  We will help you select vendors for penetration testing, incident response, cybersecurity insurance, identity protection, etc. Know that we're on your side of the table and will help you find the right partners to implement the different elements of your Cybersecurity Program.
• Custom Education
  Larger group presentations and/or custom video modules on specific topics may be developed with the goal of increasing cyber maturity. These presentations or modules will be tailored to the group’s understanding of cyber maturity and hygiene concepts.

Executive Cybersecurity Communiqué

The Executive Cybersecurity Communiqué is a free quarterly email communication that provides distilled, relevant talking points and educational snippets for your business team and actionable mitigation steps for your technology team.

Ongoing, timely information is one of the most important keys to maintaining cybersecurity resilience, yet it is often one of the most easily-overlooked pieces of a comprehensive cybersecurity plan.

Learn More >>

Qualifications

CEO Tony Gebely’s interest in cybersecurity began when he took a university course on cryptography in 2003. Since then, he has had a focused career in the information technology field.

Tony currently holds the position of Chief Technology Officer for Family Office Exchange, a 30+ year-old membership organization for ultra-high-net-worth families and their advisors.

During his tenure at Family Office Exchange, he:

• Served as a subject matter expert on cybersecurity for the firm's 500 members.
• Routinely advised families on cybersecurity best practices.
• Published multiple papers on cybersecurity that were made available to members.
• Ran the firm's first Global Family Security Workshop.
• Launched the organization's Technology Operations and Data Security Network which is made up of over 325 family office executives responsible for technology and cybersecurity.
• Ran the annual meetings for the Technology Operations and Data Security Network in Chicago.

Get Started

If you would like to work with us or have any questions, please contact us at help@annapurnasecurity.com or via phone at 828-385-5999.