Beck Consulting Cyber Security FAQ.

As a customer of Beck Consulting, you are placing a great deal of trust in us to keep your sensitive business data safe, and this is not a responsibility we take lightly. We believe you can and should demand that we take every possible precaution when it comes to keeping you protected. Below are the frequently asked security questions we’ve received from our customers and prospects. Please review this FAQ to get a better understanding of what we’re doing to protect your data. If after reading this you have additional questions or require clarification, do not hesitate to contact us; we want to make sure that you have total peace of mind that your sensitive business data is in secure hands.

What data of mine could be exposed? Where is this data stored?

Beck Consulting maintains copies of all our customers’ databases. This is necessary in order for Beck to develop and test enhancements, as well as troubleshoot issues that are reported by you. Databases are made from direct backups of your live environment, and contain potentially sensitive data such as the General Ledger, Customers, Vendors, Items, and Formulas. As part of the restoration process, Beck Consulting cleanses any stored credit card information from these databases, as this information is not needed for testing/troubleshooting.

Our client database copies are stored on our SQL servers, which are managed by GroupOne IT. The physical location of these servers is the Edge Data Center in Sacramento, California. Offsite database backups are also stored at the CoreSite location in Reston, Virginia. Both the Sacramento and Reston locations are tier 3 data centers, and have been designed to meet SOC 2 Type 2 standards.

Beck Consulting uses HubSpot for the storing of all CRM data.

How are intrusions detected and prevented? What sort of firewall does Beck Consulting employee?

Beck Consulting utilizes the WatchGuard Total Security Suite as its network firewall. The Total Security Suite is an enterprise-level Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).

What antivirus protocols are employed by Beck Consulting? What antivirus software is used, and how it is updated?

GroupOne uses Solarwinds N-Central Security Manager for antivirus protection. This software is installed on all Beck Consulting servers. Virus update engines and data files are monitored by appropriate administrative staff members that are responsible for keeping all virus patterns up to date.

Virus definition updates are automatically received and applied directly from Solarwinds as they become available. In addition, updates to the Solarwinds N-Central Security Manager itself are automatically sent to Beck’s servers as they become available.

A record of virus patterns for all Beck servers is maintained by a dedicated administrative staff which is responsible for providing reports for auditing and emergency situations as requested by a Privacy Officer or other appropriate personnel.

What is Beck Consulting’s breach policy?

If any Beck Consulting or GroupOne individual suspects that a theft, breach, or exposure of protected data has transpired, they must immediately alert the appropriate Beck and GroupOne personnel. An investigation is immediately launched to confirm if a breach did occur.

If it is determined that a breach did occur, an incident response team will handle the exposure. If necessary, the incident response team will work with forensic investigators and experts to determine how and when the breach occurred, the types of data involved, and the number of internal/external individuals and/or organizations impacted. In addition, a comprehensive analysis will be performed to identify the root cause of the breach.

Once the investigation team identifies the individuals/organizations that have been impacted, Beck Consulting will immediately contact those parties to inform them of the breach. This initial communication will contain the findings of the investigation team. As additional investigation and research is performed, updates will be communicated to affected individuals/organizations in a timely manner.