FAQ
Partnership & Integration
I have an IT team in place—cyber support is expensive.
Improving security is in no way a critique of your team; Hackify partners with your team to fill in the specialized cybersecurity gaps that traditional IT rarely has the time or resources to cover. This is not just a task—it’s a specialty area that requires complete focus. One breach can cost far more than investing in robust protection.
It feels odd to have a separate vendor for cyber support when it overlaps with network management already happening.
These two areas are both separate and intertwined. Cybersecurity depends on a well- maintained network infrastructure. Isolating the two invites confusion about who is responsible for what—especially during a crisis. Hackify’s experience with network management will simply improve the overall picture and ensure a unified approach, minimizing risk and friction.
Security Practices & Importance
Is cybersecurity awareness training important for all users?
Yes. Most breaches exploit human error. By educating every employee, you turn each person into a firewall, drastically cutting your risk exposure.
Should I allow non-managed devices on my corporate network?
No. Each unmanaged device is a potential Trojan horse. Hackify enforces strict policies, ensuring no unknown or insecure device gains access.
When using Zoom, should I blur my background?
Yes. Visual cues in your office can be used by attackers, so we always advocate the ‘zero trust’ approach. Share as little information as possible, even visually.
Why do all computers need virus protection?
This is your first layer of defense. One breach is often far costlier than the price of virus protection. Hackify provides and monitors leading-edge antivirus solutions, so you never miss critical updates. A single centralized platform on your network is great, but any machine that ever disconnects and operates on its own can be at risk.
What is 'zero trust,' and why is it important?
Zero trust is a security framework based on the principle of "never trust, always verify." It assumes that no user or device, whether inside or outside the network, is inherently trustworthy. Zero trust requires verification for every access attempt, significantly reducing the risk of unauthorized access and lateral movement within your network. It's crucial in today's increasingly complex and distributed IT environments.
Reporting & Compliance
What type of reporting do you provide for cybersecurity?
We deliver three levels of reporting:
- Technical: Detailed breakdowns for your in-house IT team.
- Executive: High-level summaries for management decisions.
- Attestation Letter: Ready for insurers, proving your robust security posture.
How does Hackify help us meet regulatory compliance requirements (e.g., HIPAA, GDPR, PCI DSS)?
Hackify helps you achieve and maintain compliance by implementing industry best practices and security controls tailored to your specific regulatory obligations. We provide detailed documentation, reporting, and support to demonstrate your compliance posture to auditors and regulators. We work with you to identify gaps and develop a roadmap to address them.
Incident Response
What happens if a security incident occurs?
Hackify has a dedicated incident response team available 24/7. We'll immediately begin investigating the incident, contain the damage, and work to restore your systems as quickly as possible. We'll keep you informed throughout the process and provide a detailed post- incident report.
To put it very bluntly, the downtime your organization experiences can be a lot more expensive. Whether the result of out-of-date hardware and software, incorrect configurations, or malicious parties looking to do you harm, putting out fires is rarely as efficient as preventing them. Unless you are blessed with generous, open-ended budgets, your team probably focuses most of its time on day-to-day, tactical tasks rather than the big picture, long-term planning, or tracking the never-ending developments of the IT ecosystem. It’s simply too much to do – or more specifically, to do right. Our team is here to allow you to continue on the tactical aspects of running a network environment, working with users and the specific task-oriented challenges they bring. We ensure your infrastructure is solid and protected, to let you get that job done.
Actually, not so much. Your cybersecurity depends on the integrity of your network: communications, user access tools, permissions, backups in the case of a successful attack, security updates, and patches. The two challenges are intertwined – for general network support, you want to avoid surprises; for cybersecurity, you want to minimize risk. With two vendors, you’ll need to manage a lot of interaction between them, sometimes involving friction and debate over responsibility – both during routine work and during a crisis. Our team has both aspects covered – either in a single individual or coordinated independently and seamlessly within our team.
We provide:
- Technical (to discuss with Technical team)
- Executive (To discuss with business leadership)
- Attestation letter (For insurance companies)
We’ll answer that with a question: If you owned a bank, would you let all of the tellers work from the same till? Would you let your CFO use the same office as the customer support team? The separation of duties and a permission-based structure are crucial for any network, just as they are in the rest of your business.
Proper segmentation (VLANs) structure assists with maintaining proper security between the different security groups (examples: corporate network vs. guest network, or defining limits, e.g., the sales department doesn’t need access to the accounting network…)
Awareness is considered the primary and essential first step in “personal firewall” strategies. The more each user knows, the better your organization will be equipped to recognize potential security issues. Many, if not most, breaches have their roots in the “human factor.”
The most expensive defensive technology can’t protect you from an employee clicking on the wrong email. The “human firewall” is indeed necessary for a cybersecurity program. We cover this area of training, in addition to the technical tools.
Absolutely not; it’s like allowing random people walk through your house without watching them. Even if you technically know who they are, you don’t know what security risks they bring with them, usually unknowingly.
This is a personal preference when the question is about someone seeing your “messy office.” But from a cyber security perspective, it’s best not to show off what your physical facility looks like. Even if you trust the person on the other side, doors, windows, security systems, etc., can all be leveraged by a third party who manages to hijack and reviews recordings of the session. Always maintain a mindset of sharing “least amount of information,” or, as we refer to it in the industry, start from a position of “zero trust.”
Both from security and reliability perspectives, managing devices individually is never best practice. From an administrative level, you want all machines to be uniform and standardized when it comes to updates and patches. Tackling each machine individually causes confusion, wasted time, and mistakes.
Virus protection is one of the first levels of management for devices. It’s easy, it’s inexpensive, and the companies providing the software are doing the heavy lifting for you. One serious breach can easily cost more than the fees you tried to avoid.
This is a fascinating question with a multi-faceted answer. As a business owner or manager, measuring productivity is important. But more important than this is measuring risk that can unravel all that productivity.
But that’s not necessarily a resounding “yes” to the question; this is a business decision, depending on your scenario -– both business workflows and your relationship with employees who you do or do not trust to have complete freedom/access during business hours and from business devices. In a data entry business, for instance, viewing YouTube videos is, almost by definition, outside the parameters of the basic job. You can be flexible, or strict. If an employee Googles “explosives,” does that increase your liability? It’s hard to know. DNS filtering, though, is definitely a good way to keep out certain types of traffic that can grossly affect (meaning, slow down) your network and machines.