COVID-19: Drastic Times Call for Drastic Measures

Our hearts go out to those impacted by COVID-19. This is an unprecedented and very stressful time in our history. However, if I try to stay positive, the silver lining of this situation has been an awesome display of humanity. It seems everywhere I look individuals and companies are doing their part to take care of others, because we are truly in this together. 

I have a senior in high school, class of 2020, who is missing out on many high school events that most of us hold as memories taken for granted years ago. We recently participated in a ‘drive by’ for the high school seniors. The local community was encouraged to drive around the school and honk to support the graduating class. Hundreds of cars, local residents in their driveways, teachers lined up outside the school and local police with flashing lights, all participated in the event. It isn’t what most people experience their senior year of high school but it was very cool and my son will always remember it. The creativity and compassion I have witnessed are incredible and moving.

To do our small part and help those financial institutions impacted by COVID-19, we are allowing free access to our Virtual Chief Information Security Officer (vCISO) software through December 31.

Many banks and credit unions are struggling to keep up with customers and members in need, new loan programs through the CARES Act, and many employees working at home. To make matters worse, cybercriminals have seemed to increase their activity, if that is even possible. By providing an intuitive, easy-to-use software we hope to alleviate some of the cybersecurity burden for financial institution compliance staff. 

The Virtual CISO software we are giving away helps financial institutions in several ways. It allows them to:

• Quickly and easily manage a robust cybersecurity program strategy and road-map
• Intuitively track organization-wide cybersecurity responsibilities of a distributed workforce
• View cybersecurity functions at a glance in calendar view, so everybody is aware of the next step
• Craft effective and business-friendly Board reports, collaboratively online
  
  

To get more into the nuts and bolts, specifically, our software meets the following CAT/ACET requirements. It takes  about 30 minutes per month spent using the software to effectively accomplish these items:

• The institution has an information security strategy that integrates technology, policies, procedures, and training to mitigate risk.
• All elements of the information security program are coordinated enterprise-wide.
• Information security roles and responsibilities have been identified.
• Designated members of management are held accountable by the board or an appropriate board committee for implementing and managing the information security and business continuity programs.
• Management provides a written report on the overall status of the information security and business continuity programs to the board or an appropriate board committee at least annually.
• At least annually, the board or an appropriate board committee reviews and approves the institution’s cybersecurity program.
• The standard board meeting package includes reports and metrics that go beyond events and incidents to address threat intelligence trends and the institution’s security posture.
• The board or an appropriate board committee ensures management takes appropriate actions to address changing cyber risks or significant cybersecurity issues.
• Management has a formal process to continuously improve cybersecurity oversight.
• The institution has a formal cybersecurity program that is based on technology and security industry standards or benchmarks.
• Management assigns accountability for maintaining an inventory of organizational assets.
• Processes are in place to identify additional expertise needed to improve information security defenses.
• Management with appropriate knowledge and experience leads the institution's cybersecurity efforts.

Taking Care of Clients is Part of our Culture

The acts of others we have witnessed and us giving away free software to help take care of others is part of the Rivial culture. We are a growing company, but still a small group of people who work very well together. One of the reasons we work well together is we are all passionate about taking care of and supporting others.

In early 2019, during his interview process, one of our account executives asked about support from technical folks. Initially I was surprised he even had to ask the question because supporting each other is so ingrained into how we operate as a company. 

To care for clients we do what it takes to make our clients look like rock stars. Recently an examiner was looking for a very specific risk assessment format, based on a spreadsheet example he had been given in 2007. The spreadsheet consisted of about 6 or 7 columns and 20 rows of information. To help the examiner we exported our risk assessment raw details (that we normally synthesize into a human readable report) into a spreadsheet that had 21 columns and more than 200 rows. It took us multiple attempts to tweak the spreadsheet but we were determined to make the examiner happy. When we had removed 90 of the the risk assessment details and the spreadsheet mirrored his example exactly, he was happy.

We also join calls with examiners, who want to dig into the minute details, to explain our risk assessment process. We do this regularly and I love it because our clients are always so thankful. They feel very well taken care of when we talk through the details with the examiner and alleviate the stress on our client’s part.

The spirit of taking care of clients is why we created software in the first place. One of the ways we try to take care of clients is constantly thinking of ways to make our clients’ lives easier and add more value to their organizations. Innovation for the sake of our clients. The combination of intuitive vCISO software and expert security consultants is precisely how we do that.

A Path for the Future

Going beyond its functionality, our software also helps us help more people by putting us on the list for other services. The services we offer integrate into our Virtual CISO software for a full Virtual CISO experience.

Rivial Services:

• IT Audit / Continuous Compliance
• CAT / ACET Assessment
• Risk Assessment / Real-Time Risk
• Vulnerability Assessment
• Network Penetration Testing

I believe we provide the best client experience of any cybersecurity firm out there. I love hearing from clients and examiners that our reports are high quality and our consulting is top notch. But nothing makes me happier than when I hear how we’ve helped somebody. Like walking an examiner through the risk assessment process and taking the pressure off our client. In that situation everybody wins and that is always my goal.

We want to provide something of value to our existing clients and other financial institutions, that will make your lives easier during this trying time. You’ll get to see how helpful the Rivial team is, the quality of our work in the form of user-friendly and powerful software. 

The first step to getting access to our vCISO software is scheduling a demo. You will be assigned an account executive to show you the software and discuss next steps if you’re interested.