Helping Nonprofits Bolster Cybersecurity while Easing Costs

Ciprus Consulting is a managed service provider (MSP) focused on nonprofit organizations in Southern California. Consisting of 10 employees, Ciprus Consulting aims to provide nonprofit organizations with affordable security, better compliance visibility, and improved client communication.

We sat down with Gregory Smith, Senior Network Engineer at Ciprus Consulting, and Nimer Saikaly, CEO of Ciprus Consulting. Smith is one of two senior team leaders. He oversees the core of the company’s cybersecurity division with a focus on ensuring the network security and stability of Ciprus Consulting’s clients. Holding numerous certifications and a master's degree in cybersecurity management, he manages and secures network infrastructure as well as oversees governance, risk, and compliance (GRC) implementation across clients. Team members underneath him draw upon their various certifications, degrees, and levels of experience to provide helpdesk and support services, implement GRC processes, administer systems, and maintain client relationships. Meanwhile, Saikaly uses his experience in IT management, budget planning, and more to lead Ciprus Consulting and ensure that each IT service is tailored to nonprofit clients' needs and missions.

Smith and Saikaly told us how they use their CIS SecureSuite^® Membership to help Ciprus Consulting's nonprofit clients secure their systems according to trusted baselines while keeping costs low. Let’s examine how this happened.

The Problem: A Lack of Standardized Cybersecurity Hardening Guidelines

Prior to becoming a CIS SecureSuite Member, Ciprus Consulting did not have an easy-to-follow path for implementing secure controls across multiple clients. Apart from that, it found a multitude of options for infrastructure hardening with no common goal or attribute to follow. Ciprus Consulting attempted to review the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, for instance, but its complexity made implementation for smaller teams difficult, long, and unaffordable. The team even tried to use third-party software to assist in implementing NIST CSF 2.0 and other compliance regulations, but it found this solution to be too expensive and hidden behind multiple paywalls.

Cirpus Consulting needed a standardized cybersecurity framework and hardening guidelines to support its nonprofit clients and offer them affordable security.

The Solution: Map Easy Paths to Help Clients Meet Compliance Requirements

Ciprus Consulting first learned about the Center for Internet Security^® (CIS^®) from a third-party security audit. Over the course of this engagement, the MSP learned about device hardening at CIS. It liked the format of the CIS Benchmarks^®, particularly for Microsoft Windows Desktop and Microsoft Windows Server. It found the PDF documents and HTML audits to be useful, but it also wanted to access Excel versions of the CIS Benchmarks, as it uses spreadsheets to make auditing and remediating easy to follow for its clients, thus increasing compliance visibility.

At one point, Ciprus Consulting engaged with a client who was looking to create a more secure environment after having gone through a third-party audit. Ciprus Consulting learned that it could get access to additional tools at CIS, including additional formats of the CIS Benchmarks, by becoming a CIS SecureSuite Member. So it investigated CIS SecureSuite and applied for Membership.

As a Member, Ciprus Consulting downloads CIS Benchmarks XLS spreadsheets and uses CIS-CAT^® Pro Assessor. After each client assessment, it outputs the final HTML report from CIS-CAT Pro Assessor, making it easy to navigate the results and develop clear goals for communicating with clients.

Want to learn about improving clients' cybersecurity posture with CIS SecureSuite? Check out our video to learn more.

 

 

At the time of writing, Ciprus Consulting is moving to CIS SecureSuite Platform. It intends to use this solution to support clients in creating policies around the CIS Critical Security Controls^® (CIS Controls^®), particularly the three Implementation Groups (IGs). Policy creation can be a slow process with clients, especially with a small team. Ciprus Consulting hopes to use CIS SecureSuite Platform to map easy paths to accomplish compliance requirements with a small team for many organizations.

The Impact: Improved Operational Efficiency and Communication with Clients

Saikaly summarized the impact of Ciprus Consulting's CIS SecureSuite Membership as follows:

CIS SecureSuite has been instrumental in allowing Ciprus Consulting to deliver enterprise-grade cybersecurity to not-for-profit organizations without the high costs typically associated with such services. It gives us the tools to efficiently harden systems, meet compliance requirements, and most importantly, protect the missions of the nonprofits we serve.

He went on to clarify what this efficiency looks like. Part of it is that CIS-CAT Pro reduces the time needed to scan a computer. For instance, Ciprus Consulting uses the CIS Microsoft 365 Foundations Benchmark a lot with clients. With CIS Benchmarks XLS spreadsheets and CIS-CAT Pro, the team is able to complete an assessment with a client in about half an hour. It then points to the CIS standards as recommended baselines, making client communication easier.

But this efficiency also covers cost savings. While it did investigate free tools and solutions published by other companies, Ciprus Consulting found CIS SecureSuite benefits to stand out because they're all in one format. This streamlined approach enables Ciprus Consulting to keep the team lean, keep costs low, provide excellent service to clients while keeping them secure and compliant, as well as market CIS and its own services to many clients and cybersecurity prospects.

Now It’s Your Turn!

Through its use of CIS SecureSuite Membership, Ciprus Consulting streamlined its work in hardening systems to trusted cybersecurity baselines and elevated its communication with its nonprofit clients.

Interested in saving time and money hardening your systems?