2.4 / security & compliance

Security as a discipline, not a product we resell

We won't sell you a fear-based bundle with a silver logo. Security at NetFX is a set of working controls applied to everything we manage — written down here, so you can hold us to them.

2.4.a / controls

The checklist, published

keeping intruders out

  • Security updates installed on a published schedule — critical fixes immediately
  • Multi-factor authentication on email and every administrative login
  • Nothing administrative left exposed to the open internet
  • Business-grade firewalls and email filtering that quarantines phishing before it lands

limiting the damage

  • Each person gets access to what their job needs — no shared logins, no forever-admins
  • Departed employees lose access the same day, every time, documented
  • Quarterly access reviews: who can touch what, and does the reason still hold
  • Backups kept where ransomware can't reach them, restore-tested on schedule

your people

  • Security awareness training that respects everyone's time
  • Simulated phishing tests with coaching, not shaming
  • A clear "something looks wrong" channel that reaches a real engineer fast

proof on paper

  • Every control above is documented, with records to show for it
  • Patch history, access reviews, and backup reports filed where you can read them
  • A written incident-response plan with names and phone numbers in it

2.4.b / compliance

HIPAA, student data, and the insurance questionnaire

Our clients carry real obligations: medical and dental practices answer to HIPAA, schools to student-data-privacy and internet-safety rules, and everyone to a cyber-insurance questionnaire that gets longer every renewal. Because our controls are documented and our records are kept, those stop being fire drills — we provide the evidence (patch records, access reviews, backup and restore reports), help complete the paperwork, and sit in on the audit call if you want us there. We sign business associate agreements, and we'll tell you plainly when something needs a specialist instead of pretending we are one.

2.4.c / honesty

What we will not sell you

No security bundles marked up 40%. No "dark web monitoring" theater. No fear-based upsells after every headline breach. When a product genuinely fits — endpoint protection, a password manager for your team — we recommend it at cost and say why. The monthly fee pays for the discipline, not for reselling.

next step

Find out what an attacker would find.

In the review call we check the basics that actually get organizations hurt: exposed services, stale accounts, missing MFA, and backups nobody has ever restored. Twenty minutes, plain answers.

Book a 20-minute IT review

or direct: [email protected]