FAQ

Cyber Risk Assessment with Black Bottle IT is a thorough evaluation of your entire IT environment — networks, systems, applications, devices, and user behaviors. We identify vulnerabilities, assess potential threats, and deliver a prioritized action plan with continuous monitoring recommendations. Depending on the size and complexity of your organization, the initial assessment typically takes one to two weeks.

Managed IT covers the day-to-day operations of your technology infrastructure — keeping systems running, managing updates, and supporting your team. Cybersecurity services focus specifically on protecting your organization from threats, breaches, and data loss. Black Bottle IT offers both, and when integrated, they provide a seamless, defense-in-depth approach that keeps your business both operational and secure.

Absolutely — in fact, small and mid-sized businesses are among the most at-risk organizations because attackers know they often have fewer defenses. Black Bottle IT works with businesses of all sizes, tailoring our solutions to fit your budget and risk profile. You don’t need an enterprise budget to get enterprise-grade protection.

We serve a broad range of industries, including healthcare (physician and dental practices), manufacturing, professional services, defense contractors, financial services, and nonprofits. Each sector faces unique compliance requirements and threat landscapes, and our team has the expertise to address them. If you’re unsure whether we’re a fit for your industry, reach out — we’re happy to talk through your specific needs.

Your cybersecurity is only as strong as your weakest vendor. Vendor monitoring means we continuously assess the security posture of the third-party companies that have access to your data or systems. A breach at a vendor can become your breach — vendor monitoring closes that gap.

The first step is a complimentary security consultation. One of our experts will sit down with you to understand your current environment, your biggest concerns, and your compliance requirements. From there, we typically recommend starting with a Cyber Risk Assessment so we have a clear picture of where you stand before recommending solutions.

You receive a detailed report that outlines the vulnerabilities we found, the level of risk they present, and a prioritized roadmap for addressing them. We don’t just hand you a report and walk away — we partner with you to implement the recommendations, monitor progress, and adjust your security posture as threats evolve.

Our standard business hours are Monday through Friday, 8:30 a.m. to 5 p.m. However, we maintain a 24/7 Breach Hotline (800-214-0957 x700) so that if you suspect a breach at any hour, you can immediately reach a cybersecurity analyst who will help quarantine and mitigate the threat.

Our training is designed to be practical and non-disruptive. We use 10-minute modules covering topics like phishing recognition, ransomware awareness, and safe data handling practices. We can also run simulated phishing campaigns to test how your team responds in real-world scenarios. Training is one of the highest-ROI investments a business can make — most breaches involve human error.

Yes. Call our Breach Hotline immediately at 800-214-0957 x700. Our team will work quickly to contain the damage, identify how the breach occurred, and remediate the vulnerability. After the incident is resolved, we’ll also help strengthen your defenses to reduce the likelihood of a repeat event.

We help organizations achieve and maintain compliance with CMMC (Cybersecurity Maturity Model Certification), SOC 2, PCI (Payment Card Industry), and the NIST Cybersecurity Framework. Each of these serves a different purpose — CMMC is critical for DoD contractors, SOC 2 for service organizations handling customer data, and PCI for any business processing credit card payments.