eRiskHub® is a third-party website dedicated to helping organizations manage their cyber risks. eRiskHub provides a wealth of tools and resources to help members understand their exposure, establish a response plan and minimize the effects of a breach on the organization. MCIT provides its members access to this restricted site as part of their MCIT membership.
Key Features of eRiskHub
- Guides for developing incident response plans
- Sample policies around cyber and data security
- Tabletop exercises to practice incident response plans
- Cyber-security training tools to support employee awareness efforts
- Phishing- and ransomware-specific information and tools
- More!
MCIT recommends that members adjust materials (e.g., plans, policies) to fit their specific needs, as well as to harmonize with the terms and conditions of MCIT coverage (see Cyber Coverage).
Register to Access Site
Individuals must first set up a site log in. Follow these steps to access eRiskHub:
- Click the Register button at eRiskHub.com/MCIT
- Complete the New User Registration form in the center of the page. You must enter the MCIT code to access to complete this form. The access code has been shared with members’ primary contacts. If needed, members may contact MCIT to request the code again.
- Once you have completed registration, you can log in immediately.
eRiskHub is operated and maintained by NetDiligence,® a company of Network Standard Corporation. MCIT is not responsible for the site’s content nor does it endorse any specific product on the site.
Explore eRiskHub Features
MCIT recommends that members spend some time investigating all of the tools, materials, information, videos and more that eRiskHub offers.
To help you get started, check out the sections highlighted below.
This page includes:
- Details about how to notify MCIT of a known or potential cyber/data breach.
- Strategies and steps an organization may need to take in the event of a known or potential breach. This may be particularly helpful for those members that have not yet established an incident response plan or are in the midst of creating or reviewing one.
This is where you can find:
- Cost calculators for cyber incidents
- Guides for developing a cyber incident response plan and tabletop exercises for practicing the plan
- A variety of sample policies, including for business email compromise, mobile computing, physical security, phishing prevention, remote work, social networking and more
- Mobile device management/bring your own device auto wipe waiver
- Ransomware risk management tools, such as a mock breach exercise, online games
- Security awareness tools for employee training
- Risk management related to working with vendors, such as vendor due diligence checklist
Human error is one of the main causes of cyber and data breaches. This section offers information and tools to help train employees about their role in keeping the organization’s systems secure, including how to recognize common threats:
- Short training videos
- Recorded interviews with industry experts
- Real-life breach scenario-based videos
- Limited access to phishing, spear phishing, business email compromise, email spoofing and extortion, and social media training tools
- Handouts
- Links to other free cyber-security resources from Cybsecurity and Infrastructure Security Agency of the Department of Homeland Security, National Cybersecurity Alliance, Small Business Administration, FTC, Global Cyber Alliance and NIST
This area is exclusively focused on the information, tools and resources related to ransomware threats.
- Ransomware self-assessment survey
- Video series of experts offering best practices for different methods to manage the risk of ransomware, including multifactor authentication, virtual private networks (VPN), incident response plans, security culture and training, backups, access control, endpoint detection and response, email hygiene
- Tools to help evaluate a vendor’s cybersecurity before entering into a contract
- More!