Services
Most small businesses don't need a massive cybersecurity program. They need someone to look at the basics, find the real problems, and explain what to fix in plain English.
Core Service
$1497 for 11–15 employees · No hidden fees · No upsells · No surprise invoices
A focused, non-invasive review of your security posture — delivered as a plain-English report with a prioritized action plan. Everything below is included.
01
We check what's publicly visible about your business online: exposed services, forgotten subdomains, open ports, misconfigured systems, and your basic internet footprint. You may be surprised what's findable.
02
We review your DNS and email configuration: SPF, DKIM, DMARC, MX records, domain expiration, and basic spoofing and phishing risk indicators. Email is the entry point for the majority of SMB breaches.
FBI 2024: 193,407 phishing/spoofing complaints — over $70M in losses
03
We check your website's security posture: SSL/TLS health, security headers, platform and plugin age where detectable, and obvious best-practice gaps. Your website is a public-facing front door — we check whether it's locked.
04
We review your practices around MFA, admin account separation, shared account risks, password policy, and employee access management. Most breaches don't involve sophisticated attacks — they involve stolen or weak credentials.
Verizon DBIR 2024: stolen credentials and phishing are the top SMB attack paths
05
We work through your current device practices: what devices access business data, whether antivirus or endpoint protection is in place, patching habits, and whether personal devices are creating unmanaged risk.
06
We review whether backups exist, whether they're actually tested, who owns them, and whether you could realistically recover from ransomware, accidental deletion, or a lost device.
A tested incident response plan reduces breach cost by $232,007 on average (IBM 2025)
07
Everything we find is written up in a clear, readable summary. No jargon. No 40-page enterprise report. Just: here's what we found, here's what matters, here's what to fix first, and here's what can wait.
08
A 30–45 minute call to walk through the report together, answer questions, and help you turn findings into a concrete action plan. Included with the Snapshot at no extra charge.
Who This Is Best For
If your clients trust you with private information, you have an obligation to protect it. We make that practical.
The FTC Safeguards Rule and IRS Publication 4557 legally require a written information security program. This review helps you understand where you stand before enforcement finds you.
Federal Compliance RequiredConfidential session records require real protection and clear access controls. Your clients' most private disclosures deserve more than a shared Google Drive folder.
Privileged client information is a high-value target. Many small firms have real exposure they're unaware of — and attorney-client privilege doesn't protect a hacked email account.
Subject to the FTC Safeguards Rule. Client account access creates significant risk if credentials are compromised — and your clients are high-value targets.
Federal Compliance RequiredHIPAA basics start with knowing what you have and where it's exposed. A Security Snapshot gives you a clear starting point without a full compliance engagement.
Any business with 1–15 employees that handles private client data without in-house IT or security staff. If your clients trust you with sensitive information, this review is for you.
Transparency
We believe in honest scope. The Security Snapshot is a practical checkup — not every type of security service.
Not a penetration test
We don't attempt to actively exploit your systems. That's a different (and much more expensive) service.
Not a compliance certification
We don't certify SOC 2, HIPAA, PCI-DSS, or similar. We help you understand where you stand.
Not managed security services
We don't monitor your systems on an ongoing basis. This is a point-in-time review.
Not a guarantee
No security review can guarantee the prevention of future incidents. We give you the clearest picture possible.
On the Horizon
Services we're building for clients who want to go further after the Snapshot.
Coming Soon
Focused assessment aligned to FTC Safeguards Rule, IRS Publication 4557 (WISP), or HIPAA basics.
Coming Soon
Controlled test of whether your team would recognize and report a phishing attempt.
Coming Soon
Short, practical training for small teams that actually sticks.
Coming Soon
Lightweight follow-up to track progress and catch new issues before they become problems.
Coming Soon
Usable WISP and policy documents built for small businesses — not copied from enterprise boilerplate.