SMB and Non-profit 501c organizations have unique organizational objectives, challenges, and cultures. Yet they share the same increasing critical cybersecurity risks as all commercial entities. Cybersecurity assessment costs are soaring and can range between $30K-$50K from corporate-focused security firms. They also only provide a single point in time view of an organizations risks and no ongoing project support for implementing security controls that address the gaps.

proCISO provides cost-effective, expert cybersecurity leadership to the small and medium-sized business market with a solution tuned to the fast-paced and unique challenges of an SMB.

501CISO provides the same cybersecurity leadership to the nonprofit organization and association, understanding their unique mission-based focus, and provides them with a full range of security leadership and ongoing monthly project support to improve their security position.

proCISO & 501CISO are subscription services providing your organization:

Get your free consultation or signup for the 501CISO Cybersecurity Newsletter now!

Understanding Your Organizational Risk

Small and medium sized organizations (SMBs), including nonprofits and associations, are vital since they make up more than 90% of professional organizations. After the pandemic, SMBs are facing increasing cyber threats as they are more connected today—with remote staff, members, customers and vendors. Easy availability of low-cost cyber weapons has led to a surge in phishing attempts, malware, and ransomware attacks on inadequately secured networks.

Over 50% of the SMBs surveyed – companies with 100-1,000 employees – reported some type of data breach or cyber-attack over the past year.  In most attacks, the adversary’s goal was not extortion or data encryption, but company data, personal data, intellectual property, and other sensitive information.  Managing the damage from these kinds of attacks is almost impossible. It leads to reputational loss as well as potential penalties from regulators and lawsuits. All this is used as an additional incentive for blackmail.

The Solution for Associations/Nonprofits:

Nonprofit and association organizations need Expert Cybersecurity Leadership to clearly communicate the organization’s current risk position, outline a roadmap for improvements, prioritize the most impactful tasks, and ensure the proper attention is being consistently applied to these critical risks. 

The Solution for Small and Medium Sized Businesses:

proCISO provides a cost-effective solution to inform leadership, provide risk transparency, and effectively direct IT staff and vendors to continually improve cybersecurity defenses to the appropriate levels given the organizations risk profile and budgetary constraints.

Plan Features

Fractional CISO
Cybersecurity expertise to assess current status and create actionable security roadmaps
Cloud Configuration Review
Complete review of security configuration against best practices for Microsoft 365 and Google Workspace
Hardware/Software Security Management Plan
Development of security-centric best practices for deploying, managing, and decomissioning end user devices
Phishing Testing and Training Best Practices
Review and best practice recommendations on phishing testing and training of staff
Security Policies
Comprehensive set of needed cybersecurity policy templates
Incident Response Plan
Development of cybersecurity incident response plan to guide your team
Cyber Insurance Procurement Support
Support in preparation for and responding to cyber insurance questionaires
Cyber Training Evaluation and Recommendation
Review of current training program and recommendations for improvements
Staff Annual Cybersecurity Training Program
A comprehensive, real-time 1 hour training program to help elevate staff knowledge of cyber risks and responsibilities
Cybersecurity Maturity Assessment
Complete assessment based off the Center for Internet Security (CIS) Controls v8
Continual Assessment Updates
Continual trending of your up-to-date cyber risk position so you’ll never have to pay for an entire assessment again
IT Team Remediation Plans
Detailed description of remediation plans for all outstanding tasks
Quarterly Executive Status Reports
Quarterly executive reports indicating current status, improvements over time, upcoming priorities
Security Roadmap
3-, 6-, and 12-month roadmap for security improvements
Task Prioritization
Continually evolving list of top priorities for your IT team or vendors
IT Team and THIRD-PARTY Vendor Management
Project management oversight of security projects to maintain focus and accountability
GDPR/CCPA Guidance and Support
Consultation on maintaining compliance with GDPR, CCPA, and other privacy laws
Discounted rate for additional security services
30% discount for additional project hours
External Vulnerability Scans
Vulnerability scans of externally visible IP addresses
Internal Vulnerability Scans
Vulnerability scans of internal end points
Firewall Ruleset Review
Assessment of effectivity of existing firewall ruleset (priced by project)

Plan Benefits

Annual Cybersecurity Training

Help your employees:

50% off new customers

$ 0

Standard Training

60-minute of engaging content

$ 0

PCI Organization Training

90-minute of engaging content including PCI-specific topics

Satisfied Customers and Partners

Get Started Now

Get a complete understanding of your current cybersecurity risk, clarity on your priorities and roadmap to your secure future.

Who provides proCISO and 501CISO…

proCISO and 501CISO are services by ClearTone Consulting. Brian Scott, founder and president of ClearTone Consulting, has a 35-year technology career with the last 20 years in the CIO/CISO role. He has 22 years of experience in working with SMB’s, associations and nonprofit organizations. He has led large technology teams (up to 85 staff) within organizations including significant focus on cybersecurity, having overseen compliance with HIPAA, PCI, SSAE-18 SOC 2, and NIST control frameworks.