SMB and Non-profit 501c organizations have unique organizational objectives, challenges, and cultures. Yet they share the same increasing critical cybersecurity risks as all commercial entities. Cybersecurity assessment costs are soaring and can range between $30K-$50K from corporate-focused security firms. They also only provide a single point in time view of an organizations risks and no ongoing project support for implementing security controls that address the gaps.
proCISO provides cost-effective, expert cybersecurity leadership to the small and medium-sized business market with a solution tuned to the fast-paced and unique challenges of an SMB.
501CISO provides the same cybersecurity leadership to the nonprofit organization and association, understanding their unique mission-based focus, and provides them with a full range of security leadership and ongoing monthly project support to improve their security position.
proCISO & 501CISO are subscription services providing your organization:
- Fractional Chief Information Security Officer Services (CISO)
- A full baseline cybersecurity risk assessment
- Monthly internal/external vulnerability scans
- Continually updated roadmap to direct IT staff
- Security task prioritization
- Internal IT staff and third-party vendor management
- Security Policies and Procedures
- Phishing Testing and Training Best Practices
- Executive-level communication of your risk position and strategy
- Discounted security project consultation
Get your free consultation or signup for the 501CISO Cybersecurity Newsletter now!
Understanding Your Organizational Risk
Small and medium sized organizations (SMBs), including nonprofits and associations, are vital since they make up more than 90% of professional organizations. After the pandemic, SMBs are facing increasing cyber threats as they are more connected today—with remote staff, members, customers and vendors. Easy availability of low-cost cyber weapons has led to a surge in phishing attempts, malware, and ransomware attacks on inadequately secured networks.
Over 50% of the SMBs surveyed – companies with 100-1,000 employees – reported some type of data breach or cyber-attack over the past year. In most attacks, the adversary’s goal was not extortion or data encryption, but company data, personal data, intellectual property, and other sensitive information. Managing the damage from these kinds of attacks is almost impossible. It leads to reputational loss as well as potential penalties from regulators and lawsuits. All this is used as an additional incentive for blackmail.
The Solution for Associations/Nonprofits:
Nonprofit and association organizations need Expert Cybersecurity Leadership to clearly communicate the organization’s current risk position, outline a roadmap for improvements, prioritize the most impactful tasks, and ensure the proper attention is being consistently applied to these critical risks.
The Solution for Small and Medium Sized Businesses:
proCISO provides a cost-effective solution to inform leadership, provide risk transparency, and effectively direct IT staff and vendors to continually improve cybersecurity defenses to the appropriate levels given the organizations risk profile and budgetary constraints.
Plan Features
Service | Description | Cloud-Only | Essential | Advanced |
|---|---|---|---|---|
Fractional CISO | Cybersecurity expertise to assess current status and create actionable security roadmaps |  | | |
Cloud Configuration Review | Complete review of security configuration against best practices for Microsoft 365 and Google Workspace | | | |
Hardware/Software Security Management Plan | Development of security-centric best practices for deploying, managing, and decomissioning end user devices | | | |
Phishing Testing and Training Best Practices | Review and best practice recommendations on phishing testing and training of staff | | | |
Security Policies | Comprehensive set of needed cybersecurity policy templates | | | |
Incident Response Plan | Development of cybersecurity incident response plan to guide your team | | | |
Cyber Insurance Procurement Support | Support in preparation for and responding to cyber insurance questionaires | | | |
Cyber Training Evaluation and Recommendation | Review of current training program and recommendations for improvements | | | |
Staff Annual Cybersecurity Training Program | A comprehensive, real-time 1 hour training program to help elevate staff knowledge of cyber risks and responsibilities | | | |
Cybersecurity Maturity Assessment | Complete assessment based off the Center for Internet Security (CIS) Controls v8 | | | |
Continual Assessment Updates | Continual trending of your up-to-date cyber risk position so you’ll never have to pay for an entire assessment again | | | |
IT Team Remediation Plans | Detailed description of remediation plans for all outstanding tasks | | | |
Quarterly Executive Status Reports | Quarterly executive reports indicating current status, improvements over time, upcoming priorities | | | |
Security Roadmap | 3-, 6-, and 12-month roadmap for security improvements | | | |
Task Prioritization | Continually evolving list of top priorities for your IT team or vendors | | | |
IT Team and THIRD-PARTY Vendor Management | Project management oversight of security projects to maintain focus and accountability | | | |
GDPR/CCPA Guidance and Support | Consultation on maintaining compliance with GDPR, CCPA, and other privacy laws | | | |
Discounted rate for additional security services | 30% discount for additional project hours | | | |
External Vulnerability Scans | Vulnerability scans of externally visible IP addresses | | ||
Internal Vulnerability Scans | Vulnerability scans of internal end points | | ||
Firewall Ruleset Review | Assessment of effectivity of existing firewall ruleset (priced by project) | |
Plan Benefits
- Peace of mind that comes from transparency
- Consistent low monthly cost that’s easy to forecast
- Complete clarity to your organization’s cyber-maturity
- Discounted rate for security leadership for projects or incidents
- Clear direction to internal and external IT teams
- Continually updated 3-, 6-, and 12-month roadmap
- Insight to your pace of improvement of cyber defense
- Time savings for your IT staff
- Improvement of your phishing testing and training program
Annual Cybersecurity Training
Help your employees:
- Learn why cybercrime is on the rise
- Understand the modern cybercriminal organization and how it relates to you
- Understand why the little security inconveniences are so important
- Clearly understand all social engineering attacks like phishing, vishing, and smishing
- Finally understand how to identify all phishing emails
- Learn why associations, nonprofits, and small businesses are now a big target
50% off new customers
Standard Training
60-minute of engaging content
PCI Organization Training
90-minute of engaging content including PCI-specific topics
Contact:
Satisfied Customers and Partners
Get Started Now
Get a complete understanding of your current cybersecurity risk, clarity on your priorities and roadmap to your secure future.
Who provides proCISO and 501CISO…
proCISO and 501CISO are services by ClearTone Consulting. Brian Scott, founder and president of ClearTone Consulting, has a 35-year technology career with the last 20 years in the CIO/CISO role. He has 22 years of experience in working with SMB’s, associations and nonprofit organizations. He has led large technology teams (up to 85 staff) within organizations including significant focus on cybersecurity, having overseen compliance with HIPAA, PCI, SSAE-18 SOC 2, and NIST control frameworks.