720-891-1663
720-891-1663
If your law firm has less than 25 employees and you have no more than one physical location, we offer you a comprehensive, professional cybersecurity program package for only $4,950.00. This program has been designed by CyberCecurity, LLC and is fully aligned with the NIST Cybersecurity Framework, the ISO 27001-2013 Standard and your profession's ethical standards.
The Small Law Firm Cybersecurity Program is comprised of the following products and services:
1. Cybersecurity Risk Assessment
2. Written Information Security
Program (WISP)
3. Cybersecurity Policy Package (10 policies)
4.
Incident Response Program
5. Technology Enhancement and Digital Anonymity
Program
6. Encryption for Firms Using Windows and Microsoft Products
7. Vendor Cyber Risk Inventory Spreadsheet (VCRIS)
8. Cyber Insurance
Policy Primer, Checklist and Recommendations
9. Ransomware Training
10. Two hours of One-on-One Virtual CISO Consulting
11. Access to
Mitch Tanenbaum's Cybersecurity Blog
Supplemental/optional services billed separately:
12. Cybersecurity Awareness Training (including unlimited phishing
training) for up to 25 staff
13. Breach response support (if required)
for $175 per hour (regular rate: $250/ hour)
See detailed description of cybersecurity products and services below.
Program Price: $4,950.00 - plus any supplemental/optional services (see details below).
Delivery Time: All products and services except the vCISO time, the security awareness training (available immediately), and any breach response support will be delivered within 30 days of receipt of the initial cybersecurity assessment questionnaire from client.
Payment Terms: 50% ($2,475) due upon acceptance of Terms of Use https://www.cybercecurity.com/terms-of-use/ and 50% ($2,475) due upon delivery of all products and services except the two vCISO hours.
--The optional security awareness training subscription ($481.25) will
be billed separately and must be paid in full before the service is made
available.
--Any optional breach response support hours (if
required) will be billed separately.
Guarantee: 60-day money-back guarantee if you are not satisfied with our service or products. Our goal is 100% satisfied customers, all the time...but if there is a problem, we'll make it right or return your money...and you keep whatever products or services we have already provided you with. See full details at https://www.cybercecurity.com/terms-of-use/
Questions? If your law firm has more than 25 employees and/or more than one location or if you have other compliance requirements (such as NIST 800-171, GLBA, PCI, HIPAA, etc.) please contact Ray Hutchins for more information: 303-887-5864.
Law Firm Cybersecurity Package Details
1. Cybersecurity Risk Assessment. You will be provided with a cybersecurity questionnaire that you will fill out and return to us via encrypted email. We will provide simple instructions for how to do this. CyberCecurity will then:
--Review your questionnaire answers
--Ask any additional questions
--Conduct external scans/discovery (and interpretation) of your network and web sites using
our various technology tools, including:
--Generate a prioritized report which identifies organizational risk status and recommended actions required to bring your law firm into greater alignment with the ISO 27001-2013 cyber security standard.
2. Written Information Security Program (WISP). The WISP is the overarching document that you will use to guide the development and operation of your Information Security Program in accordance with sound business principles and the ISO 27001-2013 standard.
3. Cybersecurity Policy Package. Policies are the foundation of any cybersecurity program. In order to align with ISO 27001-2013 requirements, your firm must deploy a minimum set of cyber security policies. The basic package which we supply includes 10 policies and 5 support documents. Our small law firm package typically includes the following policies, but we will first review your risk assessment and then adjust the policy package to best address your risk profile. (Additional policies available for an additional charge).
Policies:
1-Data Backup Policy & Procedures
2-Patch Management
Policy
3-Password Policy and Procedures
4-Encryption Policy
5-Mobile Device and Teleworking Policy & Procedures
6-Customer Data
Privacy Policy
7-Acceptable Use Policy
8-Physical Security and
Environmental Controls Policy and Procedures
9-Personnel Security
Policy and Procedures
10-Malware Protection Policy and Procedures
Support documents:
0-1.v1 Message from Managing Partner
0-2.v1 How to Deploy
These Policies
0-3.v1 Helping Staff Comply with Cybersecurity
0-4.v1 Policies and Procedures Change Management SOP
0-5.v1 Policy
Scope/Responsibility Charts
4. Incident Response Program (IRP). Your law firm's IRP will be comprised of a professionally built IRP that is aligned with ISO 27001-2013 and the Department of Homeland Security Cyber Risk Response requirements and which correctly address the following IR requirements:
5. Technology Enhancement and Digital Anonymity Program. This document is a
compilation of important tools and techniques small law firms and
individuals can use to reduce cyber risk. This information was originally
compiled by the Federal Bureau of Investigation and FBI Agent and Chief
Security Officer Michael Mercer. This is an absolutely amazing and
necessary tool for owners of firms of all sizes. Mitch Tanenbaum and
Ray Hutchins bring you this important information and supplement it with
our own information.
Just a few topics
covered include:
6. Encryption for Firms Using Windows and Microsoft Products. We provide detailed instructions for encryption of both data-at-rest and data-in-motion for firms using standard Windows and Microsoft products.
7. Vendor Cyber Risk Inventory Spreadsheet (VCRIS). In preparation for developing the firm's Vendor Cyber Risk Management Program, leadership must start collecting data about all third-party vendors. Our VCRIS facilitates and guides that process and makes it easy to collect data that will be necessary to build the Vendor Cyber Risk Management Program at the appropriate time.
8. Cyber Insurance Policy Primer, Checklist and Recommendations. After
you have built your cybersecurity program, you need cyber security
insurance. Note: this insurance is not designed to be your first line of
defense...that is your cybersecurity program. This policy is designed to
handle other matters.
The cyber insurance policy is in addition
to your general liability policy. The problem with cyber insurance
policies is that they are "non-standard form" policies, which means that
unlike your auto insurance or home insurance, cyber insurance policies
vary widely in their coverage and limits. One of the services we offer to
larger law firms is to read their cyber insurance policy and make sure
they have the coverage they think they have. Many times they don't. We
provide you with a basic primer and checklist to help you buy the right
insurance. We'll also give you recommendations for a couple of cybersecurity
insurance brokers whom we know and trust in order to help you get the right policy.
9. Ransomware Training. Ransomware is a huge and growing threat to law firms. You need to utilize the correct back-up procedures and your people must be trained to correctly respond. Mitch and Ray have put together some great training that you should use to supplement the ransomware training that is provided as part of your Security Awareness Training (see item # 12 below).
10. Virtual Chief Information Security Officer (vCISO). There is a critical shortage of Chief Information Security Officers (CISOs). Many organizations are trying to fill this position with other executives who lack the expertise and experience required to understand the problems, define solutions, and drive the necessary change.
For small-to-medium sized firms, it is impossible to justify the expense of a full-time CISO that will cost between $150k-$250k+ per year plus benefits. Most law firms don't even have the internal expertise to properly evaluate a candidate. (BTW, we offer a service to assist you in evaluating full-time CISO candidates as well).
Our Sall Law Firm Program provides you with two hours of personalized, one-on-one (or your team is invited) virtual CISO consultation time that you can use whenever you need it. Our vCISO can do the following for you:
Our vCISO program provides your company with a top-notch, hugely experienced cybersecurity resource, Mitch Tanenbaum. Mitch becomes your go-to resource for cybersecurity expertise. Regular price for this service is $250 per hour. If required, you can easily purchase additional hours at $200 per hour if billed in advance in 10-hour increments ($2,000) or $250 per hour if billed in arrears.
11. Access to Mitch Tanenbaum's Cybersecurity Blog. Mitch writes one of the most informative and interesting cybersecurity blogs in the country. New topics come out each week and Mitch always covers them in a non-technical and interesting way. Thousands of business people around the country depend on Mitch to keep them informed and up-to-speed on cybersecurity.
Important supplemental services billed separately:
12. Cybersecurity Awareness Training. The single biggest cyber risk
that any firm has is its people. Most of the time, it is human error that
is the cause of cybersecurity incidents. While training is not a
cure-all for these problems, training does reduce the number and
seriousness of cyber security incidents.
There are 22 different online
security awareness training systems. We have evaluated all these systems
and are able to recommend the best program with the most value to you.
This online training system includes 52 training modules and has a
tool to create automated phishing exercises to employees. This on-demand
training program tracks employee completion of the required training
modules and success or failure of each phishing exercise. The system is
easy to use and the price includes training for you or one of your staff
to use the system.
The fixed price cost for a one-year subscription to this service for up to 25 staff is $481.25. Additional staff can be added for an additional fee; please contact us for a quote. PLEASE NOTE: the cost of this service is in addition to our Small Law Firm Cybersecurity Program price of $4,950.00.
13. Breach Response Support. We hope you never need this, but if you do, your rate for our time will be locked in at $175 per hour (regular rate:$250/hour). What do you do if you have a ransomware attack? First of all, because you have our program and you have been diligently backing up your data...you are safer! Next step is to turn off that computer and disconnect it from your network. Then get out your IRP and give us a call.
ORDER TODAY for only $4,950.00! Please contact Ray Hutchins at 303-887-5864 or [email protected] to order or for more information.
Or you can click on the Buy Now button below and charge the first payment of $2,475.00 to your credit card. When you click on the Buy NOW button below, you will go to a PayPal page where you will be given the option to pay via your PayPal account or with your credit or debit card. Either way, your payment will be securely processed via PayPal. We do not see your credit card number. After we are notified of your purchase, we'll contact you and provide simple encrypted email instructions related to the cybersecurity assessment. You can contact us any time with questions at 303-997-5506 or [email protected].
NOTE:
By clicking on the Buy Now button below, you acknowledge and accept our
TERMS of USE located here:
https://www.cybercecurity.com/terms-of-use/
For a full list of our services, please go to: https://www.cybercecurity.com/services/
Thank you for considering CyberCecurity for your information security needs.