Small Mortgage Broker (and Originators and Closers) Cybersecurity Program

If your mortgage company has less than ten employees, no more than one physical location, and you are exempt from the New York DFS cybersecurity regulation (see NY DFS 23CRR500.19 exemptions), we offer you a professional, comprehensive cybersecurity program package for only $3,950.00. This program has been designed by CyberCecurity, LLC and is fully aligned with the NY DFS regulation, the NIST Cybersecurity Framework, and the ISO 27001-2013 Standard.

NOTE: The Small Mortgage Broker Cybersecurity Program is fully aligned with our
Mortgage Industry Cybersecurity Certification (MICC)
(Requires a separate certification purchase)

The small mortgage broker (and originators and closers) cybersecurity program is comprised of the following products and services:

1. Cybersecurity Risk Assessment
2. Written Information Security Program (WISP)
3. Cybersecurity Policy Package (10 policies)
4. Identity Access Management Procedures
5. Technology Enhancement and Digital Anonymity Program
6. Vendor Cyber Risk Management Program Instructions
7. Vendor Cyber Risk Inventory Spreadsheet (VCRIS)
8. Cyber Insurance Policy Primer, Checklist and Recommendations
9. Ransomware Training
10. Data Retention Instructions
11. Small Mortgage Broker Cybersecurity Program Implementation Procedures
12. Access to Mitch Tanenbaum's Cybersecurity Blog

Supplemental/optional services billed separately:

-Cybersecurity Awareness Training (including unlimited phishing training) for up to 25 staff
-Virtual CISO access support for $200 per hour (regular rate $250/hour)

See detailed description of cybersecurity products and services below.

Program Price: $3,950.00 - plus any supplemental/optional services (see details below).

Delivery Time: All products and services will be delivered within 30 days of receipt of the initial cybersecurity assessment questionnaire from client.

Payment Terms: 50% ($1,975) due upon acceptance of Terms of Use https://www.cybercecurity.com/terms-of-use/ and 50% ($1,975) due upon delivery of all products and services.

--The optional security awareness training subscription ($481.25) will be billed separately and must be paid in full before the service is made available.

Guarantee: 60-day money-back guarantee if you are not satisfied with our service or products. Our goal is 100% satisfied customers, all the time...but if there is a problem, we'll make it right or return your money, and you keep whatever products or services we have already provided you with. See full details at https://www.cybercecurity.com/terms-of-use/

Questions? If your company has more than 25 employees and/or more than one location or if you have other compliance requirements (such as NIST 800-171, GLBA, PCI, HIPAA, etc.) please contact Ray Hutchins for more information: 303-887-5864.

Small Business Cybersecurity Package Details

1. Cybersecurity Risk Assessment. You will be provided with a cybersecurity questionnaire that you will fill out and return to us via encrypted email. We will provide simple instructions for how to do this. CyberCecurity will then:

--Review your questionnaire answers
--Ask any additional questions
--Conduct external scans/discovery (and interpretation) of your network and web sites using our various technology tools
--Generate a prioritized report which identifies organizational risk status and recommended actions required to bring your company into greater alignment with the ISO 27001-2013 cyber security standard

• Delivery time: 30 days after you submit questionnaire answers

2. Written Information Security Program (WISP). The WISP is the overarching document that you will use to guide the development and operation of your Information Security Program in accordance with sound business principles and the ISO 27001-2013 standard.

• Delivery time: 30 days after you submit questionnaire answers

3. Cybersecurity Policy Package. Policies are the foundation of any cybersecurity program. In order to align with NY DFS regulations and the ISO 27001-2013 requirements, your company must deploy a minimum set of cyber security policies. The basic package which we supply includes 10 policies and 5 support documents. Our small mortgage broker package typically includes the following policies, but we will first review your risk assessment and then adjust the policy package to best address your risk profile. (Additional policies available for an additional charge).

Policies:
1-Data Backup and Retention Policy & Procedures
2-Patch Management Policy
3-Password Policy and Procedures
4-Access Management Policy
5-Mobile Device and Teleworking Policy & Procedures
6-Vendor Cyber Risk Management Policy
7-Acceptable Use Policy
8-Physical Security and Environmental Controls Policy and Procedures
9-Personnel Security Policy and Procedures
10-Malware Protection Policy and Procedures

Support documents:
0-1.v1 Message from CEO
0-2.v1 How to Deploy These Policies
0-3.v1 Helping Staff Comply with Cybersecurity
0-4.v1 Policies and Procedures Change Management SOP
0-5.v1 Policy Scope/Responsibility Charts

• Delivery time: 7-14 days after you submit questionnaire answers

4. Identity Access Management Procedures. In alignment with the NY DFS regulation, we provide you with instructions necessary to better control access to important local and cloud-hosted data.

5. Technology Enhancement and Digital Anonymity Program. This document is a compilation of important tools and techniques small businesses and individuals can use to reduce cyber risk. This information was originally compiled by the Federal Bureau of Investigation and FBI Agent and Chief Security Officer Michael Mercer. This is an absolutely amazing and necessary tool for owners of businesses of all sizes. Mitch Tanenbaum and Ray Hutchins supplement Michael's information.

Just a few topics covered include:

• Smart phone security privacy settings
• Making your browser safer
• Reducing your "digital exhaust"
• Blocking surveillance ads and invisible trackers
• Controlling web bugs and beacons
• And much more!
• Delivery time: 7-14 days after you submit questionnaire answers

6. Vendor Cyber Risk Inventory Spreadsheet (VCRIS) and Program. In preparation for developing the company's Vendor Cyber Risk Management Program, leadership must start collecting data about all third-party vendors. Our VCRIS facilitates and guides that process and makes it easy to collect data that will be necessary to build the Vendor Cyber Risk Management Program in alignment with the NY DFS regulation.

• Delivery time: 7-14 days after you submit questionnaire answers

7. Cyber Insurance Policy Primer, Checklist and Recommendations. After you have built your cybersecurity program, you need cybersecurity insurance. Note: this insurance is not designed to be your first line of defense...that is your cybersecurity program. This policy is designed to handle other matters.

The cyber insurance policy is in addition to your general liability policy. The problem with cyber insurance policies is that they are "non-standard form" policies, which means that unlike your auto insurance or home insurance, cyber insurance policies vary widely in their coverage and limits. We provide you with a basic primer and checklist to help you buy the right insurance. We'll also give you recommendations for a couple of cybersecurity insurance brokers whom we know and trust in order to help you get the right policy.

• Delivery time: 7-14 days after you submit questionnaire answers

8. Ransomware Training. Ransomware is a huge and growing threat to small businesses. You need to utilize the correct back-up procedures and your people must be trained to correctly respond. Mitch and Ray have put together some great training that you should use to supplement the ransomware training that is provided as part of your Security Awareness Training (see item # 12 below).

• Delivery time: 7-14 days after you submit questionnaire answers

9. Data Retention Instructions. The NY DFS regulation requires that you preserve certain log data for 3-5 years and that you have a data retention policy regarding the rest of your data. We provide instructions to facilitate your meeting these requirements.

10. Small Mortgage Broker Cybersecurity Program Implementation Procedures. We provide written instructions and procedures to help you implement your cybersecurity program. For example: we will supply you with 10 cybersecurity policies...but how do you implement and enforce those policies? We'll show you how.

11. Access to Mitch Tanenbaum's Cybersecurity Blog: This is one of the most informative and interesting cybersecurity blogs in the country. New topics come out each week and Mitch always covers them in a non-technical and interesting way. Thousands of business people around the country depend on Mitch to keep them informed and up-to-speed on cybersecurity.

• Delivery time: Immediately

Cybersecurity Awareness Training. The single biggest cyber risk that any business has is its people. Most of the time, it is human error that is the cause of cybersecurity incidents. While training is not a cure-all for these problems, training does reduce the number and seriousness of cybersecurity incidents.

This on-demand training program tracks employee completion of the required training modules and success or failure of each phishing exercise. The system is easy to use and the price includes training for you or one of your staff to use the system.

The fixed price cost for a one-year subscription to this service for up to 25 staff is $481.25 (or $19.25 per staff member per year). Additional staff can be added for an additional fee; please contact us for a quote. PLEASE NOTE: the cost of this service is in addition to our Small Mortgage Broker Cybersecurity Program price of $3,950.00.

• Delivery time: Annual subscription starts immediately upon payment of subscription price as described above.

Virtual Chief Information Security Officer (CISO) Support. We hope you never need this, but if you do, your rate for our time will be locked in at $200 per hour (regular rate:$250/ hour). What do you do if you have a ransomware attack? What if you have a cybersecurity audit and you need some short-term help? Give us a call. We are your cybersecurity back-up and support.

• Delivery time: As required (hopefully--NEVER)

ORDER TODAY for only $3,950.00! Please contact Ray Hutchins at 303-887-5864 or rh@cybercecurity.com to order or for more information.

Or you can click on the Buy Now button below and charge the first payment of $1,975.00 to your credit card. When you click on the Buy NOW button below, you will go to a PayPal page where you will be given the option to pay via your PayPal account or with your credit or debit card. Either way, your payment will be securely processed via PayPal. We do not see your credit card number. After we are notified of your purchase, we'll contact you and provide simple encrypted email instructions related to the cybersecurity assessment. You can contact us any time with questions at 303-997-5506 or rh@cybercecurity.com.

NOTE: By clicking on the Buy Now button below, you acknowledge and accept our TERMS of USE located here:
https://www.cybercecurity.com/terms-of-use/

 

NOTE: The Small Mortgage Broker Cybersecurity Program is fully aligned with our
Mortgage Industry Cybersecurity Certification (MICC)
(Requires a separate certification purchase)

For a full list of our services, please go to: https://www.cybercecurity.com/services/

Thank you for considering CyberCecurity for your information security needs.