If your mortgage company has less than ten employees, no more than one physical location, and you are exempt from the New York DFS cybersecurity regulation (see NY DFS 23CRR500.19 exemptions), we offer you a professional, comprehensive cybersecurity program package for only $3,950.00. This program has been designed by CyberCecurity, LLC and is fully aligned with the NY DFS regulation, the NIST Cybersecurity Framework, and the ISO 27001-2013 Standard.
NOTE: The Small Mortgage Broker
Cybersecurity Program is fully aligned with our
Mortgage Industry Cybersecurity Certification
(MICC)
(Requires a separate
certification purchase)
The small mortgage broker (and originators and closers) cybersecurity program is comprised of the following products and services:
1. Cybersecurity Risk Assessment
2. Written Information Security
Program (WISP)
3. Cybersecurity Policy Package (10 policies)
4.
Identity Access Management Procedures
5. Technology Enhancement and Digital Anonymity
Program
6. Vendor Cyber Risk Management Program Instructions
7. Vendor Cyber Risk Inventory Spreadsheet (VCRIS)
8. Cyber Insurance
Policy Primer, Checklist and Recommendations
9. Ransomware Training
10. Data Retention Instructions
11. Small Mortgage Broker
Cybersecurity Program Implementation Procedures
12. Access to
Mitch Tanenbaum's Cybersecurity Blog
Supplemental/optional services billed separately:
-Cybersecurity Awareness Training (including unlimited phishing
training) for up to 25 staff
-Virtual CISO access support for $200
per hour (regular rate $250/hour)
See detailed description of cybersecurity products and services below.
Program Price: $3,950.00 - plus any supplemental/optional services (see details below).
Delivery Time: All products and services will be delivered within 30 days of receipt of the initial cybersecurity assessment questionnaire from client.
Payment Terms: 50% ($1,975) due upon acceptance of Terms of Use https://www.cybercecurity.com/terms-of-use/ and 50% ($1,975) due upon delivery of all products and services.
--The optional security awareness training subscription ($481.25) will
be billed separately and must be paid in full before the service is made
available.
Guarantee: 60-day money-back guarantee if you are not satisfied with our service or products. Our goal is 100% satisfied customers, all the time...but if there is a problem, we'll make it right or return your money, and you keep whatever products or services we have already provided you with. See full details at https://www.cybercecurity.com/terms-of-use/
Questions? If your company has more than 25 employees and/or more than one location or if you have other compliance requirements (such as NIST 800-171, GLBA, PCI, HIPAA, etc.) please contact Ray Hutchins for more information: 303-887-5864.
Small Business Cybersecurity Package Details
1. Cybersecurity Risk Assessment. You will be provided with a cybersecurity questionnaire that you will fill out and return to us via encrypted email. We will provide simple instructions for how to do this. CyberCecurity will then:
--Review your questionnaire answers
--Ask any additional questions
--Conduct external scans/discovery (and interpretation) of your network
and web sites using our various technology tools
--Generate a prioritized report which identifies organizational risk
status and recommended actions required to bring your company into
greater alignment with the
ISO 27001-2013 cyber security standard
2. Written Information Security Program (WISP). The WISP is the overarching document that you will use to guide the development and operation of your Information Security Program in accordance with sound business principles and the ISO 27001-2013 standard.
3. Cybersecurity Policy Package. Policies are the foundation of any cybersecurity program. In order to align with NY DFS regulations and the ISO 27001-2013 requirements, your company must deploy a minimum set of cyber security policies. The basic package which we supply includes 10 policies and 5 support documents. Our small mortgage broker package typically includes the following policies, but we will first review your risk assessment and then adjust the policy package to best address your risk profile. (Additional policies available for an additional charge).
Policies:
1-Data Backup and Retention Policy & Procedures
2-Patch Management
Policy
3-Password Policy and Procedures
4-Access Management Policy
5-Mobile Device and Teleworking Policy & Procedures
6-Vendor Cyber
Risk Management Policy
7-Acceptable Use Policy
8-Physical Security and
Environmental Controls Policy and Procedures
9-Personnel Security
Policy and Procedures
10-Malware Protection Policy and Procedures
Support documents:
0-1.v1 Message from CEO
0-2.v1 How to Deploy
These Policies
0-3.v1 Helping Staff Comply with Cybersecurity
0-4.v1 Policies and Procedures Change Management SOP
0-5.v1 Policy
Scope/Responsibility Charts
4. Identity Access Management Procedures. In alignment with the NY DFS regulation, we provide you with instructions necessary to better control access to important local and cloud-hosted data.
5. Technology Enhancement and Digital Anonymity Program. This document is a
compilation of important tools and techniques small businesses and
individuals can use to reduce cyber risk. This information was originally
compiled by the Federal Bureau of Investigation and FBI Agent and Chief
Security Officer Michael Mercer. This is an absolutely amazing and
necessary tool for owners of businesses of all sizes. Mitch Tanenbaum and
Ray Hutchins supplement Michael's information.
Just a few topics
covered include:
6. Vendor Cyber Risk Inventory Spreadsheet (VCRIS) and Program. In preparation for developing the company's Vendor Cyber Risk Management Program, leadership must start collecting data about all third-party vendors. Our VCRIS facilitates and guides that process and makes it easy to collect data that will be necessary to build the Vendor Cyber Risk Management Program in alignment with the NY DFS regulation.
7. Cyber Insurance Policy Primer, Checklist and Recommendations. After
you have built your cybersecurity program, you need cybersecurity
insurance. Note: this insurance is not designed to be your first line of
defense...that is your cybersecurity program. This policy is designed to
handle other matters.
The cyber insurance policy is in addition
to your general liability policy. The problem with cyber insurance
policies is that they are "non-standard form" policies, which means that
unlike your auto insurance or home insurance, cyber insurance policies
vary widely in their coverage and limits. We
provide you with a basic primer and checklist to help you buy the right
insurance. We'll also give you recommendations for a couple of cybersecurity
insurance brokers whom we know and trust in order to help you get the right policy.
8. Ransomware Training. Ransomware is a huge and growing threat to small businesses. You need to utilize the correct back-up procedures and your people must be trained to correctly respond. Mitch and Ray have put together some great training that you should use to supplement the ransomware training that is provided as part of your Security Awareness Training (see item # 12 below).
9. Data Retention Instructions. The NY DFS regulation requires that you preserve certain log data for 3-5 years and that you have a data retention policy regarding the rest of your data. We provide instructions to facilitate your meeting these requirements.
10. Small Mortgage Broker Cybersecurity Program Implementation Procedures. We provide written instructions and procedures to help you implement your cybersecurity program. For example: we will supply you with 10 cybersecurity policies...but how do you implement and enforce those policies? We'll show you how.
11. Access to Mitch Tanenbaum's Cybersecurity Blog: This is one of the most informative and interesting cybersecurity blogs in the country. New topics come out each week and Mitch always covers them in a non-technical and interesting way. Thousands of business people around the country depend on Mitch to keep them informed and up-to-speed on cybersecurity.
Cybersecurity Awareness Training. The single biggest cyber risk
that any business has is its people. Most of the time, it is human error that
is the cause of cybersecurity incidents. While training is not a
cure-all for these problems, training does reduce the number and
seriousness of cybersecurity incidents.
This on-demand training program tracks employee completion of the required training modules and success or failure of each phishing exercise. The system is easy to use and the price includes training for you or one of your staff to use the system.
The fixed price cost for a one-year subscription to this service for up to 25 staff is $481.25 (or $19.25 per staff member per year). Additional staff can be added for an additional fee; please contact us for a quote. PLEASE NOTE: the cost of this service is in addition to our Small Mortgage Broker Cybersecurity Program price of $3,950.00.
Virtual Chief Information Security Officer (CISO) Support. We hope you never need this, but if you do, your rate for our time will be locked in at $200 per hour (regular rate:$250/ hour). What do you do if you have a ransomware attack? What if you have a cybersecurity audit and you need some short-term help? Give us a call. We are your cybersecurity back-up and support.
ORDER TODAY for only $3,950.00! Please contact Ray Hutchins at 303-887-5864 or rh@cybercecurity.com to order or for more information.
Or you can click on the Buy Now button below and charge the first payment of $1,975.00 to your credit card. When you click on the Buy NOW button below, you will go to a PayPal page where you will be given the option to pay via your PayPal account or with your credit or debit card. Either way, your payment will be securely processed via PayPal. We do not see your credit card number. After we are notified of your purchase, we'll contact you and provide simple encrypted email instructions related to the cybersecurity assessment. You can contact us any time with questions at 303-997-5506 or rh@cybercecurity.com.
NOTE:
By clicking on the Buy Now button below, you acknowledge and accept our
TERMS of USE located here:
https://www.cybercecurity.com/terms-of-use/
NOTE: The Small Mortgage Broker
Cybersecurity Program is fully aligned with our
Mortgage Industry Cybersecurity Certification
(MICC)
(Requires a separate
certification purchase)
For a full list of our services, please go to: https://www.cybercecurity.com/services/
Thank you for considering CyberCecurity for your information security needs.