The Security Essentials Plan:
Level Up Your Cybersecurity

Over the last few years the statistics regarding cyber attacks against small and medium sized businesses paint a clear picture: The largest companies are no longer the only ones under constant threat. 

Our Security Essentials plans are innovative subscription-based Cybersecurity-as-a-Service offerings. The plans ensure you cover the basics, and put you on track to demonstrate your security through certification.

Subscription plans to get your company up to speed on security.

“I’ve heard how more than half of small-medium sized businesses have experienced some kind of hack over the last year. If I had an easy way to protect my business, I’d do it tomorrow. But where do I start?” 

The motivation behind our Security Essentials plan is to provide your company with a solid security foundation. Start here.

of total breaches involved small business victims*
1 %
of s-m sized businesses reported a breach in 2019**
1 %
of Small business breaches involved phishing*
1 %
of small business breaches used stolen credentials*
1 %

     * 2020 Verizon Data Breach investigation Report

     ** Global State of Cybersecurity in S-M-Sized Businesses (Keeper/Ponemon)

security Essentials for business

Corporate Cybersecurity: Building a Strong Foundation

For small to medium size businesses, there is a lot to do, but budget, manpower and time are usually in short supply. Building out a dedicated security team, or hiring a full-time Chief Information Security Officer (CISO), is usually not an option – nor is it necessary. Our entry-level Essentials plan is designed to provide your organization with the basic building blocks of a comprehensive security program.

virtual ciso

Start developing a relationship now with a seasoned security expert, who will get to know your company and its unique security requirements. Through regular meetings, your dedicated vCISO will understand your threat landscape, allowing them to advise on both strategic and tactical security matters, as well as manage longer-term projects.

security program development

An organization has different security needs at different stages of growth. We’ll help ensure that your security posture improves in line with your overall organisational maturity, through the development of a structured and documented security program which aligns with major international standards such as ISO 27001.

security Awareness Training

Within the security industry it is well known that the weakest link in a company’s security is usually its employees. We’ll help you train employees to recognize phishing and other social engineering tactics through interactive learning and simulated phishing emails, based on real-world malicious phishing campaigns.

Next Steps: Security Ops

For most non-enterprise businesses, security operations consists of some hardware, some software, and a few overworked IT employees giving security whatever time they can stitch together. The mature security posture of larger enterprises, long the target of attacks, is built around a Security Operation Center (“SOC“). A SOC consists of a team of dedicated security engineers and analysts who, equipped with an advanced security intelligence platform (next-gen SIEM) and other tools, provide real-time monitoring and analysis.

The foundation of a SOC is visibility.

Vulnerability Assessment

Vulnerability assessments are performed by penetration testers (ethical hackers) utilizing the latest tools and techniques of real-world malicious actors, allowing you to see how your organization looks from a hacker's perspective.

Continuous Monitoring

24/7 continuous security monitoring provides an integrated 360-degree perspective of critical assets in your corporate network and infrastructure, enabling detection, investigation and remediation of potentially malicious activity.

User Behaviour Analysis (AI)

By utilizing machine learning, User Behaviour Analysis (UBA) identifies and creates a baseline for normal user behaviour, and is able detect anomalous activity. This is important both for detection of insider threat activity as well as that of external actors.

certification track
Show clients you take their security seriously. They'll thank you.

Get the most out of your security investment: Demonstrating compliance with an internationally accepted standard can accelerate your sales by convincing clients that their data is safe with you. Each of our plans, including the starter Essentials, lays the groundwork for your organization to become ISO 27001-certified.

Some security standards come in the form of government or industry regulations with which certain organizations must comply, such as PCI-DSS for companies that accept credit card payments, HIPAA for organizations that process Protected Health Information (PHI), and CMMC for DoD contractors. Other standards, such as ISO 27001, are proactively adopted by companies who want to improve and systematize their security governance and processes, and to be able to demonstrate this security maturity to clients, business partners and investors.

The ISO 27001:2013 Standard’s stated goal is to specify the “requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.” Since it’s introduction it has grown to be the de-facto gold standard among organizations around the world. Companies who successfully implement the standard are able to demonstrate a mature security posture in RFPs, due diligence and other sensitive bids, transactions and negotiations.

The ISO 27001 standard is comprised of 14 sets of controls, which together provide a comprehensive security framework addressing all aspects of an organization’s cybersecurity. The control domains are: 1. Information security policies, 2. Organization of information security, 3. Human resource security, 4. Asset Management, 5. Access control, 6. Cryptography, 7. Physical and environmental security, 8. Operations security, 9. Communications security, 10. System acquisition, development and maintenance, 11. Supplier Relationships, 12. Incident Management, 13. Business Continuity Management, and 14. Compliance.

The Wall Street Journal reports that “cyber insurers, leery of security risks created by remote working and other effects of the coronavirus pandemic, are stepping up scrutiny of policyholders’ security arrangements. These efforts could result in costlier policies, or even coverage denials for companies.” Voluntarily adopting and complying with an internationally-respected cybersecurity standard is a great way to demonstrate that security is taken seriously.  

Essentials

$ 1950 Month
  • Dedicated vCISO
  • Security Program Development
  • Security Awareness Training

Essentials Plus

$ 3450 Month
  • Includes Essentials
  • Monitoring up to 10 Devices
  • Vulnerability Assessment

Essentials Pro

Custom Month
  • Includes Essentials Plus
  • Monitoring Unlimited Devices
  • Endpoint Detection & Response

Schedule a consult

Let us help fill the gaps in your corporate security posture.
Or call us to speak to an expert now:

+1 212 643 1850