A practical cyber hygiene checkup for small businesses that need the basics cleaned up.
For small firms that know MFA, backups, admin access, passwords, vendor access, and email compromise planning matter — but do not have a clearly owned 30-day cleanup plan.
Included
- Pre-checkup questionnaire
- Review of MFA, passwords, admin access, backups, vendors, offboarding, and first-hour incident planning
- Review of up to five critical SaaS/admin areas using redacted/non-sensitive screenshots or client-controlled screen-sharing
- Optional public-domain hygiene snapshot for one owned/authorized domain
- Written self-reported snapshot, top three fixes, 30-day cleanup plan, and 60-minute walkthrough
Not included
- Penetration testing or exploit testing
- Incident response
- Formal audit, attestation, certification, or assurance engagement
- Legal, privacy, or insurance advice
- Guarantee of security, insurance approval, pricing, or coverage
Sample output style
The deliverable is concise and practical, outlining what appears handled, what needs cleanup, what is unclear, the top three fixes, and a 30-day plan.
MFA — Needs cleanup: Owner and admin accounts use MFA, but staff enforcement is unclear. First fix: enforce MFA for every mailbox/user, then separately review admin accounts.
Backups — Needs cleanup: Cloud files are assumed to be backed up, but no restore test was identified. First fix: run one small restore test and document who owns restore.
Top 30-day fixes: enforce MFA, test backup restore, create an offboarding checklist.
Safety boundaries
Regis Cyber does not ask for passwords, MFA codes, recovery codes, API keys, private keys, privileged client material, sensitive client documents, or full client lists. The business stays in control of its own accounts and screens.