Practical IT. Real Security.

Strengthening Your Defenses
Before They're Tested

IT improvements and cybersecurity hardening, backed by years of real-world incident response experience.

Schedule a Consultation View Assessments
Scroll
CIS Controls Framework
Incident Response
Law Firm & Healthcare Ready
SMB-Focused
Sioux City, IA — Serving Siouxland & Beyond
By the numbers
The cost of waiting is higher than the cost of a review

These aren't worst-case scenarios. They're industry averages — and they apply to small businesses just as much as large ones.

60%
of small businesses close within 6 months of a cyberattack
National Cybersecurity Alliance
$4.9M
average total cost of a data breach in 2024
IBM Cost of a Data Breach Report 2024
194days
average time to identify and contain a breach — over 6 months of silent damage
IBM Cost of a Data Breach Report 2024
22days
average downtime after a ransomware attack — 3+ weeks of lost productivity
Coveware Ransomware Report 2024
$1.5M
average ransomware recovery cost for small businesses, including downtime and remediation
Sophos State of Ransomware 2024
82%
of breaches involve a human element — phishing, stolen credentials, or insider error
Verizon DBIR 2024
What cyber insurance actually covers

Most small business cyber policies pay between $250K–$1M per incident — but only if you can demonstrate reasonable security controls were in place. Businesses that cannot show documented security practices often face claim denials or significant coverage gaps. An assessment creates the documentation insurers look for.

Small businesses are the primary target

Over 43% of cyberattacks target small businesses specifically — because attackers know they are less likely to have dedicated IT security staff. Professional firms handling sensitive client data (legal, financial, medical) are consistently among the most targeted sectors due to the value of the data they hold.

The cost of a review vs. the cost of an incident

A Starter Assessment costs $2,500. The average cost of a single business email compromise incident for a small firm — including wire fraud, legal fees, and recovery — is $137,000. Prevention is not just cheaper. For many small businesses, it is the difference between staying open and closing.

Services
Focused, practical, business-aligned
Every engagement is conducted by a senior practitioner — not a junior analyst. You receive a written report, a prioritized remediation roadmap, and a plain-language debrief.
IT Advisory
Infrastructure & Operations

Infrastructure reviews, documentation, system cleanup, and operational improvements — so your environment is organized and defensible.

Cybersecurity
Security Assessments

Identify real risks across identity, endpoints, network, and recovery. Structured around CIS Controls for defensible, prioritized findings.

Incident Readiness
Breach Preparedness

Prepare your environment for breach scenarios and recovery situations — tested against what actually fails during real incidents.

Smart Technology
Modern Infrastructure

Secure smart systems, automation, and network segmentation — practical controls for businesses modernizing their tech stack.

Assessment Tiers
Clear visibility. Real improvements.
Two tiers — built for small professional firms and growing mid-size organizations. Each engagement delivers a plain-language report and a prioritized action plan, not a stack of technical jargon.
Built for small professional firms. You don't need a massive IT department to have a serious security problem. Our Tier 1 assessments are designed for law firms, dental practices, financial advisors, and similar businesses — giving you a clear, honest picture of where you stand and exactly what to fix first.
Starter Assessment
Foundational Review
1–2 day engagement  ·  remote or on-site
What you get answers to
  • Could someone access your systems if an employee's password was stolen?
  • What does your business look like to someone scanning the internet for targets?
  • Are your staff emails protected against impersonation and spoofing?
  • Are the devices in your office actually protected — or just assumed to be?
  • If ransomware hit tomorrow, could you recover your data?
  • Is your office network set up in a way that limits damage if something goes wrong?
  • Would your team know what to do — and who to call — if something happened?
What you walk away with
  • A plain-language findings report — written for owners, not just IT people
  • A ranked list of what to fix first, with guidance on how to do it
  • A one-page executive summary you can share with your leadership team
Request a quote
Most Popular
Standard Assessment
Advanced Review
2–4 day engagement  ·  remote or on-site
Everything in Foundational, plus deeper answers
  • Are the people in your business only able to access what they actually need?
  • If an attacker got inside your network, how far could they get — and how fast?
  • Are your internal systems configured to slow an attacker down, or make it easier?
  • Is your email filtering actually catching sophisticated attacks — or just obvious spam?
  • Have any employee credentials already been leaked on the internet without your knowledge?
  • Are your backups stored in a way that ransomware couldn't reach and destroy them?
  • Do you have enough visibility to know when something suspicious is happening?
  • Are your software and systems being updated fast enough to close known vulnerabilities?
What you walk away with
  • Everything from the Foundational Review
  • A detailed technical report with evidence — not opinions
  • A 30-day action plan and a 6-month roadmap
  • A live debrief with your team to walk through findings and answer questions
Request a quote
Monthly Retainer
Ongoing Partnership
Continuous engagement
What this solves
  • Security doesn't stay fixed after a one-time review — things change. People leave. New tools get added. This keeps you current.
Each month we check
  • That no former employees still have access to your systems
  • That your email protections haven't drifted or been misconfigured
  • That your devices and software are staying up to date
  • That your backups ran successfully and your data is recoverable
  • That nothing suspicious has gone unreviewed in your alerts
  • That newly disclosed vulnerabilities aren't affecting your business
What you receive
  • A monthly written summary of your security posture
  • A quarterly trend report showing improvement over time
  • Direct access to your consultant for questions throughout the month
  • Priority support if an incident occurs
Request a quote
What you get clarity onFoundationalAdvancedRetainer
Can someone break in if a password is stolen?✓ monthly
What does your business look like to attackers?✓ monthly
Are your emails protected against impersonation?✓ monthly
How far could an attacker get inside your network?quarterly
Have any credentials already been leaked online?✓ monthly
Could ransomware destroy your backups too?basic✓ deep✓ monthly
Are former employees locked out of everything?✓ monthly
Written report with clear next steps✓ detailed✓ monthly
A note on scope: Our assessments are designed for businesses with 1–50 employees. We review, document, and advise — we don't break things, and we don't make changes to your systems without a separate agreement. Everything we do is defined in writing before we start.
Built for growing organizations. As your business grows, so does the complexity of keeping it secure. Our Tier 2 assessments are built for organizations with 50–250 employees — where a surface-level review isn't enough and every department, every location, and every person with access needs to be accounted for.
Tier 2 Starter
Foundational Review
3 day engagement  ·  on-site or hybrid
What you get answers to
  • Does every person in your organization only have access to what their job requires?
  • Are all of your locations — not just the main office — protected equally?
  • Are the right people in your business getting extra protection — finance, HR, leadership?
  • If a vendor or IT contractor was compromised, how much of your business could they reach?
  • Are your backups covering everything — including cloud tools your teams use daily?
  • Would you know within hours if something was wrong, or would it take days?
  • Are the policies your business relies on actually being followed — or just written down?
What you walk away with
  • A findings report organized by business impact and urgency
  • An executive summary written for leadership — no technical background required
  • A prioritized action plan with clear ownership guidance
Request a quote
Most Popular
Tier 2 Standard
Comprehensive Review
5 day engagement  ·  on-site or hybrid
Everything in Foundational, plus
  • A full map of how an attacker would actually move through your environment — step by step
  • A review of whether security exceptions and workarounds have been quietly accumulating
  • An honest assessment of whether your security policies are enforced or just aspirational
  • A review of whether sensitive business data is accessible to people who don't need it
  • A test of whether your incident response plan would actually work under pressure
  • An assessment of whether your posture would satisfy clients, insurers, or regulators
What you walk away with
  • A comprehensive report suitable for board review or cyber insurance documentation
  • A step-by-step attacker path narrative — written for leadership, not just IT
  • A 30-day action plan and a 6-month security roadmap
  • A live debrief with leadership and your technical team
  • Documentation you can present to clients, insurers, or regulators if asked
Request a quote
Tier 2 Retainer
Ongoing Partnership
Continuous engagement
What this solves
  • At your size, things change constantly — people join and leave, vendors get added, systems get updated. This keeps your security posture from quietly falling behind.
Each month we verify
  • That access across all departments reflects who actually works there today
  • That no former employees, contractors, or vendors still have a way in
  • That your highest-risk staff — finance, leadership, HR — still have the protections they need
  • That nothing has silently changed in a way that opens a new risk
  • That your backups are healthy across every system your business depends on
  • That newly publicized threats aren't relevant to your specific environment
Every quarter we review
  • Whether your team's security awareness is keeping pace with new threats
  • Whether vendor and contractor access is still appropriate and current
  • A posture trend report delivered to your leadership team
Request a quote
What you get clarity onFoundationalComprehensiveRetainer
Every location covered, not just the main office✓ monthly
Every person with access accounted for✓ all✓ all✓ monthly
Finance, HR, and leadership get extra scrutiny✓ monthly
Step-by-step attacker path through your org
Security policies enforced, not just writtenbasic✓ deepquarterly
Vendor and contractor access reviewed✓ monthly
Board or insurer-ready documentation
Written report with clear next steps✓ detailed✓ monthly
A note on scope: Tier 2 engagements are built for organizations with 50–250 employees. We recommend a short discovery call before booking to make sure the engagement is scoped correctly for your number of locations and staff. We review, document, and advise — we don't make changes to your systems without a separate written agreement.
Who We Serve
Built for small and medium businesses with real compliance stakes

If your clients trust you with sensitive data — financial records, health information, legal documents — your security posture is not optional. We work with any SMB that handles sensitive data and needs a trusted security partner.

Law Firms

Client privilege and bar compliance require stringent data protection. We find the gaps before opposing counsel or a regulator does.

Dental Practices

HIPAA mandates technical safeguards. We give dental offices a clear assessment of where patient data is at risk.

Financial Services

Advisors, RIAs, and lenders operate under FTC Safeguards Rule obligations. We map your controls against current requirements.

CPA Firms

Tax data and financial records are prime ransomware targets. We assess your exposure and help you build a defensible posture.

Retail & E-Commerce

Payment card data and customer PII create significant exposure. We assess POS systems, network segmentation, and access controls.

Healthcare & Clinics

Beyond HIPAA — we assess the full technical environment including EHR access, network security, and medical device exposure.

Professional Services

Consultants, agencies, and service firms handling client data need solid fundamentals. We deliver practical, right-sized security.

Any SMB

If you have employees, data, and systems — you have risk. We work with any small or medium business ready to take security seriously.

About
Built from real incident response experience

Ethos Technology & Cybersecurity was founded on a simple premise: most small businesses don't need enterprise security software — they need a knowledgeable person to walk through their environment, find the real risks, and tell them what to fix first.

We focus on clarity, structure, and practical improvement — not tools, hype, or overpromising. With years of hands-on incident response experience traveling onsite to remediate breached environments, every assessment is shaped by that real-world perspective.

We serve businesses in Sioux City, Iowa and the surrounding region, with remote and travel engagements available nationally.

  • Incident Response & Onsite Remediation
  • CIS Controls / Implementation Groups framework
  • Active Directory, GPO & Windows hardening expertise
  • HIPAA, FTC Safeguards & professional services experience
Every business I've helped recover from a breach had the same realization too late: the problems we found after the incident were detectable before it. That's why I do this work.
— Ethos Technology & Cybersecurity
01
Discover
Free 30-min call to understand your environment and scope the right engagement.
02
Assess
Structured on-site inspection — every check documented, no corners cut.
03
Prioritize
Plain-language findings with a prioritized roadmap — nothing buried in jargon.
04
Improve
Monthly retainer available if you want a partner to help execute the roadmap.
Contact
Let's talk

Strengthen your environment before it becomes a problem. Start with a free 30-minute discovery call — no pressure, no sales pitch.

Ethos Technology & Cybersecurity
Ethos Technology & Cybersecurity
Email
info@etc-advisors.com
Typically responds within one business day
Phone
(XXX) XXX-XXXX
Location
Sioux City, Iowa
Serving Siouxland region & remote engagements nationally
Protected by reCAPTCHA — Privacy & Terms