We assess your security posture, harden your infrastructure, and respond when incidents occur. Backed by 12 years of systems administration and 5 years of incident response — cybersecurity is the primary focus, and a well-built IT environment is where it starts.
These aren't worst-case scenarios. They're industry averages — and they apply to small businesses just as much as large ones.
Most small business cyber policies pay between $250K–$1M per incident — but only if you can demonstrate reasonable security controls were in place. Businesses that cannot show documented security practices often face claim denials or significant coverage gaps. An assessment creates the documentation insurers look for.
Over 43% of cyberattacks target small businesses specifically — because attackers know they are less likely to have dedicated IT security staff. Professional firms handling sensitive client data (legal, financial, medical) are consistently among the most targeted sectors due to the value of the data they hold.
A Starter Assessment costs $2,500. The average cost of a single business email compromise incident for a small firm — including wire fraud, legal fees, and recovery — is $137,000. Prevention is not just cheaper. For many small businesses, it is the difference between staying open and closing.
We assess your entire security posture — identity, endpoints, network, email, backups, and access controls — and deliver a plain-language report that tells you exactly what to fix and in what order. Built on the CIS Controls framework. Designed for businesses with 1–250 employees.
Gap analysis across all critical controls — findings ranked by business impact, not technical severity.
External exposure, credential leaks, misconfigured controls, and access gaps — found before attackers do.
A prioritized action plan — 30-day quick wins and a longer-term roadmap written for business owners, not just IT.
Experienced hands when your team is understaffed during an incident — containment, evidence collection, restoration, and hardening. Remote and onsite. No forensics or data mining — staff augmentation only.
Learn more →Windows deployment, Active Directory configuration, network design, M365 hardening, and data permissions — built securely from the start so your assessment results reflect real posture, not just configuration debt.
Learn more →If your clients trust you with sensitive data — financial records, health information, legal documents — your security posture is not optional. We work with any SMB that handles sensitive data and needs a trusted security partner.
Client privilege and bar compliance require stringent data protection. We find the gaps before opposing counsel or a regulator does.
HIPAA mandates technical safeguards. We give dental offices a clear assessment of where patient data is at risk.
Advisors, RIAs, and lenders operate under FTC Safeguards Rule obligations. We map your controls against current requirements.
Tax data and financial records are prime ransomware targets. We assess your exposure and help you build a defensible posture.
Payment card data and customer PII create significant exposure. We assess POS systems, network segmentation, and access controls.
Beyond HIPAA — we assess the full technical environment including EHR access, network security, and medical device exposure.
Consultants, agencies, and service firms handling client data need solid fundamentals. We deliver practical, right-sized security.
If you have employees, data, and systems — you have risk. We work with any small or medium business ready to take security seriously.
Custom Windows builds designed for your environment — standardized, hardened, and documented. Consistent deployments mean fewer gaps and faster troubleshooting.
A clean, well-structured AD environment is the foundation of access control. Whether you are starting fresh or cleaning up years of drift, we design and harden your directory from the ground up.
A segmented, documented network is both easier to manage and significantly harder to attack. We design networks for SMBs that are right-sized, secure, and built to scale.
Uncontrolled file shares and inherited permissions are one of the most common causes of data exposure. We structure your data environment so people only have access to what they need.
Most small businesses are running M365 out of the box — with default settings that leave significant security gaps. We configure your tenant the right way from the start, or clean up what has accumulated over time.
Sometimes you need an experienced outside perspective — on a technology decision, a vendor proposal, or simply to get your environment documented before something goes wrong. We provide practical, vendor-neutral guidance.
Remote staff augmentation for teams that need experienced additional hands during an incident but travel is not yet required. Triage, containment, evidence collection, and restoration guidance — coordinated remotely with your internal IT team. No forensics or investigative analysis — hands-on operational support only.
When your team needs someone physically in the room — hands on your systems, executing containment and restoration alongside your staff. This is staff augmentation, not forensic investigation. I travel to your location and stay until the environment is contained, restored, and hardened.
You call or email. We talk through what is happening, what systems are affected, and whether remote or onsite response is the right move. This conversation is free.
We determine the scope of the incident — what was accessed, what is still active, and what needs to happen in the next hour, next 24 hours, and next week. Containment starts here.
We stop the bleeding — isolate affected systems, collect and preserve evidence, and work with your internal IT team to stabilize the environment. Remote or onsite depending on your situation.
Systems are restored to a known good state, credentials are reset, and the entry point is closed and hardened. You receive a written summary of what was done and what needs to happen next.
When an incident hits and your internal team is stretched thin, having an experienced contractor ready to step in for containment and restoration makes a real difference. This is staff augmentation — not forensics, not investigation.
Ethos Technology & Cybersecurity was founded on a simple premise: most small businesses don't need enterprise security software — they need a knowledgeable practitioner to walk through their environment, find the real risks, and tell them what to fix first. Cybersecurity is the primary focus. IT infrastructure work — Active Directory, network design, Windows hardening, M365 configuration — exists to support it.
We focus on clarity, structure, and practical improvement — not tools, hype, or overpromising. Twelve years of systems administration across Windows, macOS, and Linux — combined with five years of hands-on incident response traveling onsite to remediate breached environments — means every assessment and every deployment is shaped by real operational and security experience, not theory.
We serve businesses in Sioux City, Iowa and the surrounding region, with remote and travel engagements available nationally.
Strengthen your environment before it becomes a problem. Start with a free 30-minute discovery call — no pressure, no sales pitch.