720-891-1663

Mortgage Industry Cybersecurity
& Privacy Program

PROBLEM:
Cyber attacks are relentless and new cybersecurity and privacy regulations are being rolled out constantly. But you don't know where to start or what to do...or if you can afford the fix.

SOLUTION:
Our comprehensive, turnkey, AFFORDABLE cybersecurity and privacy program along with personalized, professional support will take the pain out of building a professional cybersecurity and privacy program for your mortgage company. This is the ONLY program of its kind. This program will help you comply with new privacy and cybersecurity laws and other regulations. When complete you will be awarded our Gold Level Cybersecurity Certification.

TACKLE YOUR CYBERSECURITY AND PRIVACY PROBLEMS

Most small and medium-sized mortage businesses (including mortage lenders, title companies and service companies) must have a formal, written cybersecurity program for legal, regulatory or customer requirements. Our program is a one-of-a-kind, turnkey, guaranteed package that is designed to reduce your workload while tackling your cybersecurity and privacy problems head-on. Engineered by cybersecurity, privacy, and mortgage professionals, this program will help your company build a cybersecurity and privacy program that is fully aligned with the NIST Cybersecurity Framework, the ISO 27001-2013, and applicable mortgage industry regulations.

This affordable program costs only $9,850.00 and offers the following benefits:

  • It's the ONLY turnkey program of its kind for any mortage industry business
  • Comprehensive cybersecurity and privacy program aligned with all major regulations and standards
  • Includes 20 hours of critical technical and business consulting support
  • Includes our Gold Level Mortgage Industry Cybersecurity Certification (MICC)
  • Payment made in two installments
  • Full money-back guarantee
NOTE: This $9850 price is for companies of 50 people or less, one physical location, and no internally developed software applications. For companies with 50-100 employees, the price is $11,550. For larger companies please contact us to determine if a price adjustment is required.

Part 1 - Cybersecurity Program

The DSP is the overarching document that you will use to guide the development and operation of your Information Security Program in accordance with industry best practices. (Delivery time: 30 days after you submit the cybersecurity questionnaire answers).

This spreadsheet serves as a management tool for your cybersecurity program. It has pre-formatted and populated tabs that support you as you collect and track the following information:

  • Quarterly and annual management reporting
  • IT hardware inventory
  • Application (software) inventory
  • IT controls checklist: This tool supports you or your IT support personnel as you track matters such as software updates, password management, data location, device configuration, access controls, etc.
  • Vendor data inventory (VDI): In preparation for developing the company's Vendor Cyber Risk Management Program, leadership must start collecting data about all vendors who touch or have access to your data. Our VDI facilitates and guides that process and makes it easy to collect data that will be necessary later
  • Incident report record

Delivery time: 30 days after you submit the cybersecurity questionnaire answers

Policies are the foundation of any cybersecurity program. In order to align with industry best practices, your company must deploy a minimum set of cybersecurity policies. The package which we supply includes 12 policies and 4 support documents. Our Mortgage Industry Cybersecurity Program typically includes the following policies, but we will first review your risk assessment and then adjust the policy package to best address your risk profile. (Additional policies are available for an additional charge).

POLICIES:
  • Cyber Risk Assessment Policy
  • Personnel Security Policy and Procedures
  • Security Awareness Training Policy
  • Data Backup Policy & Procedures
  • Data Retention Policy & Procedures
  • Patch Management Policy
  • Password Policy & Procedures
  • Vulnerability Management Policy and Procedures
  • Physical Security Policy and Procedures
  • Vendor Cyber Risk Management Policy
  • Incident Response Policy
  • Privacy Policy (for your company as opposed to your web site)
SUPPORT DOCUMENTS:
  • 0-1.v1 Message from CEO
  • 0-2.v1 How to Deploy These Policies
  • 0-3.v1 Helping Staff Comply with Cybersecurity
  • 0-4.v1 Policies and Procedures Change Management SOP

Delivery time: 7-14 days after you submit the cybersecurity questionnaire answers

This IRP is aligned with industry best practices and the Department of Homeland Security Cyber Risk Response requirements. It correctly address the following IR requirements:

  • IR Team Development, Management, and On-going Training
  • Assessment of and Decision on Information Security Events
  • IR IT Containment and Eradication Procedures
  • Crisis Communications
  • Recovery and Continuity Procedures
  • The IRP also includes 10 incident handling checklists and forms which are pre-populated with useful local contact information and resources. We've already done a bunch of the work for you!

Delivery time: 30 days after you submit the cybersecurity questionnaire answers

The single biggest cyber risk that any firm has is its people. Most of the time, it is human error that is the cause of cybersecurity incidents. While training is not a cure-all for these problems, training does reduce the number and seriousness of cybersecurity incidents.

Our Business Cybersecurity Program includes a one-year, Silver Level subscription to the KnowBe4 security awareness training platform for up to 50 of your employees. Additional staff can be added for an additional fee; please contact us for a quote. This includes full use of the KnowBe4 email phishing module and all training and support. This on-demand training program tracks employee completion of the required training modules and success or failure of each phishing exercise and other training. The system is very easy to use. (Delivery time: Annual KnowBe4 subscription starts within 7-14 days upon payment of the 50% deposit as described above).

Your Cybersecurity awareness training program also includes the following training:

ACCESS TO MITCH TANENBAUM'S NEWSLETTER AND CLIENT ALERTS--FOR YOU AND YOUR ENTIRE STAFF
Mitch's blog is recognized as one of the most informative and interesting cybersecurity newsletters in the country. New topics come out each week and Mitch always covers them in a non-technical way. Thousands of business people around the country depend on him to keep them informed and up-to-speed on cybersecurity. (Delivery time: Access to Mitch's blog starts within 7-14 days upon payment of your 50% deposit).

RANSOMWARE TRAINING
The FBI says that ransomware attacks against businesses were up 500% last year. You need to utilize the correct back-up procedures and your people must be trained to correctly respond. This on-demand, webinar training is both entertaining and informative and can be of value to all your staff and their families. (Delivery time: 7-14 days after you submit questionnaire answers).

PROTECT YOUR FAMILY MONEY TRAINING
Based on our very popular training program, this is also a very entertaining and informative webinar that provides information designed to help you, your family and your clients better protect their money during this golden age of cyber theft. (Delivery time: 7-14 days after you submit questionnaire answers).

TECHNOLOGY ENHANCEMENT AND DIGITAL ANONYMITY TRAINING
This training is delivered via an on-demand webinar and an associated Powerpoint. The training is a compilation of important tools and techniques businesses and individuals can use to reduce cyber risk. This information was originally compiled by the FBI Agent and Chief Security Officer Michael Mercer and is supplemented by the latest info we have from our other resources. This is an absolutely amazing and necessary tool for owners of businesses of all sizes. (Delivery time: 7-14 days after you submit questionnaire answers).

    Just a few topics covered include:
  • Smart phone security privacy settings
  • Making your browser safer
  • Reducing your "digital exhaust"
  • Blocking surveillance ads and invisible trackers
  • Controlling web bugs and beacons

COLORADO PROTECTIONS FOR CONSUMER PRIVACY LAW (H.B. 18-1128) TRAINING
This is an on-demand webinar training regarding this important new law for anyone doing business in Colorado. This webinar has been our most popular webinar for business leaders. (Delivery time: 7-14 days after you submit questionnaire answers).

THREAT INTELLIGENCE SERVICE
Access to our weekly newsletter that focuses on software patches, network vulnerability issues, legislative issues and more. (Delivery time: 7-14 days after you submit questionnaire answers).

EMPLOYEE CYBERSECURITY TRAINING ESSENTIALS FOR MANAGEMENT (PARTS 1 AND 2)
Security awareness training insights and tips for management by vCISO and mortgage industry expert Mitch Tanenbaum. (Delivery time: 7-14 days after you submit questionnaire answers).

We provide detailed instructions for encryption of both data-at-rest and data-in-motion for small firms using standard Microsoft and Mac products. (Delivery time: 7-14 days after you submit questionnaire answers).

We provide a small business cybersecurity technical checklist that your IT support person can use to harden your network and internal and external applications (software). As the business owner, you do not need to understand this, you just need to know that it has been done. (Delivery time: 7-14 days after you submit questionnaire answers).

After you have built your cybersecurity program, you need to consider cybersecurity insurance.

The cyber insurance policy is in addition to your general liability policy. The problem with cyber insurance policies is that they are "non-standard form" policies, which means that unlike your auto insurance or home insurance, cyber insurance policies vary widely in their coverage and limits. One of the services we offer to larger companies is to review their cyber insurance policy and make sure they have the coverage they think they have. Many times they don't. We provide you with a basic primer and checklist to help you buy the right insurance. We'll also give you recommendations for a couple of cybersecurity insurance brokers whom we know and trust. (Delivery time: 7-14 days after you submit questionnaire answers).

This is information was originally designed to help accountants introduce cybersecurity due diligence to clients wishing to purchase, sell or invest in companies, but we found that all company leaders could benefit from this info. This discussion alone is worth what you are paying for the whole course. (Delivery time: 7-14 days after you submit questionnaire answers).

Every small (and large) business must take advantage of this simple-to-implement and highly effective, proven solution that blocks malicious traffic automatically. We provide the explanation and simple instructions. (Delivery time: 7-14 days after you submit questionnaire answers). A corporate version with centralized management is also available through us as an option at additional cost.

For clients who host their web site(s) at Go-Daddy, we have a valuable, insider strategy for security for your web assets. (Delivery time: 7-14 days after you submit your questionnaire answers).

There is a critical shortage of cybersecurity personnel and those that are available are expensive.

For most businesses, it is impossible to justify the expense of full-time cybersecurity staff. Most companies don't even have the internal expertise to properly evaluate a candidate.

Our Mortgage Industry Cybersecurity Program provides you with 20 hours of personalized cybersecurity and or privacy support time that you can use whenever you need it. It does not expire. You can use our experienced cybersecurity and privacy experts to:

  • Work with your leadership to make sure they understand the problems and take necessary corrective actions
  • Ensure that the correct assessments and testing are accomplished
  • Help develop the security strategy
  • Work with your existing IT resources to implement a correctly prioritized security mitigation strategy, including policy development and security awareness training
  • Implement an effective vendor management program
  • Assess and screen cybersecurity personnel, processes, and technologies
  • Help you come to grips with any regulatory requirements
  • Help you implement your incident response plan
  • Our support program provides your company with a top-notch, hugely experienced cybersecurity resource. Our regular consulting charge is $325 per hour, therefore this equates to a $6,500 value all by itself.

NOTE: This support is available 9 am-5 pm MST, Monday-Friday (U.S. holidays excluded). See our Terms of Use for more information. (Delivery time: As requested by client).

Once you build your cybersecurity program, you want to use it as a competitive advantage over your competition. Upon successful implementation of all the activities above, we will award you with our Gold Level Mortgage Industry Cybersecurity Certification (MICC). To see what our certification looks like and understand how it works, please go to the CyberCecurity.com home page and click on the Platinum Level Cybersecurity Certification image at the bottom of the page.

Certification benefits include:
  • Attract and retain security-sensitive customers
  • Gain a competitive edge over security-disadvantaged competitors
  • Reduce risk and legal exposure
  • Increase insurability and possibly reduce cyber insurance premiums
  • Build a positive reputation with employees, clients, vendors, and regulators
  • Take the first step towards more advanced certifications
Part 2 - Privacy Program

You will be provided with a privacy questionnaire that you will fill out and return to us via encrypted email. We will provide simple instructions for how to do this. Once you return it, we will:

  • Review your questionnaire answers
  • Ask any additional questions via email or phone call
  • Provide our response and recommendations
  • Debrief your leadership via phone and answer any questions

This policy (policy # 12 above in your Cybersecurity Policy Package) describes your company's position and intentions regarding compliance with applicable privacy regulations. (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

This is a privacy-related policy that is part of your policy package as described in the Cybersecurity Policy package above.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

  • History of Privacy Laws--including GDPR, CCPA, and other state laws
  • Federal Privacy Laws--update on the status of federal laws
  • Colorado Protections for Consumer Data Privacy Act
  • California Consumer Privacy Act (CCPA)--in depth look at this law that is influencing both the federal and other state laws
  • List of other privacy laws (active and pending)
  • Additional privacy resources

 (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

Information that will bring you up to speed on this important directive.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

A non-technical training session on data mapping and how it relates to controlling non-public, private information.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

This sample website privacy policy is aligned with both the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

Sample website privacy language that is aligned with both GDPR and CCPA.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).

Detailed matrix of various state privacy laws and details.  (Delivery time: 7-14 days after you submit the privacy questionnaire answers).


Part 3 - Certification

Our MICC certification demonstrates that you have passed certain professional cybersecurity standards and are trying to meet your ethical and legal obligations to protect client privacy and company data.

Proudly display your MICC emblem and show your clients and the world that you are serious about cybersecurity.

Gold Level

With the purchase of the Mortgage Industry Cybersecurity & Privacy Program, you will receive a Gold Level Mortgage Industry Cybersecurity Certification assuming that you complete the program and are able to earn it. We stand behind this certification and take it seriously, so we are careful about certifying those who work to earn it. 

A Gold Level MICC demonstrates that your organization has built a professional cybersecurity program and is committed to improving and maintaining that program.

  • Attract and retain security-sensitive customers
  • Gain a competitive advantage over security-disadvantaged competitors
  • Reduce risk and legal exposure
  • Increase insurability and possibly reduce cyber insurance premiums
  • Build a positive reputation with employees, clients, vendors, and regulators
  • Our certification is a strong first step towards SOC 2, PCI, and HIPAA

ORDER TODAY FOR ONLY $9,850.00!

Delivery Time: All products and services except the twenty hours of support, and the Gold Level Certification will be delivered within 30 days of receipt of the initial cybersecurity and privacy assessments questionnaires from client.

Payment Terms: 50% ($4,925) due upon acceptance of Terms of Use  and 50% ($4,925) due upon delivery of all products and services except the twenty support hours and the Gold Level Certification.

GUARANTEE: 60-day money-back guarantee if you are not satisfied with our service or products. Our goal is 100% satisfied customers, all the time...but if there is a problem, we'll make it right or return your money...and you keep whatever products or services we have already provided you. See full details at https://www.cybercecurity.com/terms-of-use/


Questions?

Please contact:
Ray Hutchins
303-887-5864
rh@cybercecurity.com

"I don't know that much about cyber, but I do think that's the number one problem with mankind."

- WARREN BUFFET

Click HERE for More Details

CYBERCECURITY

Our Customers Are Seeing Big Results

MORTGAGE INDUSTRY CYBERSECURITY CERTIFICATION

CyberCecurity, LLC Partner and CISO Mitch Tanenbaum provides an insightful overview of our Mortgage Industry Cybersecurity Certification Program for small and medium sized mortgage industry companies. 

Order now