Core service

Security Assessment

A thorough, plain-language review of your business's security posture — what you have, what's missing, and exactly what to do next. No technical background required to understand the results.

What it is

A full picture of your risk — clearly explained.

Most small businesses don't know what they don't know when it comes to security. The First Canary Security Assessment gives you a structured, expert review of your digital environment and translates what we find into language you can actually act on.

We look at the areas that matter most for businesses your size: how your team handles email, where your data lives, how your network is set up, and whether your basic security practices are in place.

We diagnose — you decide what to fix. Our job is to give you a clear, honest picture of your risks and the options available to you. We don't provide ongoing security services or fix issues on your behalf. That keeps us objective, and keeps you in control.

Sample Report — Risk Summary Acme Dental · April 2025
High
Staff email accounts not using two-factor authentication
Next step: Enable 2FA in your email admin settings (15 min)
High
Patient data backup stored on same network as workstations
Next step: Move backups off-site or to isolated cloud storage
Medium
Website contact form transmitting data without encryption
Next step: Ask your web host to install an SSL certificate (free)
Medium
No formal offboarding process when staff leave
Next step: Create a checklist — revoke accounts within 24 hours
Low
No written password policy for staff
Next step: We can draft one for you as an add-on
What's included

Everything we review.

  • Email security — Authentication setup (SPF, DKIM, DMARC), 2FA enrollment, admin access controls
  • Network & devices — Router configuration, Wi-Fi security, remote access setup, device inventory
  • Data handling — Where sensitive data lives, how it's backed up, who has access
  • Access management — User accounts, shared credentials, offboarding practices
  • Software & updates — Operating system and application patch status, end-of-life software
  • Web presence basics — SSL certificate, public-facing services, domain security
  • Staff practices — Password hygiene, phishing awareness, shadow IT
  • Prioritized risk report — Every finding rated High / Medium / Low with a plain-English explanation and a concrete next step
  • Report walkthrough — A follow-up call to review findings and answer your questions
What's not included

Where we stop.

Being clear about scope keeps us objective and keeps your costs predictable.

  • Fixing or remediating any identified issues
  • Ongoing security monitoring or management
  • Technical vulnerability scanning (available as a separate service)
  • Legal or regulatory compliance certification
  • Penetration testing or active exploitation
Renewal options

Your risk surface changes as your business grows and technology evolves. We offer quarterly and annual re-assessments so you always have a current picture — without committing to an ongoing contract.

The process

What to expect.

Most assessments are complete start to finish in under two weeks.

01

Intake questionnaire

You complete a short questionnaire about your business — industry, staff size, tools you use, and your biggest concerns. No technical knowledge needed.

02

Working session

We meet for 90–120 minutes to review your answers together, ask follow-up questions, and make sure we have a complete picture before we begin the assessment.

03

Assessment

We conduct the review remotely, examining your email, network, devices, data practices, and more. We may request read-only access to specific systems.

04

Report & walkthrough

You receive your written report, followed by a call to walk through every finding, answer your questions, and discuss which next steps to prioritize.

Often paired with

Add-on services.

These services complement the Security Assessment and are available as add-ons at the time of engagement.

Vulnerability Scan

Automated scanning of up to 10 assets to surface known CVEs and outdated software your assessment may flag.

Learn more →

Attack Surface Assessment

A deeper look at your web presence — scanning for OWASP vulnerabilities and public-facing misconfigurations.

Learn more →

Security Policy Writing

We turn assessment findings into a written policy your staff can actually follow — passwords, data, devices, and more.

Learn more →
Pricing

Simple, transparent pricing.

No hidden fees. No ongoing commitment unless you choose one. Exact pricing confirmed on your initial call based on business size and scope.

Starter
$497
one-time
  • Up to 5 staff members
  • Intake questionnaire + working session
  • Full risk report with next steps
  • Report walkthrough call
Most popular
Standard
$797
one-time
  • Up to 15 staff members
  • Intake questionnaire + working session
  • Full risk report with next steps
  • Report walkthrough call
  • Executive summary (1-page)
Growth
$1,197
one-time
  • Up to 50 staff members
  • Intake questionnaire + working session
  • Full risk report with next steps
  • Report walkthrough call
  • Executive summary (1-page)
  • Priority re-assessment discount (20%)

Re-assessment pricing: Quarterly re-assessments are available at 25% off the original price. Annual re-assessments at 15% off. Pricing is locked in at the tier of your first engagement.

Ready to see where you stand?

Get started with a Security Assessment — one-time, no ongoing commitment required.

Get your assessment →