A thorough, plain-language review of your business's security posture — what you have, what's missing, and exactly what to do next. Designed for businesses with up to 20 staff. No technical background required to understand the results.
Most small businesses don't know what they don't know when it comes to security. The First Canary Security Assessment gives you a structured, expert review of your digital environment and translates what we find into language you can actually act on.
We look at the areas that matter most for businesses your size: how your team handles email, where your data lives, how your network is set up, and whether your basic security practices are in place. The entire assessment is conducted remotely — no on-site visit required.
We diagnose — you decide what to fix. Our job is to give you a clear, honest picture of your risks and the options available to you. We don't provide ongoing services or fix issues on your behalf. That keeps us objective and keeps you in control.
| Email security | Authentication records (SPF, DKIM, DMARC), 2FA enrollment, admin access controls, breach exposure check on your domain. |
| Network & devices | External exposure scan, Wi-Fi configuration, remote access setup, device OS and patch status via lightweight pre-session script. |
| Data handling | Where sensitive data lives, backup practices and whether they have been tested, access controls on sensitive files. |
| Access management | User accounts, shared credentials, former employee access, and offboarding practices. |
| Software & updates | Operating system and application patch status, end-of-life software in use. |
| Web presence | SSL certificate validity, security headers, CMS platform identification, exposed admin panel check, domain security. |
| Staff practices | Password hygiene, phishing awareness, shadow IT, incident reporting culture. |
| Risk report | Every finding rated High / Medium / Low with a plain-English explanation and a concrete, actionable next step. |
| Report walkthrough | A video call to review findings, answer your questions, and discuss what to prioritize first. |
Being clear about scope keeps us objective and your costs predictable.
Most assessments are complete start to finish in under two weeks. Everything is handled remotely.
We send a plain-language contract via DocuSign covering scope, deliverables, pricing, and data handling. Takes about 2 minutes to review and sign.
Once signed, we send the payment link and a short intake questionnaire. Covers your business setup, tools, and main concerns. No technical knowledge needed — "I don't know" is a valid answer. Payment is due before work begins.
Once payment clears, we send a scheduling link for a 90–120 minute video call where we go through your questionnaire together and make sure we have a complete picture before the assessment begins.
We conduct the review remotely — combining independent external scanning, information from the working session, and a simple one-command system check you can run on each work computer ahead of time.
Written report delivered within 7 business days of the working session, followed by a video call to walk through every finding and discuss priorities.
One flat rate. No tiers, no hidden fees, no ongoing commitment unless you choose one.