I am offering a free cyber risk assessment for non-profit, 501c3 organizations, as well as small businesses and small government agencies (under $5m revenue or budget). Even more than other small businesses, non-profits are at particular risk from cyber attacks due to the limited funding they can devote to protecting themselves, and as a result, they are ignored by most security product and services vendors.

Rather than focusing on technical terms, frameworks or controls, this assessment is intended for board members and other leaders of the organization, to provide a quick overview of whether the organization is exposed to risk from the most common types of attacks in the news, and what they can do to protect themselves against them.

The assessment will not take long, cost anything or involve technical questionnaires or jargon – it is simply a conversation that would be held over the phone taking an hour or less. The information is then compiled into a brief report summarizing potential risks and actions that the organization may want to consider. The focus is on practical recommendations to reduce cyber risks, not expensive technologies or controls that most non-profits cannot afford.

If interested, email me at with your name, organization and contact info.