Ongoing Microsoft 365 security advisory for Austin law firms, CPA practices, and title companies. Plain-English guidance, cyber insurance readiness, and a named person to call, starting at $500/month.
Cyber insurance carriers, clients, and regulators are all raising the bar at the same time. Most firms under 40 people don't have an internal security resource. They don't need a full-time CISO either. They need something in between.
Carriers now require documented evidence of MFA, access controls, and security policies. Most small firms can't answer the questionnaire confidently because nobody is watching those controls.
Microsoft 365 is powerful, but most small firm environments were set up for convenience, not security. Misconfigured settings and stale access are the rule, not the exception.
Law firms, CPAs, and title companies face bar requirements, state data protection laws, and increasingly security-conscious clients asking questions you need to be able to answer.
Your IT vendor fixes tickets. But when a suspicious email lands or a staff member clicks something they shouldn't have, you need an advisor, not a help desk.
Not enterprise complexity. Not a generic checklist. A consistent advisory relationship focused on the things that actually matter for a professional services firm running Microsoft 365.
Regular review of your Conditional Access policies, MFA enforcement, admin accounts, Defender configuration, and sharing settings. In plain English.
A simple document showing where you stand, what changed, and what to prioritize next. Built to show your cyber insurance carrier, a client, or a partner.
Help answering renewal questionnaires, documenting your controls, and understanding what carriers are actually asking for before your renewal comes up.
When a client or partner sends a security questionnaire, you'll have someone to help you answer it accurately and confidently instead of guessing.
A named person to call when something feels off — phishing attempts, suspicious logins, staff security concerns. Triage and guidance, not a ticket queue.
Practical recommendations for staff — what to watch for, how to use M365's built-in training tools, and how to reduce your human risk layer without a dedicated program.
A clear path from finding your gaps to staying ahead of them, with regular visibility built in by default.
A 45–60 minute conversation. No system access required. We walk through your security posture, AI usage, backup, and access controls. Plain-English written findings within 48 hours. No commitment required.
Month one: we document where you stand and build a prioritized list of what to address first, in order of actual risk.
Every quarter: a review call, updated posture summary, and your next quarter priorities. You always know where you stand.
Between reviews: email and phone access for questions, incidents, insurance renewals, and anything that comes up between cycles.
You work directly with Jeremy Lowery, not a shared team or an automated reporting tool. Jeremy has 20 years across MSP, Microsoft, and security environments — including time as a Microsoft Customer Success Manager overseeing hundreds of M365 accounts across professional services firms.
He holds Microsoft certifications in cloud fundamentals, security, and Azure. His focus is exclusively on the firms and environments that match this service: professional services, Microsoft 365, under 40 people, Austin area.
No long-term contracts to start. Cancel with 30 days notice. Most clients start with a Security Assessment before choosing a tier.
All tiers include a one-hour M365 Security Assessment to start. Already a managed IT client? Ask about bundled pricing.
Honest about what fits and what doesn't. If you need something outside this scope, we'll tell you and point you in the right direction.
Firms that handle confidential client data, run Microsoft 365, and don't have a dedicated security resource on staff.
Bar association requirements, client confidentiality, and increasingly security-conscious opposing counsel and partners. We know what Austin law firms actually face.
Tax data, financial records, and client trust are all on the line. Cyber insurance carriers are asking harder questions at renewal. We help you answer them.
Wire fraud and social engineering are the primary threat vectors. Real estate transactions are high-value targets. We help you build the controls that actually matter.
Any Austin firm under 40 people that handles confidential client data on Microsoft 365 and wants consistent security without hiring a full-time resource.
No, and I'm upfront about that. I'm an IT security consultant with 20 years across MSP, Microsoft, and security environments — including direct advisory work at Microsoft across hundreds of M365 accounts. The advisory services I provide are appropriate for firms your size. If you need a formal CISO engagement, I'll tell you and point you toward someone who offers that.
Most IT companies fix things when they break. Security advisory is a different function — proactively reviewing your posture, preparing for insurance renewals, and having someone watching the strategic picture. Many clients use both. If your current provider already covers this, you probably don't need me.
45–60 minutes. No system access required. We walk through a structured set of questions covering M365 security, AI usage, backups, and access controls. You answer based on what you know about your environment. I identify the gaps, document the findings, and send you a plain-English written report within 48 hours. No obligation after that.
No long-term contract required to start. Monthly retainer, cancel with 30 days notice. Most clients start with the Security Assessment and a month-to-month Advisory retainer, then decide from there.
Partially. Managed IT clients already get security attention as part of their service. The advisory retainer is a separate, elevated layer for firms that want documented quarterly posture reviews, insurance support, and a formal advisory relationship on top of day-to-day IT. Ask about bundled pricing if you're an existing client.
Advisory and Partner tier clients have direct phone access to reach Jeremy when something happens. I'll help you triage the situation, understand what you're dealing with, and figure out your next steps. If the incident requires a formal incident response firm, I'll help you find one and brief them on your environment. You won't be navigating it alone.
One hour. No software install. A plain-English picture of where your Microsoft 365 environment actually stands and where your real risks are.
No commitment. No pitch. Just findings you can use.