Basic Membership
Affordable, Practical Cybersecurity Support
Compliance-as-a-Service
The HOZHO Membership is designed to make cybersecurity and compliance support accessible without large upfront costs, complex contracts, or long implementation delays. Our model is built around a Compliance-as-a-Service approach, which means your organization can begin improving its cybersecurity posture immediately while HOZHO helps guide, prioritize, and implement improvements over time.
Start Immediately - No Large Upfront Cost
Many organizations delay cybersecurity improvements because traditional consulting models require large upfront assessments, long projects, and expensive retainers. HOZHO Membership is different.
With the HOZHO Membership:
There is no large upfront consulting fee
You can start immediately
You receive ongoing cybersecurity guidance, tools, and support
Improvements are made over time in a structured, manageable way
The HOZHO CaaS model allows organizations to start improving their cybersecurity and compliance posture right away, rather than waiting for a large budget or a major project.
-
The HOZHO Membership operates as a Compliance-as-a-Service and Cybersecurity Program Support model. Instead of delivering a single report and walking away, HOZHO works with your organization over time to help build, improve, and maintain your cybersecurity program.
This includes support in areas such as:
Cybersecurity governance and leadership guidance
Policy and procedure development
Remediation guidance and improvement planning
Reporting and progress tracking for leadership
Risk identification and prioritization
Security awareness and phishing training
Technical monitoring and protection tools
The goal is not just to "check a box, " but to help organizations build sustainable cybersecurity practices that support long-term operations, insurance requirements, compliance expectations, and community trust.
-
Once your organization enrolls in a HOZHO Membership, you will receive access to the HOZHO Cyber Hub, which serves as your central resource center.
The Cyber Hub includes:
Cybersecurity training and awareness content
Policy templates and governance resources
Guides and checklists
Cybersecurity program development materials
Community updates and alerts
Educational content for leadership and staff
Downloadable resources and tools
This allows your organization to begin learning, improving, and implementing better cybersecurity practices immediately.
-
After enrollment, a HOZHO vCISO (Virtual Chief Information Security Officer) will guide your organization through the onboarding process.
The onboarding process typically includes:
Completing the Cyber Risk Baseline Assessment
Helping your organization understand which policies, training, and technical controls should come first
Identifying initial priority areas
Recommending next steps and a practical roadmap
Reviewing your current cybersecurity practices
Understanding your organization's structure and operations
This process is designed to be practical and supportive, not overwhelming. The goal is to meet organizations where they are and help them move forward step-by-step.
Basic Membership Overview
Insurance-Related Areas Supported by This Plan
The Basic Membership helps organizations establish and maintain practices related to:
✅ Backup practices
✅ Basic security documentation and procedures
✅ Cyber risk assessments
✅ Cybersecurity policies and governance
✅ External exposure monitoring
✅ Incident response planning
✅ Multi-factor authentication (MFA)
✅ Phishing simulations
✅ Security awareness training
✅ Vendor and third-party risk awareness
Insurability Solution for non-profits, local and tribal governments, SMBs
The HOZHO Basic Membership is a monthly cybersecurity subscription designed to help organizations build and maintain cybersecurity practices across people, processes, and technology - without the cost of building a full internal security program.
This membership includes a set of baked-in cybersecurity services and resources that help organizations establish foundational security practices, reduce cyber risk, and demonstrate due diligence.
One of the biggest value drivers of the Basic Membership is cybersecurity insurance readiness.
Today, cyber insurance providers require organizations to demonstrate that they have security policies, procedures, and technical safeguards in place in order to qualify for - and maintain - coverage. Many organizations struggle with this because they do not have a dedicated cybersecurity team or compliance program.
The HOZHO Basic Membership helps organizations work toward insurability by guiding them through the implementation of required administrative, technical, and operational safeguards that are commonly required by cyber insurance carriers.
These are the types of controls that insurers often look for when underwriting or renewing cyber liability policies.
The HOZHO Basic Membership is a strong fit for:
➡️ Nonprofits
➡️ Organizations with limited internal IT or cybersecurity staff
➡️Small businesses
➡️Teams that need affordable protection and practical guidance
➡️Tribal departments and community organizations
Many organizations know cybersecurity matters, but struggle to know where to begin, what to prioritize, or how to build momentum. The Basic Membership helps close that gap with accessible tools, support, and guidance.
Benefits included with the plan
Get More
Need More Coverage? Add-Ons Are Available.
For organizations that need additional support, add-on services are available and can be bundled with your membership. These add-ons expand your cybersecurity coverage and provide deeper support in areas such as risk assessments, policy development, advanced training, and technical security services.
Add-ons allow organizations to scale their cybersecurity program over time while keeping the monthly membership affordable and predictable.
Email remains one of the most common ways attackers reach organizations. The HOZHO Basic Membership includes email protection capabilities designed to help reduce exposure to malicious emails, suspicious links, spam, and other common threats. For many smaller organizations, email is the front door to the business. It is where staff communicate, receive invoices, share documents, and manage daily operations. That makes it one of the most important places to strengthen protection.
Email protection helps support:
✓ Detection of Suspicious or Malicious Email Activity
✓ Reduced Risk of phishing-based compromise
✓ Better protection for staff and organizational communications
✓ Improved confidence in day-to-day email use
The Cyber Risk Baseline Assessment helps your organization understand where it stands today so you can make smarter decisions tomorrow.This assessment provides a practical starting point to identify common gaps across governance, user awareness, technology safeguards, and day-to-day cyber hygiene. Rather than overwhelming your organization with technical jargon, it helps highlight where your basic cybersecurity posture may be weak and where improvement can be prioritized first.
This is especially valuable for organizations that:
✓ Are unsure where their biggest risks are
✓ Have never completed a formal cyber review
✓ Need a starting point for leadership discussions
✓ Want a more informed path toward stronger security
Stolen usernames and passwords are often shared or sold on the dark web through data breaches, data dumps, and malware logs. These compromised credentials are one of the most common ways attackers gain access to email accounts, cloud systems, and business applications without being detected.
HOZHO Cybersecurity provides dark web monitoring powered by Guardz, which scans known breach data, dark web sources, and credential leak databases for compromised credentials associated with your organization's domain.
If compromised credentials are discovered, they are flagged as high-severity risks, allowing your organization to take immediate action such as resetting passwords, enabling multi-factor authentication (MFA), and securing affected accounts before they are used in an attack.
Dark web monitoring helps organizations identify hidden credential exposure risks and reduce the likelihood of account takeover, ransomware, and business email compromise.
This monitoring includes scanning sources such as:
Dark web marketplaces and leak sites
Data breach dumps and credential lists
Paste sites and public leak repositories
Malware bot logs and exposed credential databases
Public web sources and breach reporting databases
Monitoring begins once a domain is enrolled and includes scanning for credential exposures associated with your organization's domain, including historical breach data.
This membership is a good fit for organizations that want to:
Know if employee credentials have been exposed in data breaches
Reduce account takeover and business email compromise risk
Improve password security and MFA adoption
Support cyber insurance requirements
Monitor for hidden cyber risks
Take proactive steps to reduce risk
Start building a cybersecurity program
Included Licenses
✓ Dark web monitoring is included in the Basic Membership
Phishing emails, social engineering, and credential theft remain the most common entry points for cyber incidents and are becoming harder to detect.
Virtual CISO lead cybersecurity awareness training and simulated phishing programs programs from HOZHO Cybersecurity help organizations reduce this risk through employee awareness and on-going reinforcement.
This membership is a good fit for organizations that want to:
Access Foundational policy resources
Gain visibility into exposures
Improve staff awareness
Reduce email and phishing risk
Start building a cybersecurity program
Included Licenses
✓ 3 license seats are included in the Basic Membership at no charge
✓ Additional licenses are available for purchase as an add-on
Many organizations do not realize that cyber attackers often look at what is exposed from the outside before attempting an attack. Misconfigured websites, exposed login portals, outdated software, and publicly visible information can provide attackers with an easy entry point.
HOZHO Cybersecurity helps organizations monitor their external domain footprint to identify potential exposures that could be discovered by attackers. This includes reviewing publicly visible systems, domains, and internet-facing services that may present cybersecurity risk.
External domain monitoring helps organizations gain visibility into what attackers can see and take steps to reduce exposure before it becomes a security incident.
This membership is a good fit for organizations that want to:
Gain visibility into external exposures
Identify publicly visible risks
Reduce likelihood of external attacks
Support cyber insurance requirements
Understand their external security footprint
Take proactive steps to reduce risk
Start building a cybersecurity program
Included Licenses
✓ 1 external domain monitoring is included in the Basic Membership
✓ Domain scan results are reviewed as part of the Cyber Risk Review
Cybersecurity awareness is not built through one training session alone. Phishing simulations help organizations create a stronger culture of awareness by safely testing how staff respond to suspicious messages and social engineering attempts.These simulations provide practical learning opportunities that make cybersecurity more real, more relevant, and more memorable. They can help teams move from simply hearing about phishing to recognizing it in context.
Phishing simulations help:
✓ Build a stronger culture of caution and reporting
✓ Identify areas where staff may need more support
✓ Reduce human risk through real-world examples
✓ Reinforce security awareness over time
Included Licenses
✓ 3 license seats are included in the Basic Membership at no charge
✓ Additional licenses are available for purchase as an add-on
Many organizations know they need cybersecurity policies, but do not have the time or internal expertise to draft them from scratch. The HOZHO Basic Membership includes access to policy templates that help organizations begin building a stronger governance foundation. These templates help support consistency, accountability, and clearer expectations around cybersecurity practices. They are designed to give organizations a starting point for establishing structure and communicating responsibilities.
Policy templates can help organizations with:
Creating a stronger foundation for future policy development
Defining security expectations
Improving governance maturity
Supporting internal accountability
Included Licenses
✓ 10 policy template licenses are included in this plan.
Get More
Need More Coverage? Add-Ons Are Available.
✅ Access Control Policy
✅ Asset Management Policy
✅ Backup and Recovery Policy
✅ Cybersecurity Training and Awareness Policy
✅ Data Classification Policy
✅ Mobile Device Security Policy
✅ Password and Authentication Policy
✅ Patch and Vulnerability Management Policy
✅ Physcial Security Policy
✅ Remote Access Policy
Policies included with this plan
Get Started with Basic Membership
The HOZHO Basic Membership is designed for small teams, nonprofits, tribal organizations, and K–12 schools that need meaningful cybersecurity support without the cost of a full internal security department.
This membership helps organizations take practical steps to reduce risk, improve awareness, and strengthen their cybersecurity foundation through affordable, recurring support.
Includes:
✅ Cyber Risk Baseline Assessment
✅ Email Protection
✅ External Footprint Monitoring
✅ Phishing Simulations
✅ Policy Templates
Professional Services Add-Ons
While memberships provide the foundation of cybersecurity protection, some organizations require additional services to address specific risks, compliance requirements, or training needs.HOZHO offers professional cybersecurity services that can be added to any membership tier.
Many cybersecurity solutions are built for larger organizations with bigger budgets, larger teams, and dedicated security staff. The HOZHO Basic Membership is different. It is designed for organizations that need practical, affordable, and manageable cybersecurity support. It helps establish a stronger foundation without requiring a full-time cybersecurity executive or a large internal team. This membership is a good fit for organizations that want to:
Access Foundational policy resources
Gain visibility into exposures
Improve staff awareness
Reduce email and phishing risk
Start building a cybersecurity program