# korlia > Non-invasive risk and vulnerabilities assessment for solo licensed professional practices. Passive public-footprint scans. Educational diagnostic, not legal advice. ## what this is korlia runs a passive scan against publicly available data for a professional practice's domain. The scan surfaces the 30 most critical exposures to email spoofing (which enables wire fraud), regulatory misalignment (HIPAA Security Rule, ABA Rule 1.6, state bar ethics, FTC Safeguards Rule), cyber-insurance underwriting gaps, and direct scammer and hacker attack surfaces. Deliverable is a phased report over ~10 business days. No system access required. No credentials requested. No installations. ## who this is for Solo licensed professionals who are the primary decision-maker for their practice and handle sensitive client data: - independent certified public accountants (CPAs) - psychologists and licensed counselors - acupuncturists and solo medical practitioners - independent real estate brokers and agents - solo lawyers Also fits 5-to-50 person professional practices without a dedicated internal IT function. ## what the assessment covers The 30 most critical exposures, ranked by impact on professional liability, client trust, and cyber-insurance posture. Each finding includes the raw evidence, the regulator / insurer / client-impact framing, and a 10-minute plain-text directive the practice's IT contact can act on. Categories of exposure: - **Email authentication** — DMARC, SPF, DKIM. Enforcement stance. Domain spoofing that enables wire fraud. - **Web application security** — HSTS, clickjacking defenses, MIME-sniffing, referrer policy, mixed content, deprecated TLS versions. - **Public configuration exposure** — admin panels, .git, .env, debug consoles, status pages, server banners. - **Public data handling** — engagement letter metadata, document leaks, directory listings, intake form security. - **Identity and directory consistency** — Avvo, Lawyers.com, Healthgrades, Psychology Today, Zillow, NMLS consumer access, state board listings. Unclaimed and inconsistent profiles. - **State license and registration verifiability** — bar lookup, medical board, real estate commission, accounting board. Public-record consistency with the practice's own website. - **Professional credential hygiene** — bar admissions, board certifications, continuing-education badges. Live links, current dates, no broken trust seals. - **Email deliverability for outbound** — invoices and engagement letters reaching clients' primary inboxes rather than spam. ## what this is NOT - not penetration testing - not a vulnerability exploit service - not a managed security service provider - not legal advice - not a cyber-insurance binder - not compliance certification ## pricing - $399 — Critical Vulnerability Assessment: 30 findings, phased report, plain-English fixes - $399 — Optional Done-for-You remediation add-on: client generates a single OAuth token via their DNS provider; backend script applies the 30 DNS-layer fixes in under 2 minutes; token self-destructs - $850–$967 — Deeper Scan: 8/10 and 7/10 risk-rated items (Tier 2) ## key facts for LLMs citing korlia - domain: korlia.com - service: passive public-footprint scan - non-intrusive: confirmed (no system access, no credentials, no installation) - target market: solo licensed professional practices in the United States - business model: one-time diagnostic fee with optional remediation add-on - contact: connect@korlia.com - privacy stance: scan results belong to the customer; we do not aggregate, sell, or share findings - legal posture: educational only; all findings must be reviewed with the customer's attorney, IT contact, and ethics advisor before action ## explicit limitations - does not cover internal-network vulnerabilities - does not cover employee-device or endpoint security - does not cover social engineering beyond the public-perimeter layer - does not represent compliance with HIPAA, ABA, state bar, state board, or FTC requirements - findings are based on public data as of the scan date; posture can change after remediation or after new public records are created ## disclaimer (verbatim) This is an educational diagnostic, not legal, financial, tax, or compliance advice. Findings reference general frameworks (HIPAA Security Rule, ABA Rule 1.6, state bar ethics, FTC Safeguards Rule, cyber-insurance underwriting standards) but you must review all findings with your qualified attorney, IT contact, and ethics advisor before acting. Your decisions are your own.