Welcome sequence copy, paste into MailerLite automations

Four sequences, one per lead-magnet source (hipaa, law-firms, cmmc, nonprofits). Each is four emails: immediate delivery, Day 3, Day 7, Day 14. Every email ends with the opt-out line per [[feedback_can_spam_opt_out_line]].


HIPAA (medical/dental)

Email 1 (immediate), Subject: Your HIPAA Security Risk Analysis checklist

Hi there,

Here’s the checklist: [LINK]

Twelve items, three categories. Score yourself honestly, most practices can prove five or six of the twelve. The gap is exactly where OCR investigations and ransomware find you.

If you want a second pair of eyes on your score, just reply to this email.

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 2 (Day 3), Subject: The part of HIPAA your EHR vendor won’t tell you

Hi there,

Quick follow-up on the checklist. The most common gap we see in LA practices isn’t technical, it’s administrative: no designated security officer, no signed Business Associate Agreements with vendors who touch patient data.

That’s a five-minute fix that closes real exposure. If you want help finding your specific gaps, a 30-minute risk review is free and no-obligation: [LINK TO CONTACT PAGE]

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 3 (Day 7), Subject: What a real Security Risk Analysis actually costs

Hi there,

A lot of practices assume a proper SRA is a five-figure enterprise engagement. It isn’t, for a practice your size it’s a fixed-fee package that also doubles as your MIPS attestation evidence.

Happy to send a straight quote if you tell me your practice size and number of locations. No pressure either way.

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 4 (Day 14), Subject: Closing the loop

Hi there,

Last note from me on this, don’t want to clutter your inbox. If the HIPAA checklist surfaced something worth a conversation, I’m here: [LINK TO CONTACT PAGE]. If not, no worries, keep the checklist for next year’s review.

Best, Eric

Reply STOP if you’d rather not hear from us again.


Law firms

Email 1 (immediate), Subject: Your confidentiality checklist

Hi there,

Here’s the checklist: [LINK]

Rule 1.1 tech competence and Section 6068(e) confidentiality apply whether or not your firm has a dedicated IT department. Twelve items across client data handling, communication security, and vendor risk.

If anything on there raises a question, just reply.

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 2 (Day 3), Subject: The gap we see most in boutique and mid-size firms

Hi there,

The most common finding isn’t dramatic, it’s that client files move between a document management system, email, and a third-party e-discovery vendor without anyone mapping where the exposure actually sits.

A 30-minute risk review maps it for your firm specifically, free, no obligation: [LINK TO CONTACT PAGE]

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 3 (Day 7), Subject: What this actually costs for a firm your size

Hi there,

A practical confidentiality review is priced for a boutique or mid-size firm, not enterprise consulting rates. Tell me roughly how many attorneys and how many offices, and I’ll send a straight number.

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 4 (Day 14), Subject: Closing the loop

Hi there,

Last note on this one. If the checklist surfaced something worth a conversation, I’m here: [LINK TO CONTACT PAGE]. Otherwise, hang onto it, it’s useful reference either way.

Best, Eric

Reply STOP if you’d rather not hear from us again.


CMMC (defense subs)

Email 1 (immediate), Subject: Your CMMC readiness checklist

Hi there,

Here’s the checklist: [LINK]

AS9100 and ITAR registration are strong, but neither one covers NIST 800-171, which is what CMMC Level 2 actually assesses. Twelve items across your SSP, technical controls, and incident response.

Reply if anything surfaces a question.

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 2 (Day 3), Subject: The SPRS score question we always ask first

Hi there,

Most shops we talk to haven’t checked their SPRS score in over a year, or don’t have one at all. That’s usually the fastest signal of where a shop actually stands. Happy to walk through it on a free 30-minute call: [LINK TO CONTACT PAGE]

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 3 (Day 7), Subject: What a real CMMC gap assessment costs

Hi there,

Priced for a shop your size, not enterprise defense-contractor rates, and it produces an actual SSP and POA&M you can hand a prime. Tell me your headcount and I’ll send a straight number.

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 4 (Day 14), Subject: Closing the loop

Hi there,

Last note on this one. If the checklist raised something worth a conversation: [LINK TO CONTACT PAGE]. Otherwise, hang onto it for your next prime audit.

Best, Eric

Reply STOP if you’d rather not hear from us again.


Nonprofits (Mission Shield)

Email 1 (immediate), Subject: Your free Cyber Health Check is next

Hi there,

Thanks for reaching out. Here’s what happens next: reply to this email with a good time for a 30-minute intake call, and we’ll put together your Cyber Health Scorecard across six areas, website, email, accounts, backups, data handling, and payments.

No cost, no obligation. This is the same review we did for the Achievement Initiative Foundation.

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 2 (Day 3), Subject: What most nonprofits get wrong first

Hi there,

The most common gap we see isn’t technical sophistication, it’s shared logins and no MFA on the accounts that matter most: email, donation platform, and website admin. That’s usually a free or near-free fix.

Still happy to get your scorecard started: [LINK TO CONTACT PAGE]

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 3 (Day 7), Subject: How to pay for this without touching your operating budget

Hi there,

A lot of what we recommend can be funded through TechSoup, Google for Nonprofits, or written directly into a grant budget. We know the catalog and can help you word the ask. Security doesn’t have to compete with your program budget.

Best, Eric

Reply STOP if you’d rather not hear from us again.

Email 4 (Day 14), Subject: Closing the loop

Hi there,

Last note on this one. The offer stands whenever you’re ready, no expiration: [LINK TO CONTACT PAGE]. Protecting the mission includes protecting the data behind it.

Best, Eric

Reply STOP if you’d rather not hear from us again.