Last winter, a nonprofit food pantry director in a town of about 6,000 people called me after what could have been a very bad week. Someone had impersonated her board chair in an email and asked the bookkeeper to transfer $4,200 to a new account. The bookkeeper, who works two jobs and answers emails between […]
Why Our K-12 Schools Sit on the Front Line of Cyber Crime
A few years ago, I sat across from a senior statewide school administrator, a man whose decisions shaped policy for K-12 schools across the Commonwealth, and explained, plainly, that schools are targets for cyber criminals. He would not have it. Schools, he told me, had nothing a criminal would want. No money to speak of, […]
Incident Response: How to Survive Ransomware
Incident response (IR): iAn organization’s structured approach to detecting, managing, and recovering from cybersecurity threats and data breaches aims to limit attack damage, minimize business disruption, and prevent future incidents. The owner of a family-run building supply company in a Kentucky town of about nine thousand got to the store a little before seven. She […]
A Virtual Security Chief (vCISO) You Can Actually Afford
What is a virtual vCISO is, and why it may be the smartest line item a small organization adds this year A few months ago, I sat across the table in the break room from the owner of a family-run manufacturing shop in central Kentucky. He had forty employees, a payroll system, a customer database, […]
MFA Prompt Bombing: What It Is, Why It Works, and How to Stop It
MFA prompt bombing is a growing threat, but multifactor authentication remains one of your best defenses. Here is what changed and what to do about it. In September 2022, a contractor working for Uber got a notification on his phone. Then another. Then another. Forty push notifications in thirty minutes, each one asking him to […]
IoT Security: The Device You Forgot Is the One That Gets You Hacked
Why do you need to worry about IoT security? Your office is full of computers you never think about, and that’s a problem. Yes, IoT security is a real thing. Last month, a county clerk in central Kentucky called our office with a problem. Her building’s HVAC system had been acting up for weeks, cycling […]






