Modern Security: How to Avoid Being One Click From Disaster

Strategy & Operations
Written By Sarah Cargill

This week I asked a small business owner, “What are some ways that you maintain security and confidentiality of client information?”

They responded saying something similar to, “I have cyber security insurance. No one has access to my email. All accounts are password protected. Not sure what else is require.”

Oof.

Friends, not sharing your password or email accounts is advice from 1996.

And similar to health insurance, we want to take every measure to secure our businesses so that we never have to use our cyber security insurance. Relying solely on insurance often comes at a steep cost, potentially putting businesses under, if not financially, then reputationally.

Most of our contact information, bank accounts, health records, deeds, estate plans, business registration, and more are sitting in digital form. Without simple precautions, many businesses may be putting digital data at risk, which opens up employees, partners, and clients to identity theft, financial loss, loss of intellectual property (IP), privacy breaches, and more.

The storyline from the recent Mission: Impossible The Final Reckoning about an artificial intelligence (AI) hacking and compromising multiple, worldwide systems is cinematically and wildly dramatic, but not technically that absurd.

Following the United States (US) attacks on Iran this weekend, The Department of Homeland Security (DHS) released a bulletin warning of a higher risk of cyber attacks

Perhaps you’ve noticed an increase in scam text messages, emails, or calls pretending to be hiring managers, credit bureaus, or even the Department of Motor Vehicles (DMV)? We have.

Today, we live in a world where cyber attacks are a method of modern war — for which many of us are opening the front door to invite in. 

We’re also living in an AI boom where many of us are excited to tinker with a technology that can wow us with efficiency, creativity, and information — unknowingly giving our digital lives away. 

As Meredith Whittaker, President of Signal, shared at SXSW this year that Agentic AI is permeating our credit cards, calendars, friend chats, data, operating systems (OS), and more to perform a simple task such as booking a concert to attend with friends — a fun task that may have consequences cyber security is not keeping up with.

In fact, even the technically educated and skilled are still at risk. Earlier this year a story broke about a Disney worker who used a seemingly helpful AI tool that hacked Disney, cost his job, and stole his identity.

I would venture to say most individuals and businesses aren’t prepared.

I’ve seen small businesses sharing simple, one-word passwords used across multiple business-critical applications over texts and emails with their colleagues. 

I’ve heard of large-scale vendors responding to requests for proposals (RFPs) saying that they aren’t Health Insurance Portability and Accountability Act (HIPAA) compliant.

I’ve known large corporations to locate their entire data warehouses in geographical zones prone to natural disasters, making it one incident away from a 7-month shutdown of business critical operations.

Most without planning and precautions won’t know that their digital access points have been compromised until it’s — too late.

Here’s the thing though: Most of cyber security isn’t a fancy technology. 

It’s you.

Many years ago at a giant retailer, we ran a cyber security and hacking training. The core tenants of this training were about teaching frontline employees about common threats and situational awareness.

Here’s an adaptation of the key takeaways for 2025 that you can action as an individual, small business, or large corporation:

Individuals

  • Use a password manager such as 1Password or Dashlane to create unique, long, complex passwords.

  • Set up two-factor authentication with an app like Authy for all of your accounts.

  • Use strong, unique answers for security questions.

  • Connect to a VPN and use a private search engine to search the internet with IDX or DuckDuckGo.

  • Leverage a secure app like Signal to engage your friends, neighbors, and teammates in texts.

  • Store your digital files in an encrypted cloud storage that prioritizes security like Proton Drive.

  • Use an identity theft protection service like IDX to monitor data breaches and privacy.

  • Freeze your credit when not seeking a credit card or loan.

  • Run regular updates to your software and OS.

  • Back up important data regularly.

  • Be wary of public Wi-Fi and charging outlets to avoid “juice hacking.”

  • Be mindful of who has visibility of your computer screen and earshot of your conversation.

  • Don’t click on links or files in emails or text messages from unknown sources, strange email addresses, or emails with errors.

  • Don’t give out two-factor authentication codes, email addresses, phone numbers, or any other personally identifiable information (PII) to unverified requesters.

  • Don’t scan QR codes in public or on unknown packages.

  • Shred sensitive documents.

  • Don’t share PII on social media.

  • Monitor financial accounts regularly.

Small Businesses

  • Use a password manager to share and revoke access to shared company passwords.

  • Ensure that all employees have to set up two-factor authentication with their business accounts.

  • Invest in AI tools for the business with enterprise level security such as Gemini for Google Workspace or Google Agentspace.

  • Establish data and AI policies that define the appropriate use of tools for business.

  • Define an incident response plan.

  • Invest in cyber security insurance.

  • Deeply vet the security practices of third party vendors who may have access to your data and systems.

  • Regularly back up all business data.

  • Conduct regular security audits to assess vulnerabilities.

  • Define permissions levels across your business, implementing least privilege access.

  • Provide ongoing security and awareness training.

  • Secure your physical premises.

  • Close conference room blinds and erase whiteboards after use to avoid unwanted eyes on sensitive business information.

Large Corporations

  • Establish a dedicated cyber security team led by a Chief Information Security Officer (CISO).

  • Implement a comprehensive cybersecurity framework to create a structure approach to manage risk.

  • Develop robust end-to-end security programs for business-critical operations such as supply chain.

  • Invest in security information and event management (SIEM) systems to monitor and analyze security logs for real-time detection across your entire information technology (IT) environment.

  • Segment your network into isolated segments that prevent attackers from accessing entire networks.

  • Consider endpoint detection and response (EDR) solutions to detect and respond to threats quickly.

  • Implement data loss prevention (DLP) solutions to protect sensitive information from intentional or unintentional loss.

  • Utilize deception technologies or honeypots to detect and deter hackers into controlled environments (yes, it sounds very Mission: Impossible).

  • Conduct regular penetration testing with ethical hackers to assess vulnerabilities for a breach.

  • Conduct regular training on individual and business security practices to foster a culture of security.

  • Regularly review and update security policies.

As we noted in the Q2 2025 Trend Report, cybersecurity isn’t just a nice to have, it’s a differentiator for consumer trust, engagement, and retention. Investments into these tools, policies, training, and practices can make or break your business.

Sarah Cargill
Previous

From the Lecture Hall: The Consulting Mindset for Project Success
Next

Bridging the Divide: Building Cohesion in Blended Teams