Tag: Awareness Training

Cybersecurity Awareness Month: Why Protection Matters Every Month for Your Business

Posted on by Megan Haley

Cybersecurity Awareness Month is a great reminder of the risks businesses face, but the reality is that cyber threats do not disappear when October ends. From ransomware attacks to phishing attempts, organizations are under constant pressure to protect their data, systems, and reputation. 

That is why cybersecurity must be more than a once-a-year focus. It should be a core part of daily operations. With the right strategy and trusted partners, businesses can create lasting protection that scales as they grow. 

 

Why Cybersecurity Matters 

Business Continuity 

Even one breach can disrupt operations, halt productivity, and cost organizations millions. Preventing downtime is just as important as recovery. 

Compliance and Risk Management 

Industries such as healthcare and finance must meet strict standards, including HIPAA and other regulations. Strong cybersecurity policies reduce exposure to fines and reputational harm. 

Data Protection 

From patient records to client financials, sensitive information must be protected against theft and accidental loss. 

Safeguarding Reputation 

Clients and partners expect data privacy. A security incident damages not only finances but also trust in the brand. 

 

Building an Always-On Cybersecurity Strategy 

Managed Cybersecurity Services 

24/7 monitoring, advanced detection, and rapid response help stop threats before they escalate. 

Virtual CISO Services 

Executive-level guidance without the overhead of a full-time hire. A vCISO designs policies, conducts risk assessments, and ensures compliance. 

Cloud and Network Security 

From zero trust frameworks to endpoint protection and data encryption, layered defenses scale with business needs. 

Training and Awareness 

Technology is only part of the equation. Educating teams builds a culture of vigilance and resilience. 

Industry-Specific Expertise 

Different sectors face unique risks. We support organizations in senior living and healthcare, as well as professional services, tailoring cybersecurity strategies to their unique needs. 

 

Cybersecurity is Year-Round 

Cybersecurity Awareness Month is a valuable spotlight, but lasting security comes from consistent focus. Businesses that integrate proactive IT support, compliance practices, and security frameworks into their everyday operations can move forward with confidence. 

Working with the right partner ensures that defenses evolve as threats change, keeping your organization secure long after October ends. 

Should I Lease Multiple Domains for Cybersecurity?

Posted on by CT Team

Recently we hosted a webinar on Phishing & Whaling—How to Protect Yourself and Your Team. Melinda, one of our Solutions Executives, and Stormy, from our vCISO team, shared real-life examples and valuable insights to help educate business owners on the threats they face on a daily basis.

As Stormy explained examples of whaling attacks, one of our audience members posed an intriguing question: if cybercriminals are purchasing lookalike domains in order to phish you, would leasing multiple domains help prevent that?

Stormy’s answer? Both yes and no. Let’s get a little more context.

 

THE THREAT

One common scheme used in phishing attacks is domain spoofing, where a criminal leases a domain that is very similar to yours. For example, if your website is www.LawFirmABC.com, the attacker might lease www.LawFlrmABC.com, swapping the I for an L. Then he sets up an email address at that domain and sends an email to one of your team members posing as an employee. The swapped letter is easy to miss during a quick scan of an email that otherwise looks legitimate.

 

THE PROPOSED SOLUTION

Given that this scheme relies on the domains being fairly similar, the concept is that if you’re leasing multiple lookalike domains, you’ll keep them out of criminal hands and protect your organization against this type of attack.

In theory, yes, this could help. In fact, large companies like Google do this for this exact reason. When our own team uses domain spoofing during a social engineering campaign for a client, we turn any lookalike domains we leased over to the client’s control after the campaign ends. However, leasing multiple domains is not enough.

 

THE BETTER SOLUTION

In practice, this defense isn’t really practical; there are too many possible combinations to feasibly lease them all. Plus, it could lull your team into a false sense of security. The money you might spend leasing those domains would be better invested in cybersecurity awareness training for your employees. Staying alert and on guard at all times is vital to maintaining your organization’s security.

 

FIT Cybersecurity provides cybersecurity education and social engineering campaigns to organizations across all industries. If you’d like to test your company’s defenses or your team’s awareness of common cybercrime tactics, give us a call today at 888-683-6573 or contact us here.

Small Businesses: Does the CCPA Affect You?

Posted on by CT Team

The California Consumer Privacy Act (CCPA) went into effect January 1, 2020. This law deals with the right of consumers to know or even control how their personal information is used by organizations. For businesses that collect such information from consumers, this represents new burdens.

Do I Have to Comply with CCPA?

The CCPA comes with certain thresholds that may exclude some small or medium businesses from compliance requirements. What are these thresholds? You’re on the hook for compliance if you are:

  • Are a for-profit business operating in California
  • Collect personal information from consumers
  • Exceed one or more of the following:
    • Buy, receive, sell or share personal data from 50,000+ devices, consumers, or households
    • Have gross annual revenues of over $25 million
    • Sales of California residents’ personal data represents 50% or more of total annual revenue

I Don’t Meet the Thresholds, So Why Should I Worry About CCPA?

The CCPA is the most extensive privacy law ever passed in the US. Other states are taking a page from California’s book and are considering or have already passed similar legislation. Plus, the possibility of having different standards instituted across multiple states could result in the enactment of a privacy law at the federal level. So even if the CCPA does not currently affect you, it will eventually.

Looking at the legislative climate, given the CCPA and likelihood of more laws like it coming soon, it’s clear that there is an increasing recognition of the need for businesses to handle consumer data responsibly, for consumers to have the right to determine how that data can be used, and for businesses to protect consumer data against theft or loss.

What is “Reasonable Security”?

Part of the CCPA revolves around an organization’s responsibility to protect consumer data against theft or loss, like through a data breach. If a business fails to implement reasonable safety measures, resulting in a breach, they may be liable to pay penalties of $100-$750 per consumer per incident, or even higher. What would count as “easonable security” measures? The CCPA does not specify, but some legal experts refer to the state attorney general’s words in the California 2016 Data Breach Report:

“The 20 controls in the Center for Internet Security’s Critical Security Controls define a minimum level of information security that all organizations that collect or maintain personal information should meet. The failure to implement all the Controls that apply to an organization’s environment constitutes a lack of reasonable security.”

These CIS Controls are comprised of a set of 20 broad categories of action, each of which contains subcontrols in the form of specific tools and practices. These subcontrols vary based on the sensitivity of the data you’re protecting, the size of your organization, and the extent of your IT resources. Together, these controls form a defense strategy against breaches and cyberattacks.

We recommend that companies of all sizes take a look at the CIS Controls—especially if you’re at or near a threshold for CCPA compliance. At FIT Solutions, we use CIS Controls and other security frameworks, like NIST, to follow best cybersecurity practices for our clients. Contact us or call 888-339-5694 for help in strengthening your organization’s defenses.

Get in touch.

Fill out the form and our team will get
back to you as soon as we can!


  • 888-339-5694
  • 2635 Camino Del Rio South, Suite 306
    San Diego, CA 92108