An honest, non-salesy look at using AI and the Model Context Protocol for compliance work. The real pros, the real cons, and why a human still has to hold the pen.
Category: SMB Cybersecurity
Fear Is the Mind-Killer: What Dune Teaches About the First Hour of a Breach
Frank Herbert’s Dune says fear is the mind-killer, and that is the truest thing ever written about incident response. In the first hour of a breach, a rehearsed one-page plan beats a clever improvisation.
What Severance Gets Right About Least Privilege
Severance makes walled-off access look like a nightmare. In security it is one of our best protections: give every account only what it needs, so one bad click cannot light up your whole company.
The Security Questionnaire Is Your New Sales Rep
More small businesses are handed a customer’s security review as a condition of winning a contract. Treat it as a sales opportunity, not a hurdle: the vendor who answers fast and honestly keeps the deal.
The Email That Looks Like It Came From You
Spoofing lets criminals send email that appears to come from your own domain, with no breach required. Here is how SPF, DKIM, and DMARC stop it, and why getting it wrong now also lands your own invoices in spam.
The Phishing Tell They Taught You Is Dead
For twenty years we taught people to catch phishing by spotting bad grammar. Generative AI writes clean, personalized lures, so that tell is dead. The real defense is a verification habit and a no-blame reporting culture.
Your Website Is Talking to Attackers Behind Your Back
Your public website and email domain broadcast a surprising amount about how to attack you, and automated scanners find the easy targets first. Here is what is visible to anyone, and the cheap fixes you can make this afternoon.
What Your Cyber Insurance Application Is Really Asking
A client slid the form across the table with the look of a man who had been defeated by a PDF. It was his cyber insurance renewal application, and it had grown from one page last year to eleven this year. “I do not even understand half of these questions,” he said. “Can you just […]
The Password Talk You Need to Have With Your Team
Every engagement reaches a moment where I have to give the password talk. I can usually tell it is coming because someone, trying to be helpful, mentions the spreadsheet. The one with all the logins in it. Or the sticky note under the keyboard. Or the fact that the whole office uses the same password […]
The $48,000 Email: How Wire Fraud Actually Happens
The email looked exactly right. Same signature, same tone, same slightly impatient way the CEO always asked for things. It told the controller to wire $48,000 to a new vendor account by end of day, and to keep it quiet because it was tied to an acquisition. She wired it. The CEO had never sent […]