Eddie Lopez

I run an MSP protecting small businesses across Southern California. Here are my top 5 cybersecurity basics that you're probably missing in your small businesses: 1️⃣ Running McAfee or Norton antivirus Antivirus hasn't been enough since 2018. Threats today move laterally across your network in minutes. You need endpoint detection and response software that detects and responds to threats in real time, not after the damage is done. And if you're still running McAfee or Norton, even Windows Defender has gotten better. Do not use any of these free antivirus solutions. 2️⃣ Shared logins across the entire office "Everyone knows the password" is not a security policy. One disgruntled employee or one phished credential, and every account tied to that login is compromised. Unique logins. No exceptions. And if you're in the medical industry, you're breaking HIPAA because you don't know who is accessing what. 3️⃣ No offsite backups Your files all live on a single computer, or you use a single program to run your entire operation. A single ransomware attack or hardware failure wipes everything. If your backup isn't off-site and automated, it doesn't count. And if you think you're safe because you have a copy of your data, when was the last time you actually ran a test to see if you could restart your business from that copy? An untested backup is still nothing. 4️⃣ Email domains with zero authentication Lacking SPF, DKIM, and DMARC means anyone can impersonate your company via email. Clients risk being phished, and your business reputation takes the blow. "Oh, I have Google email to handle that." When was the last time a vendor or client said they didn't receive an email from you? Or are they just ending up in the spam folder? 5️⃣ "The office tech person" as the entire IT department Your most tech-savvy employee is not the entire IT department. They don't have monitoring. They don't have incident response. And when they quit, everything they knew walks out the door with them. There is a reason it's an entire department, one issue, and you're left with starting back up again. — Let me know which of these hits closest to home for your business, and I'll let you know how we can help you. #Cybersecurity #SmallBusiness #McAfee #WindowsDefender #HIPAA #Ransomware #EmailSecurity #MSP #ITSupport #DataBackup

2

2 Comments

AI-driven cyberattacks are becoming one of the biggest threats facing small and medium-sized businesses today. That’s why we’re proud to have Jordan Smith, VP at CMIT Solutions, speaking at the 4th Annual Excellerate Central Oregon Business Forum on September 11 at the Riverhouse Convention Center. Jordan will share insights on how AI is changing the cybersecurity landscape and most importantly, how business leaders can defend against evolving threats. The Excellerate Forum brings together top business leaders from across Central Oregon for a morning of learning, networking, and strategies to thrive in the years ahead. 📅 Thursday, September 11 | 6:30 – 10 AM PDT 📍 Riverhouse Convention Center | Bend, OR 👉 Register here: [https://lnkd.in/guPrQmnv]

5

Cybersecurity is no longer optional for Ventura County businesses. From phishing emails and ransomware attacks to weak passwords and outdated systems, cyber threats are becoming more common across Ventura, Oxnard, Thousand Oaks, and Camarillo. Many small and mid-sized businesses assume they’re too small to be targeted — but in reality, they’re often the most vulnerable. A single cyber incident can disrupt operations, expose sensitive customer data, and create serious compliance risks under California privacy laws like CCPA and CPRA. That’s why we created a practical Cybersecurity Guide specifically for Ventura County businesses. Inside the guide, you’ll learn: • Common cyber threats affecting local businesses • Email and cloud security best practices • Data backup and ransomware protection strategies • California cybersecurity and data privacy considerations • Long-term cybersecurity planning for business resilience Strong cybersecurity is not just about protection — it’s about business continuity, trust, and long-term growth. Read the full guide here: https://lnkd.in/gHRusXY3 Have questions or need reliable IT support? Get in touch today through the link in our bio. 877-707-TECC info@securetecc.com securetecc.com Proudly based in Ventura County, serving Santa Paula, Ventura, Oxnard, Camarillo, Thousand Oaks, Santa Barbara, Fillmore, Hollywood, Beverly Hills, Pasadena, and Burbank. #Cybersecurity #VenturaCounty #ManagedITServices #BusinessCybersecurity #ITSupport #OxnardBusiness #ThousandOaksBusiness #SecureTECCSolutions #CaliforniaBusiness

2

Ventura County Deputy CIO and CyberEdBoard member Gary Gooden, BSc., MBA, CISM, ZTSX-I shares why strong problem statements and effective storytelling are critical to gaining stakeholder buy-in, strengthening identity and access management, and building resilient, modern infrastructure. Watch this Profiles in Leadership conversation from the Gartner IAM Summit to hear how consistent delivery, clear communication, and trust drive real transformation across public-sector ecosystems. Watch the full interview: https://lnkd.in/dy53PBHq #CyberEdBoard #Leadership #IdentityManagement #CyberResilience #PublicSectorIT #CIO #DigitalTransformation #IAM

5

Most boardroom conversations about cybersecurity happen after something goes wrong. What if they started with clear visibility into risk? That’s the case Dan Schuyler, VLCM’s Director of Consulting Services, makes in his feature with Utah Business. A cybersecurity risk assessment gives leadership the data to guide budgets, strategy, and confidence in the decisions that matter most. Read on at: https://lnkd.in/g5kjDexh

14

🌟 Last Night at Technology Association of Oregon Fintech: Demystifying SOC Audits 🌟 We were proud to have Dana Lawrence represent Themis at the Technology Association of Oregon’s Demystifying SOC Audits event—an energizing session that brought together Oregon’s tech, fintech, and audit communities to break down one of the industry’s most misunderstood topics. A huge thank you to our panelists for sharing practical insights, myth-busting stories, and real-world lessons learned: ✅ Perkins & Co Lisa Zauner and Jake Johnson, CPA ✅ Shannon Smith, CISA, Founder of Yak Tech (named Accounting Today’s Top New Product of 2025) ✅ Dave Dyk, Information Security leader ✅ Tom Cook at LegitScript ✅ Additional local innovators and audit leaders who joined the discussion We also loved reconnecting with so many industry peers, customers and partners throughout the evening—nothing beats learning together as a community. 🔍 Quick Hits: What Are SOC Audits? ✅ An attestation, not a certification — auditors evaluate how well your controls operate; they don’t “certify” your company. ✅ SOC 2 ≠ security program — it evaluates the controls you define; it doesn’t replace a holistic security or compliance framework. ✅ SOC readiness takes time — the work happens before the audit, not during it. ✅ Controls must match reality — auditors verify what actually exists, not what’s aspirational. ✅ A SOC report builds trust — especially with enterprise customers, banking partners, and vendors. ⚠️ Common Misconceptions ✅ “SOC 2 is a one-and-done project.” → In reality, it requires ongoing monitoring and control maintenance. ✅ “If we buy a tool, we’re SOC-ready.” → Tools help, but governance and execution matter most. ✅ “SOC 2 covers all our risks.” → It only assesses the scope you define—risk management remains broader. If you’re looking to streamline how your teams work together, reduce operational friction, and build a stronger governance foundation, we’d love to talk. 📩 Connect with us at themis.com/contact.

59

8 Comments