Top 5 tips to prevent a data breach: A recap of our recent panel

In March RCS Professional Services was privileged to host a panel of cybersecurity experts for a virtual event. The experts provided valuable insights into how to prevent a data breach for your small business. The panel included:

Christian Scott with Gotham Security. Gotham security is a boutique cybersecurity firm based out of Manhattan. What they do primarily is penetration testing and social engineering- by stimulating real malicious-actors. They try to create teachable experiences for organizations to improve their security posture in a practical and pragmatic manner. 

Jeff Severino with Lockton Affinity LLC. Lockton Affinity is a part of Lockton Companies, the world’s largest privately held, independent insurance broker. Jeff’s role is to lead the successful development and growth of their program and association business. Together, Lockton Affinity’s goal is to create market-leading insurance programs, help their clients achieve their business objectives and ultimately make their businesses better.

Richard Landau with M20 Associates. They help their clients gain an edge over their competition. Whether it be risk mitigation or helping uncover growth opportunities through strategic, tactical and operational solutions developed and utilized by the U.S Department of Defense. 

These experts explained the top five ways to protect your SMB from becoming a target.

Implement good security controls

1. Enforce multi-factor authentication everywhere! Have staff use a password manager so they do not reuse passwords or use weak passwords. Tell staff to not put real answers to secret questions and to put those answers in their password manager. Also, most password managers have breach deception to tell you if an account or password is featured in a darknet credential dump. Lastly, if you have Office365, turn on impossible travel blocking that prevents logins that are far away from real staff locations.

2. Beyond having email security controls in place like phishing email blocking, malicious link/ attachment scanning. Perform regular end user security awareness training -- 1 or 2 hours of training a year for one person can save on tens of thousands for a breach. Have a process in place for staff to validate IT, customers and vendors. 

3. Invest more in endpoint security, i.e workstations and servers, and move towards a zero-trust model of not trusting any network. This includes workstation encryption at rest to protect devices that get lost or stolen. Endpoint threat detection software that goes beyond anti-virus; device management software to enforce security patches and disabling NetBios/LLMNR on Windows systems and enforcing SMB signing on Windows systems. 

Kick the tires on your security program

4. Have a third party cybersecurity vendor to perform penetration testing and social engineering at least once a year. This will emulate a real malicious actor with the intent of breaking into the company. This will challenge your assumptions, ITs assumptions and ensure you understand your company’s real attack surface and security posture

Track and improve your security posture

5. Document your security controls, document your risks, have a reasonable plan to improve your security posture, have a plan for responding to security threats and alerts. 


To view the webinar click here. If you would like to join our next webinar about sustaining your company’s culture click here.

If you want to learn more about how RCS Professional Services can help you prevent a future data breach, contact us at or visit our website To connect with any of the panelists and learn more about their services, please also reach out here:


Popular posts from this blog

Microsoft is Raising Prices for the First Time In a Long Time: Here’s Why

Microsoft is raising the price of its Office 365 and Microsoft 365 services for the first time in a decade. This new pricing reflects the improved value they’ve provided over the last decade. Let's look at some of the breakthroughs they've made in three major areas over the last decade: communications and collaboration, security and compliance, and AI and automation, as well as the addition of audio conferencing capabilities.

Client Interview: Sammy Esquenazi

Many businesses are using this time to re-evaluate their business needs and consider their costs and objectives. For some, that means pivoting their business strategy in the wake of the COVID-19 pandemic. One such company is Josmo Shoes; an international wholesaler for men’s and women’s footwear. Josmo’s actions mirror that of millions of companies around the world who have also taken action to revise their IT strategy to fit the needs of their new business model and infrastructure.