The SQ Risk Blog
Where cybersecurity, governance, and risk meet practical advice.
Explore insights, practical guidance, and expert perspectives on cybersecurity, governance, compliance, risk, and third‑party risk management. The SQ Risk Blog brings SMB‑focused, right‑sized advice to help you strengthen your programs and make informed decisions.
- Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 10
Small Business Cyber Hygiene Series: Part 10: Build a Security‑First Culture Introduction Cybersecurity isn’t just about tools — it’s about people. Even the best technology can’t protect a business if employees don’t know what to do, don’t feel comfortable asking questions, or don’t understand the risks. A security‑first culture doesn’t… Read more: Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 10 - Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 9
Small Business Cyber Hygiene Series: Part 9: Recover Quickly (Getting Back to Normal) Introduction A cyber incident doesn’t have to shut your business down. With the right preparation and a calm, structured recovery process, you can restore systems, recover data, and return to normal operations quickly and safely. Recovery is… Read more: Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 9 - Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 8
Small Business Cyber Hygiene Series: Part 8: Respond Effectively (What To Do When Something Goes Wrong) Introduction Even with strong protections and good habits, things can still go wrong. Someone clicks a suspicious link. A device starts acting strangely. An account shows a login from another country. These moments are… Read more: Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 8 - Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 7
Small Business Cyber Hygiene Series: Part 7: Monitor for Trouble (Detection Basics) Introduction Even with solid protections, nothing is completely secure. Threats change, people make mistakes, and attackers are always probing for weaknesses. Whether you’re running a small business or managing your personal digital life, monitoring helps you spot suspicious… Read more: Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 7 - Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 6
Small Business Cyber Hygiene Series: Part 6: Defend Your Inbox (Phishing & Email Security) Introduction Email is the front door to your business and your digital life. Attackers know it. Most cyberattacks begin with a phishing email designed to trick someone into clicking a link, opening an attachment, or giving… Read more: Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 6 - Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 5
Small Business Cyber Hygiene Series: Part 5: Back Up What Matters (The 3‑2‑1 Rule) Introduction Every business has data it can’t afford to lose, and the same is true for individuals. Customer records, financial documents, contracts, emails, and the files you rely on every day all need protection. Yet many… Read more: Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 5 - Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 4
Small Business Cyber Hygiene Series: Part 4: Secure Your Devices: Updates, Antivirus, and Hardening Introduction Your devices — laptops, desktops, tablets, and phones — are the backbone of your business, and for many individuals, they’re the center of daily life. They hold your email, documents, financial data, customer information, and… Read more: Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 4 - Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 3
Small Business Cyber‑Hygiene Series: Part 3: Protect Access: Passwords, MFA, and Accounts Introduction Most cyberattacks don’t start with advanced hacking techniques. They start with everyday weaknesses: stolen passwords, reused logins, or accounts with too much access. Whether you’re running a small business or managing your own digital life, protecting access… Read more: Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 3 - Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 2
Small Business Cyber Hygiene Series: Part 2: Know What You Have (Identify) Introduction Cybersecurity starts with knowing what you have. Whether you’re running a small business or simply managing your own digital life, you can’t protect assets you’ve lost track of. Most risks come not from advanced attackers but from… Read more: Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 2 - Small Business Cyber Hygiene: A Practical Guide Based on NIST CSF Part 1
Small Business Cyber Hygiene is a practical, non technical guide designed to help small businesses and individuals build strong, everyday security habits. Based on the NIST Cybersecurity Framework (CSF) and supported by CIS Controls, FTC Safeguards, and CISA best practices, this series translates complex security concepts into simple, actionable steps. #CyberHygiene - Why Your CIO Should Not Also Be Your CISO
Why Your CIO Should Not Also Be Your CISO The case for separating technology leadership from security oversight Organizations today face unprecedented pressure to innovate quickly while also protecting their data, systems, and customers from increasingly sophisticated threats. Yet many companies — especially mid‑market and high‑growth firms — still combine… Read more: Why Your CIO Should Not Also Be Your CISO - Outstanding Risk Management Tasks and How SQ Risk Can Help
As the year draws to a close, it’s crucial for organizations to address outstanding risk management tasks to ensure a smooth transition into the new year. Have you postponed some risk management activities? Here are some key areas that may require attention: How SQ Risk Can Assist SQ Risk is… Read more: Outstanding Risk Management Tasks and How SQ Risk Can Help - SQ Risk Third-Party Risk Management as a Service
Third-Party Risk Management (TPRM) is a complex process that presents several challenges for organizations. Creating a comprehensive vendor risk management policy that is both effective and adaptable to the changing landscape of third-party relationships is a challenge that organizations must continuously address to safeguard their operations and data. Another difficulty… Read more: SQ Risk Third-Party Risk Management as a Service - Making Cyber Intelligence Actionable and Relevant
Making Cyber Intelligence Actionable and Relevant Cyber intelligence is a vital asset for any organization that wants to protect its data, systems, and assets from cyber and physical threats. Cyber-intelligence can also be useful to anticipate risk associated with critical third parties. Working with the right cyber-intelligence provider is the… Read more: Making Cyber Intelligence Actionable and Relevant - To outsource or not to outsource, that is the question
Wondering whether you should hire full time employees (FTEs) or outsource some of the work to vendors who offer managed programs? In this blog post, we explore the pros and cons. - Introducing SQ Risk’s BSA/AML Advisory Services
The intense regulatory obligations and scrutiny for financial institutions regarding the Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) rules, is greater than ever. At SQ Risk we recognize the importance of staying ahead of this growing scrutiny. - Benefits of a BIA outside of a BCP
A Business Impact Analysis (BIA) can also be useful outside of Business Continuity, as it can provide valuable insights into the strengths and weaknesses of an organization. - Cyber Hygiene and Security Awareness
Cyber Hygiene and Security Awareness In today’s digital world, no organization is safe from cyber threats. Hackers are constantly looking for ways to exploit vulnerabilities and steal data. They use different methods and techniques to launch their attacks, and they keep evolving their skills and tools. That’s why every institution… Read more: Cyber Hygiene and Security Awareness - Social Engineering the Golfer?
Scams can come from anywhere. Ever been phished by a golf ball? You have to apply security awareness practices, even on the golf course. - SQ Risk presented Putting the Management in Business Continuity
SQ Risk presented Putting the Management in Business Continuity Tuesday, June 9, 2020, SQ Risk, Managing Partner Larry Augustine presented “Putting the “Management” in Business Continuity”. The webinar session was part of an educational series sponsored by Specialized Data Systems for the National Consumer Reporting Association. The SQ Risk… Read more: SQ Risk presented Putting the Management in Business Continuity - Healthy Conflict and Equal Footing
Healthy Conflict and Equal Footing A business associate and friend of mine actively encourages what he calls “healthy conflict” within the leadership of his small business. Admittedly, he isn’t great at managing when that conflict becomes unhealthy, but I think his goal is still very valid. A business may not… Read more: Healthy Conflict and Equal Footing - An ounce of prevention…
I reflected today on Benjamin Franklin’s quote, and even now, it couldn’t be truer; “An ounce of prevention is worth a pound of cure”. Looking back at 2017 and 2018 we saw the barrage of breaches continue. We also see that cybersecurity threats such as malware, ransomware, and crypto mining… Read more: An ounce of prevention… - SQ Risk Moderates TPRM Fireside Chat
Thursday, October 18, 2018 SQ Risk, Managing Partner Larry Augustine moderated a Fireside Chat to discuss Third-party Risk Management. Jerry Thompson, SVP & Chief Revenue Officer at Intersections and Eric Olson, SVP Product at LookingGlass Cyber Solutions participated. The session was held in the morning on the second day of… Read more: SQ Risk Moderates TPRM Fireside Chat - SQ Risk Presented the Why, What, and How of TPRM
Thursday, September 27, 2018 SQ Risk, Managing Partner Larry Augustine presented “The Why, What, and How of Third-Party Risk Management”. The session was part of the LookingGlass Cyber Solutions Third-Party Risk Management Symposium held at the historic Kimpton Hotel Monaco in Washington, DC. The SQ Risk Third-Party Risk Management (“TPRM”)… Read more: SQ Risk Presented the Why, What, and How of TPRM