This information came from a session during the 2025 ELEVATE conference and expo. Don’t miss ELEVATE in Tampa, Florida, on Nov. 8-11, 2026.
Did you know that for businesses with fewer than 500 employees, the average cost of a data breach is over $3 million? Additionally, 60% of small businesses fold within six months of a cyberattack.
Failing to prepare for cyberattacks puts your company at risk in a number of ways. From business disruptions caused by being locked out of billing systems to the loss of customer trust when client data is stolen, this is a threat to take seriously. Your business can face financial fraud, legal liability, and decreased access to capital and insurance if you fail to take cybersecurity into account.
Cybersecurity is no longer an optional feature for businesses. It is a core part of protecting your organization, your team and your clients. Shane Jarrett, chief information & technology officer for Mariani Premier Group, and Clinton Smith, vice president of information security for Mariani Premier Group, share simple ways to improve your overall cybersecurity.
Device Security
One overlooked area that can be easily hacked is Internet of Things (IoT) devices. This includes irrigation controllers, landscape lighting, gates, intercoms, smart outlets, robotic mowers, outdoor cameras, pool, spa and water features.
Hacked irrigation systems can result in wasted water and high utility bills, while manipulated landscape lighting or access systems create safety and liability risks. Hackers can also use IoT devices as an entry point to attack your business network.
You need to treat your smart systems like computers. Secure them with the same discipline you would your business network.
Utilize strong, unique passwords and multi-factor authentication to limit access to these devices. You can also limit exposure by restricting access to essential users and disabling any unused features. Another option is to put IoT devices on a guest or dedicated network.
Keep firmware and apps up to date by applying patches that address bugs.
Phishing Readiness
Phishing is the number one method for launching cyberattacks. It often comes in the form of fake payments or payroll change requests, vendor or client account takeovers, phony login pages, text scams and real-looking emails that steal money or access to platforms.
Hackers rely on this route because they are able to focus on manipulating people through social engineering. Train your team regularly on the signs to look for that indicate a phishing attempt.
Establish practices on how vendors and clients will share sensitive information so your team can quickly spot something out of the norm. Document and practice incident response procedures so you can react quickly if a phishing attempt is successful. Defend your email with authentication tools such as DomainKeys Identified Mail, Domain Message Authentication Reporting and Sender Policy Framework.
Ransomware Preparedness
Ransomware attacks can be debilitating for your business by locking you out of job schedules, billing or customer systems. The downtime and your recovery can be costly, especially because hackers can threaten your data and then exploit each client.
In 2024, the average cost of a ransomware attack was $5.13 million, which is a 574% increase from $761,106 in 2019.
Put isolated backups in place and test them regularly so you know you can return to work quickly. Also, conduct ransomware drills with your executives so they know exactly how to respond. Strong endpoint protection and unique, encrypted credentials protect access to your systems.
Also, don’t overlook the importance of investing in cyber insurance coverage.
Third-Party Risk Management
Even if you have your own house in order, your security is only as strong as your vendors, which is why it is critical to verify, contract and continuously check.
Vendor weaknesses can expose your clients’ data, and non-compliant vendors can break your PCI compliance. Suppliers with weak security increase vendor email compromise risk.
You can assess your vendors by requesting SOC 2, ISO 27001 or equivalent certifications. Make a point to include security and incident-response terms in your contracts. Reassess your vendors on a regular basis and review their security policies and escalation plans.
Artificial Intelligence
While many businesses are exploring how to incorporate artificial intelligence into their businesses, there are cybersecurity risks to be mindful of. This includes data leaks, model attacks, privacy gaps, IP loss and regulatory risks.
Because sensitive information can be leaked when using public AI tools, define for your team what data can and can’t go into AI tools. To avoid manipulated or poisoned AI outputs, only use trusted AI, preferably enterprise or private AI environments. Also, validate AI results before acting on them.
To guard against client or employee data being revealed or proprietary designs being lost, train your staff on how to safely and responsibly use AI in their work.
Track laws, vendor practices, and emerging risks as new AI use and disclosure laws are enacted. Having set company policies keeps you in control and prevents AI from damaging trust, privacy and profits.
Cybersecurity doesn’t have to be daunting. Following simple, consistent actions forms a strong defense.
For more content like this, be sure to register for next year’s ELEVATE in Tampa, Florida, on Nov. 8-11.
