Category
AI & TechnologyThe boring security basics just stopped being optional. Here is the plain-English plan, and an hour with me to walk you through it.
Save My Seat →Thursday, July 9, 2 PM ET. No charge, no pitch.
The problem: For a growing list of businesses, patching, second logins, and security scans just went from "should do" to "must do", and the first thing an auditor asks is whether you even know what is open on your machines. The hardest part is the not-knowing.
The solution: You do not have to figure it out alone. In a live Insider Session I will show you the open doors most business computers leave wide, and exactly what to fix first, in plain English.
In this article
For years, the dull security steps were things you were supposed to do. Patch your software. Turn on a second login. Scan for weak spots. Easy to put off, and most folks did. That free pass is closing.
Since last November, any company that does defense work falls under a federal rule called CMMC, and the certification is now mandatory. It is already showing up as a requirement to win contracts. Healthcare looks to be next: regulators have proposed making the same basics, encryption, a second login, and a vulnerability scan at least twice a year, mandatory for anyone who holds medical records. That one is a proposal, not law yet, but the direction could not be plainer.
Every one of these rules circles the same humble step: know what you have, and find what is open, before someone else does. And the timing is no accident in spirit. The same season the rule-makers started requiring the basics, an AI got so good at finding flaws in software that the government put it on the kind of leash we save for weapons. The holes it turns up are not exotic. Some sat open in trusted software for seventeen and twenty-seven years.
Let me be straight with you, because I will not sell you a story. No agency has said it wrote these rules because of any one AI. That is my read, not theirs. But when finding your open doors drops from a skilled crook's hard work to a machine's afternoon, "we'll get to it" stops being good enough.
You can't rewrite the rules, and you can't out-argue an auditor. But the thing they are all asking about, what is open on your machines, is squarely in your hands.
And do not assume a Mac sits this one out. Apple built macOS on the same BSD foundation where some of those decades-old holes were found, so "Macs don't get hacked" was always a myth. Windows or Mac, every machine is full of programs nobody patches, and Windows Update only ever covers Microsoft's own software. The PDF reader, the accounting add-on, the old app you forgot you had, those quietly go unpatched, and every one is a door.
You started a business to serve your customers, not to become a compliance department. Feeling behind on this is normal, and it is not a personal failing.
I have spent fifty years watching how these attacks work. FBI InfraGard, zero ransomware on any client I have worked with. And it is almost always an app nobody updated. The good news is that seeing your open doors is simple once someone shows you how, and that part I made easy.
No guesswork. Here is exactly what happens, three steps.
Thursday, July 9, 2 PM ET. Send the email and you are in.
✅ No charge, and nothing to buy on the call.
✅ It is not a pitch-fest. You will leave with real steps whether or not you ever buy a thing.
✅ Plain English. No jargon, and no talking down to you.
✅ Come live if you can, that is where I answer your questions. Saved a seat but can't make it? I'll send you the replay.
✅ If your setup is in good shape, I will tell you so. No scare tactics.
✅ Straight talk. I will show you what is "open" and "at risk," never "guaranteed."
Two reasons. First, these rules are the canary. What is required for regulated work today tends to become the baseline everyone is judged by tomorrow, including your insurer. Second, the criminals do not check whether you are in scope before they knock. The open doors are the same on every business computer.
An hour now saves a scramble later. And if your machines are already in good shape, you will walk away knowing it.
You can't fix what you can't see, and you don't have to see it alone. Spend one hour with me, walk away knowing exactly what to close first, and get back to running your business instead of guessing.
Save My Seat →Thursday, July 9, 2 PM ET. No charge, no pitch.
Want this kind of plain-English security news every week? Sign up for Craig's Insider Notes at CraigPeterson.com.
Join thousands of security professionals who receive Craig Peterson's Insider Show Notes and cybersecurity updates.
Join 10,000+ cybersecurity professionals