Tips from Cyber Security Industry expert: Raven Cyber Security
Aug 22, 2025
Back in May, we engaged with Byron Collie of Raven Cyber Security & Risk Solutions. Byron’s security expertise is so sought-after that he was asked to come testify before Congress. While I had a list of complaints I wanted him to address with Capitol Hill, the purpose of his invitation was to educate our legislators on why a data security bill is critical to the federal infrastructure.
I traveled with my kids to New York City a few weeks ago and had the pleasure of having dinner with Byron and his beautiful wife, Danielle – who is a sea lion trainer at the Bronx Zoo, and my original connection with Byron. We had a hilarious time trading stories, and after a few drinks, Bryon agreed to sit down for an interview, and to share some of his security wisdom – the same wisdom sought by Congress! – with my subscribers. SO, you’re welcome.
From left: Melissa Nelson (nearly a PhD in Applied Behavior Analysis, unrelated but noteworthy), Danielle Hessel, Byron Collie, me
Housekeeping
No August tax deadlines, but if you filed an extension, you should be getting busy! If your extension was for an S-Corp or a LLP (Partnership), your deadline is Sept 15th and your tax pro will need all of your documentation submitted likely WEEKS ahead of that date so they can actually prepare it. If you’re in North Carolina, the IRS has granted you a hurricane relief deadline of October 15th.
Sole Prop, LLC, and C-Corp extensions are due Oct 15th. Don’t snooze on this, be kind to your tax pros!
Big Business Security Measures for All
Our subscriber list is currently comprised of owners and employees of small businesses. Most of you likely either have an outsourced or part time IT person, or, like me, no IT support at all. Byron shared that JP Morgan spends roughly half a BILLION dollars on cyber security every year. While no one reading this newsletter *currently* has those resources (but I’m manifesting this for all of us), Byron has generously shared these 5 actionable tips that will tighten up and lock down your cyber security, and they’re financially accessible to businesses of all sizes.
1. Fortify Your Human Firewall: Ongoing Security Awareness Training
Your employees are your first and last line of defense.
Most cyber attacks, especially ransomware and business email compromise, begin with a human error like clicking a malicious link.
Action:
Implement mandatory, recurring training that teaches employees how to spot and report phishing emails, smishing (SMS phishing), and suspicious requests. Make it a part of your company culture to question unexpected emails, especially those asking for money transfers, password changes, or personal information.
(You can even create a cybersecurity Slack channel or group chat of phishing attempts, and incentivize employees for detecting them.)
Big companies typically conduct multiple mandatory security trainings every year, and this can be scaled down to reviewing your security policies out loud quarterly. If you’re starting from square one, that might mean creating and sharing a policy that doesn’t exist yet. Here is a link to FREE downloadable training materials that can also help you shape your Phishing policies.
2. Implement Strong Access Controls: Password Managers & Multi-Factor Authentication (MFA)
Stolen or weak passwords are the most common way attackers gain unauthorized access. A single compromised password can give an attacker the keys to your entire business.
Action:
A) Mandate the use of a company-approved password manager. This allows employees to generate and store unique, complex passwords for every single service.
*IQBK currently crushes this one! We use 1Password to store all login credentials and document passwords. It’s cheap (<$250/year) and has great reviews. #notsponsored
B) Enable Multi-Factor Authentication (MFA) on every critical account that offers it. This includes email (Google Workspace/Microsoft 365), banking, payroll, and cloud storage.
3. Create a Safety Net: Reliable & Tested Data Backups
If you are hit with ransomware, a hardware failure, or a natural disaster, having reliable backups is the only thing that can guarantee your ability to recover and continue operating without paying a ransom.
Action:
Implement the 3-2-1 backup strategy. Keep at least 3 copies of your data, on 2 different types of media (e.g., an external hard drive and the cloud), with at least 1 copy located off-site. Crucially, you must test your backups regularly (at least quarterly) to ensure they work.
Cloud Backup Services: Backblaze for Business, Carbonite for Business
This one is a goal for us. I love the idea of a hackers coming to me for ransom one day and politely telling them, “you can fuck ALL the way off, I have a backup!”
4. Maintain Digital Hygiene: Patching and Updates
Cybercriminals actively exploit known vulnerabilities in outdated software. Software updates don’t just add new features; they often contain critical security patches that close these security holes.
Action:
Create a simple policy to ensure all software and systems are kept up to date. Enable automatic updates wherever possible for operating systems, web browsers, and core business applications. Remove any software your business no longer uses.
Patch My PC is a free application that will scan your applications and “patch” (cool new industry term I learned) the vulnerabilities in outdated versions of the app.
Alternatively, you can simply enable “auto-updates” – a great option for Mac users.
This was an eye-opener for me personally. I had no anti-virus on my phone, which is just a tiny computer. And while you may have anti-virus software on all of your computers, the applications running on your computer can be susceptible if they aren’t constantly updated.
Apparently, Adobe used to be a primary mode of attack. Hackers would write malware on a PDF and the Adobe application was a point of entry. Security updates have since closed that vulnerability, but only if you’ve updated your Adobe!
5. Secure Your Supply Chain: Vet Your Third-Party Vendors
Your company’s security is only as good as the security of your partners. A breach at your payroll provider, accounting firm, or cloud service provider can directly lead to a breach of your company and customer data.
Action:
Before signing a contract with any third-party vendor that will handle your sensitive data, ask basic security questions. You don’t need to be an expert, but you should understand their security posture.
[FTC – Federal Trade Commission] Vendor Security: An excellent, plain-language guide on what to ask your vendors and what to include in your contracts. (https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/vendor-security)
(To view this video, visit our newsletter on Substack!)
For this one, I’ll let you listen to exactly what Byron said about his security assessment of IQBK as his bookkeeping partners.
If any of your vendors doesn’t offer a secure communication channel and instead asks you to openly email or text sensitive information like social security numbers, bank account numbers, or credit card info for payments, buyer beware. This could indicate a total lack of security with their internal processes – and your own security (and bank accounts) could go up in flames when they’re attacked.
There you have it: 5 ways to tighten up cyber security for your small business. If you’re left with follow up questions, keep reading!
IQBK Client Highlight
Raven’s Cyber Security & Risk Solutions
Byron Collie is CEO & Co-Founder of Raven Cybersecurity & Risk Solutions LLC in New York. He is also a Partner with Next Peak, a boutique cybersecurity, risk management, and resilience management consulting firm. He is an award winning cybersecurity leader with over 30 years’ experience in both the private and government sectors. Byron was previously Global Head of Resiliency Risk at JPMorgan Chase for 4 years, and before that, spent over 16 years at Goldman Sachs as a Technology Fellow and Global Head of Cybersecurity and Information Risk in Operational Risk.
Byron’s a big deal, guys! His Australian accent makes him a delight to chat with and his generosity with his expertise makes him an incredibly valuable friend to have. In fact, he’s offered to answer any follow up questions! Please send any follow up questions you have about this newsletter content to me at info@iqbookkeeping.info and I’ll report back in next month’s newsletter with all your questions and Byron’s answer for each.
If you’d like to learn more about Byron, check out his:
NetPeak bio.
Thanks for reading!
If you enjoyed this, please tap the heart or drop a comment. Positive reinforcement is so effective and I always want more of it.
If you want to discuss bookkeeping questions, hop on my calendar for a no-cost discovery call, I’d love to chat.
And finally, if you know someone who might enjoy reading this, please feel free to forward and spread the love.
Leave a Reply