RLS Cybersecurity

01/07/2026

Are you using your cyber risk to drive your cybersecurity strategy? There's no room to experiment when attacks are on the line, I'll show you how:

In math, there's an equation called "Expected Value" that helps us measure the possible outcomes and impacts related to an 'event'.

For example, you can use it to measure the odds in a game to see if a bet makes sense.

It's also what goes into understanding our cyber risk, and in cybersecurity it's based on two key factors:

Likelihood

and

Impact

Likelihood is based on threats and the vulnerabilities or weaknesses in our environment.

Impact is based on how we use our tech and data and boils down to the CIA Triad of Cybersecurity which measures possible impacts from compromises of Confidentiality, Integrity, and Availability.

Next week on Tuesday, Jan 13 at 1pm ET, I'll teach you more about how easy this is to start to apply and how it can guide your decisions around priorities in your cyber strategy.

It's the full part of a series I'm running to help people create and follow a strategy month-by-month throughout 2026.

Check it out, grab our resources, and join me next week to learn more!
https://rlsconsulting.co/2026cyberstrategyprogram/

11/19/2025

There are a few things I wish people knew before they ever had a breach, it comes up all the time and can stall an investigation. Here's what you don't want to have happen to you:

We just helped a business that didn't have insurance and needed a quick investigation to understand what happened in a business email compromise and account takeover.

The problem is that they only just engaged us last week and the first sign of suspicious activity appeared two months ago.

Most logs for Microsoft only go back 30 days, some only 7 days.

This means we're not going to be able to see anything that happened in the environment that will tell us exactly how they got in or what they did past 30 days ago.

We've had to shift to recovery mode without a lot of answers about what went down, and no evidence to back up the assumptions we have.

If you look at the data around breaches, the average time to detect an attack is 180 days after it actually began.

So, if your logs only go back 1 month, it's not going to be nearly enough to be able to investigate it if it's anything like the average attack we see out there.

There are a couple things that you can do to avoid this if you ever have a breach of your own:

1) Don't hesitate to take action immediately after suspicious activity. Have your Incident Response Plan dialed in and know what to expect with your insurance process, and prepare to collect and preserve evidence as you work on getting that claim filed.

2) Look at ways to improve your log retention. It's going to depend on your license or other tools (like central logging or SIEM solutions) you have available to paint a picture of what's happening in your environment. There's a give and take here because keeping additional logs will use more storage.

If you've ever wondered why data security laws require specific practices around audit logs and log retention, now you know!

If you need help with this and want to make sure you're ready for things like this that often come up, shoot me a message and I'll do a free consultation to help you identify gaps in your strategy.

Stay safe out there!

09/29/2025

Get help with cyber awareness month - I have free resources you won't want to miss!
Get more info and free access at https://rlsconsulting.co/october/

08/21/2025

Win $100 by tricking people into clicking a phishing link!
Submit your phishing email > I'll run it in our simulations > the email with the most clicks wins

This is for anyone that wants to play along!

And, it's a great way to sharpen your ability to identify phishing threats in your inbox -> creating something takes your brain to a higher level of thinking that helps improve your ability to learn

It's also just fun! I enjoy writing these, so I figured others might as well😁

We need your email submitted by Sept 15 so we can run them in simulations this October (Cybersecurity Awareness Month)

During that time, we'll have free access to phishing simulations - so be sure to take advantage of that for your office as well!

We'll announce the winners in our Halloween Finale event where we're also going to be sharing Breach Horror Stories

Don't delay on this because I'm capping this to 50 submissions for now because these all have to be entered manually on my end.

I'm keeping some plans quiet until October gets a little closer
but I can promise that the earlier people sign up for things, the better promos and offers we'll be sharing

Learn more through the links below to go to the Phishing Contest page with more details and our October Event page where you can learn more about everything and get plugged in for updates.

Phishing Contest: https://rlsconsulting.co/phishingcontest/
October Events: https://rlsconsulting.co/october2025/
How to Write A Good Phishing Email: https://rlsconsulting.co/writeaphish-video/

08/12/2025

We've been failing in how we teach people to spot phishing emails - it's not as easy as spotting fish in an aquarium!🐟 Join us for a new approach as we teach you how to write a phishing email and the tricks attackers use.

Next Wednesday, August 20th at 1pm ET, I'm pulling in 3 great cybersecurity professionals to help out in our "How to Write A Good Phishing Email" webinar

We'll share tips and some of the tricks used to create phishing emails that are guaranteed to trick you into clicking!

You don't want to miss this fun new approach to security awareness training around phishing and social engineering.

Register here: https://us06web.zoom.us/webinar/register/WN_X8Fvdu2BSPudjpH10b2wxw

And don't forget to share it with your "clickers" out there!

See you next Wednesday, August 20th at 1pm ET!

08/07/2025

When you learn to write a phishing email - you get better at detecting them. I'll explain why below but you won't want to miss this fun session!

I've been helping to create phishing simulations for several years, and it's a lot of fun coming up with them.

One thing I've noticed is that it's built my own awareness of the types of tricks real attackers use and I'm better at spotting suspicious messages.

It turns out that, when your brain looks at something from another angle, it can help you learn better. It's the same effect when you teach someone something you've learned: you improve your own understanding in the process.

So, I thought it'd be a fun training to teach you how to write a phishing email!

In fact, I have something fun we're going to announce on this session. (If you're competitive and like prizes, you're going to want to hear it!)

Join us on Wednesday, August 20th at 1pm ET

Make sure you register here: https://us06web.zoom.us/webinar/register/WN_X8Fvdu2BSPudjpH10b2wxw

08/01/2025

I have a quick breach story that happened with a prospect - there are a handful of lessons you can take from this. I'll share my tips below. Here's what happened:

We'd been talking for a few months, but they were still sorting through some things when they ran into a breach and had to file an insurance claim, which included an investigation.

Basically, a client called reporting suspicious banking activity, and investigating it led to the discovery of a breach of a printer that sends images to a folder in SharePoint that a threat actor had gotten access to.

They captured images of checks - one belonging to this client that called - and were attempting check fraud and trying to basically use this office to launder money.

The investigation didn't tell them much because they didn't have data to really see far back enough to see what started the breach.

We DO know that the printer had not been updated and had a known vulnerability (weakness) that was exposed to the rest of the world. This or a phishing email could have been what that attacker used to get access.

They updated the printer and tightened up their security for Microsoft and Email access. (Among other things we're now working on to take it all further)

With all of this in mind, here are the tips:

1. Even a light risk assessment or Vulnerability Management practices might have discovered this

2. Attackers are looking for weaknesses that are easy to detect, easy to attack, and that they are aware of. Outdated systems and users that were not getting trained are easy targets

3. Investigations are only as good as the logs. IBM showed the average attack goes undetected for nearly 215 days - 7 months! So we need to be able to go back farther in our investigations if we ever want to know what happened

4. More could have been done to alert attention to suspicious activity

5. This experience showed how little their IT was doing and their lack of experience with cybersecurity

I hope this helps give you some ideas of things you can work on but if you want help identifying some immediate things that could help you avoid similar issues, don't hesitate to reach out and get a FREE review your cyber strategy!

07/25/2025

Check out a recent article Ryan wrote about the recent SharePoint vulnerabilities that have been in the news!

Headlines are buzzing about a serious SharePoint vulnerability—but does your agency actually need to worry? Before you panic, get the facts and a smarter path forward.

Read more: https://hubs.li/Q03yt3dC0

07/24/2025

Want to learn more? Get free cybersecurity resources at https://rlsconsulting.co/agencyresources