By habitually practicing these three things, you鈥檒l be on your way to greater cybersecurity success
By Bryan Johnson, IT Director, 天涯社区mpany
What exactly is success鈥檚 secret sauce? Well, Malcolm Gladwell would say that repetition is the key. The writer and public intellectual once famously claimed that it takes 10,000 hours of practice to master something. I don鈥檛 know if that specific number is accurate or not, but I do know that repetition is integral to a successful cybersecurity posture for any business. One thing that makes cybersecurity so tough to get right is that an effective strategy hinges on many moving parts. Not only do you need the right technical solutions, you also must ensure employees understand the risks and practice secure habits online. Having standardized, repeatable processes can go a long way toward mitigating this complexity and keeping your business safe from harm. From my perspective, these are the top three you should focus on at your agency.
1.) Review system updates
Keeping your systems, programs and applications religiously up to date is one of the best ways to avoid compromising your business鈥檚 security. Although it seems like it should be common sense in 2025, many companies still do not do this consistently. A recent study, in fact, showed that nearly 8 out of 10 companies are running on some form of outdated technology, which can lead to significant consequences. System updates often include critical security patches. If left uninstalled, your company can become a prime target for advanced malware and cyberattack strategies. Not to mention, leaving application updates uninstalled can mess with your compliance goals and damage your firm鈥檚 reputation.
Now, I鈥檝e been in this game for a long time. I know that keeping your systems continually updated can be an annoying and, if you鈥檙e not careful, time-consuming process. According to one report, your average small- to medium-sized business (SMB) utilizes an average of 58 applications, with many requiring continuous updates.[i] That makes it essential to stay on top of this process to ensure that your team is always running the latest versions of their solutions and tools.
2.) Review security logs
Just as important as frequently updating your systems is diligently reviewing your security logs. The average organization these days is generating more data and utilizing more network endpoints than ever before, which makes this a particularly important process to run in 2025. Some people don鈥檛 know this, but often cyber incidents aren鈥檛 immediately obvious. It鈥檚 not as if an attack happens and suddenly you鈥檙e facing a glitching computer screen or an ominous message shaking down your business for all it鈥檚 worth. Most incidents begin in a subtle and almost imperceptible fashion, which is where the utility of checking your logs comes into play. By turning this into a routine activity that you do every week, you鈥檒l be better positioned to spot potential abnormalities and take swift action on worrisome issues before they balloon into a crisis.
3.) Run security trainings
While it may come last, keeping your team current on the latest security changes, challenges and best practices is no less important than the other points on this list. In fact, it may be the most important way to ensure the safety of your entire operation. The data is clear on what can happen if you don鈥檛 take this seriously, with some reports listing human error as the origin of 95% of data breaches.[ii]
There are a lot of best practices for running successful cybersecurity trainings. The most critical principle, though, is that they need to be mandatory and consistent. Remember, a strong, solid cybersecurity posture always requires an all-hands-on-deck approach. It only takes one user to click on a phishing email or mishandle a system password and the whole thing can fall apart.
And so, while it is never easy to add another standing meeting to the calendar, especially for busy title insurance folks, establishing a consistent, habitual training schedule is non-negotiable if you want reliable security.
It鈥檚 not as easy as 1, 2, 3, but鈥 With something as complex as cybersecurity, can you ensure success by simply making the above-mentioned processes a habitual part of your routine? Not by a long shot. Almost nothing in our digitally connected world is so simple that it can be solved with a mere three-point list. That said, practicing these processes on at least a monthly basis is a great way to be ahead of the curve. They will ensure that you have the latest security patches installed, incidents are caught early, and team members are aware of the latest cyber risks and how to avoid them. And that will put you on a defensive footing that may not be bulletproof, but is certainly better than many organizations out there.