Cybersecurity for Seattle and Eastside Small Businesses: A Practical Guide — Issaquah, WA

Small businesses are the target, not big corporations

Over 43% of cyberattacks target small businesses. The reason is simple: large companies have security teams. You probably don't. Attackers know this.

In Seattle and the Eastside, we've seen phishing attacks take down accounting firms in Bellevue, ransomware lock up dental clinics in Kirkland, and business email compromise drain $85,000 from a Redmond contractor's account — all in the past year.

The realistic threat model for a 5–50 person company

You're not protecting against nation-state hackers. You're protecting against:

1. Phishing emails — "Your invoice is attached" with a malicious link 2. Credential stuffing — your employee reused a password from a breached site 3. Ransomware — usually delivered via phishing or an unpatched VPN 4. Business email compromise — attacker gets into your email and redirects a wire transfer

The security stack that actually works

Non-negotiable (do these today)

• MFA on every account — email, banking, cloud apps, VPN. No exceptions.
• Password manager for the whole team (1Password, Bitwarden)
• Automated patching — Windows Update, macOS updates, browser updates
• Email filtering with anti-phishing (Microsoft Defender or Proofpoint Essentials)

Important (implement this quarter)

• Endpoint detection and response (EDR) — not traditional antivirus
• DNS filtering (Cisco Umbrella, Cloudflare Gateway) — blocks malicious domains before they load
• Backup verification — test a restore monthly, not just "it says it backed up"
• Offboarding checklist — revoke access within 1 hour of departure, not "sometime next week"

Mature (build toward this)

• Security awareness training with phishing simulations (KnowBe4, Hoxhunt)
• Zero-trust network access (replace traditional VPN)
• Annual penetration test or vulnerability scan
• Cyber insurance (increasingly required by clients and partners)

The cost of doing nothing

The average cost of a data breach for a small business is $120,000 — and 60% of those businesses close within 6 months. That's not a scare tactic; it's an actuarial reality.

We build security into everything we do

Every IT engagement we run includes a baseline security assessment. We won't set up your network without MFA, won't configure email without filtering, won't deploy laptops without encryption. It's baked in, not bolted on.