By habitually practicing these three things, you’ll be on your way to greater cybersecurity success
By Bryan Johnson, IT Director, Alliant National Title Insurance Company
What exactly is success’s secret sauce? Well, Malcolm Gladwell would say that repetition is the key. The writer and public intellectual once famously claimed that it takes 10,000 hours of practice to master something. I don’t know if that specific number is accurate or not, but I do know that repetition is integral to a successful cybersecurity posture for any business. One thing that makes cybersecurity so tough to get right is that an effective strategy hinges on many moving parts. Not only do you need the right technical solutions, you also must ensure employees understand the risks and practice secure habits online. Having standardized, repeatable processes can go a long way toward mitigating this complexity and keeping your business safe from harm. From my perspective, these are the top three you should focus on at your agency.
1.) Review system updates
Keeping your systems, programs and applications religiously up to date is one of the best ways to avoid compromising your business’s security. Although it seems like it should be common sense in 2025, many companies still do not do this consistently. A recent study, in fact, showed that nearly 8 out of 10 companies are running on some form of outdated technology, which can lead to significant consequences. System updates often include critical security patches. If left uninstalled, your company can become a prime target for advanced malware and cyberattack strategies. Not to mention, leaving application updates uninstalled can mess with your compliance goals and damage your firm’s reputation.
Now, I’ve been in this game for a long time. I know that keeping your systems continually updated can be an annoying and, if you’re not careful, time-consuming process. According to one report, your average small- to medium-sized business (SMB) utilizes an average of 58 applications, with many requiring continuous updates.[i] That makes it essential to stay on top of this process to ensure that your team is always running the latest versions of their solutions and tools.
2.) Review security logs
Just as important as frequently updating your systems is diligently reviewing your security logs. The average organization these days is generating more data and utilizing more network endpoints than ever before, which makes this a particularly important process to run in 2025. Some people don’t know this, but often cyber incidents aren’t immediately obvious. It’s not as if an attack happens and suddenly you’re facing a glitching computer screen or an ominous message shaking down your business for all it’s worth. Most incidents begin in a subtle and almost imperceptible fashion, which is where the utility of checking your logs comes into play. By turning this into a routine activity that you do every week, you’ll be better positioned to spot potential abnormalities and take swift action on worrisome issues before they balloon into a crisis.
3.) Run security trainings
While it may come last, keeping your team current on the latest security changes, challenges and best practices is no less important than the other points on this list. In fact, it may be the most important way to ensure the safety of your entire operation. The data is clear on what can happen if you don’t take this seriously, with some reports listing human error as the origin of 95% of data breaches.[ii]
There are a lot of best practices for running successful cybersecurity trainings. The most critical principle, though, is that they need to be mandatory and consistent. Remember, a strong, solid cybersecurity posture always requires an all-hands-on-deck approach. It only takes one user to click on a phishing email or mishandle a system password and the whole thing can fall apart.
And so, while it is never easy to add another standing meeting to the calendar, especially for busy title insurance folks, establishing a consistent, habitual training schedule is non-negotiable if you want reliable security.
It’s not as easy as 1, 2, 3, but… With something as complex as cybersecurity, can you ensure success by simply making the above-mentioned processes a habitual part of your routine? Not by a long shot. Almost nothing in our digitally connected world is so simple that it can be solved with a mere three-point list. That said, practicing these processes on at least a monthly basis is a great way to be ahead of the curve. They will ensure that you have the latest security patches installed, incidents are caught early, and team members are aware of the latest cyber risks and how to avoid them. And that will put you on a defensive footing that may not be bulletproof, but is certainly better than many organizations out there.
[i] https://www.okta.com/blog/industry-insights/smbs-at-work-2024-what-apps-make-the-smb-stack/
