Cyber Readiness Institute

CRI’s Craig Moss (Director of Content & Certification) and Sasha Pailet Koff (Managing Director) break down key insights in Demystifying Cyber Readiness, highlighting why small businesses are increasingly attractive targets for cyberattacks—especially as AI lowers the barrier for threat actors. They explore why cyber readiness goes beyond technology, emphasizing the importance of people, process, and having a practical plan in place. From cyber hygiene and timely backups to incident response and business continuity, the conversation reinforces a simple truth: every organization needs to stay prepared. Ready to be your organization’s #CyberCheerleader? Start your cyber journey today with the Cyber Readiness Program: https://t.co/0my9FTiB5X #BeCyberReady #CyberReadiness #SmallBusiness #SupplyChainSecurity

This Small Business Month, it’s a reminder: when water stops, business does too. Cyber attacks on water utilities don’t just hit infrastructure—they impact the local businesses communities rely on every day. Is your system ready to keep doors open? Explore CRI’s Water Utility Addendum 2026 and help keep operations flowing: https://t.co/7WGRhuVUPw #CyberReady #CyberResilience #WaterCybersecurity #WaterCyber #UtilityCybersecurity

Phishing Friday Alert- Your Phone Is Now a Primary Target Attackers are moving beyond email and targeting users through: -Smishing (text scams) -Vishing (voice phishing) -QR-code phishing -MFA fatigue attacks Mobile-first phishing campaigns are rising rapidly. So what should you do to #BeCyberReady? -Don’t click unknown text links -Verify phone requests independently -Never share MFA codes -Be cautious with QR codes in public or emails Remember: Your phone can be just as dangerous as your inbox. #PhishingFriday #CyberSecurity #MobileSecurity #Smishing #StaySecure

Meet “Sally.” She brings the energy, keeps conversations going, and makes everyone feel heard—whether it’s a teammate or a customer. But here’s the question: does being outgoing and people-focused make her the right cyber leader? A true cyber leader doesn’t just communicate often—they communicate effectively. They turn everyday interactions into opportunities to reinforce smart cyber habits and make security feel relevant to everyone. Like this post if you think Sally would make a great cyber leader. Learn more about nominating a cyber leader for your office: https://t.co/0my9FTiB5X #CyberReadiness #SmallBusinessMonth #ChangeBehavior #BeCyberReady #CyberLeadership

In This Week in Cybersecurity, 'AI can find bugs and flaws, but don't forget the cybersecurity basics' offers an important reminder for all of us: while AI may help uncover vulnerabilities, many of the most damaging breaches still stem from basic security gaps. From exposed files and weak passwords to missing multi-factor authentication and social engineering attacks, cybersecurity fundamentals still matter. Strong cyber hygiene, regular updates, access controls, and authentication best practices remain essential defenses against both AI-enabled threats and old-fashioned attacks. That’s why the Cyber Readiness Program exists: to help organizations strengthen the basics and take practical steps toward better cyber readiness. Read the full article for more insights: https://t.co/n9fJrouXxj Start your cybersecurity journey with CRI today and #BeCyberReady: https://t.co/0my9FTiB5X #CyberReadiness #CybersecurityAwareness #CyberHygiene #DataSecurity #AI #MultiFactorAuthentication

Meet “Anna.” She’s direct, detail-oriented, and doesn’t let anything slip through the cracks. When something needs to get done, she’s already on it. But here’s the question: does a no-nonsense approach make her the right cyber leader? A true cyber leader doesn’t just enforce the rules—they inspire others to follow them. They balance accountability with approachability, helping their team understand the “why” behind secure behaviors so it sticks. Like this post if you think Anna would make a great cyber leader. Learn more about nominating a cyber leader for your office: https://t.co/0my9FTiB5X #CyberReadiness #SmallBusinessMonth #ChangeBehavior #BeCyberReady #CyberLeadership

Phishing Friday Alert! Ransomware Is the “New Normal” Ransomware isn’t slowing down and in fact, is becoming a constant threat for organizations everywhere. Today’s attacks now include: Double extortion — attackers encrypt your systems and threaten to leak stolen data Targeting of critical infrastructure, healthcare, schools, and businesses Faster, more automated attacks designed for maximum disruption The reality is organizations are no longer asking if they’ll be targeted, they’re preparing for when. One phishing email, stolen password, or unpatched system can lead to: • Locked systems • Massive downtime • Data exposure • Financial and reputational damage Prepare Now, Not After • Back up critical data regularly • Keep systems patched and updated • Use MFA everywhere possible • Train employees to recognize phishing attempts • Report suspicious activity immediately Don’t assume your organization is “too small” to be targeted. Attackers look for the easiest opportunity — not just the biggest company. Remember: Ransomware isn’t a rare event anymore, it’s part of the modern threat landscape. #PhishingFriday #CyberSecurity #Ransomware #StayAlert

Meet “Sam.” The go-to for keeping the office running smoothly, always ready with a creative solution and a friendly approach. But here’s the question: Does being organized and well-liked make Sam the right cyber leader? A true cyber leader doesn’t just keep things moving—they embed cybersecurity into everyday routines. They find creative ways to make secure behaviors easy, approachable, and part of the culture. Like this post if you think Sam would make a great cyber leader. Learn more about nominating a cyber leader for your office: https://t.co/0my9FTiB5X #CyberReadiness #SmallBusinessMonth #ChangeBehavior #BeCyberReady #CyberLeadership

No one wants to explain why the sprinklers stopped working—especially when it’s preventable. Make cyber readiness part of the job. Sign up for the Critical Infrastructure Program: Resiliency for Water Utilities and take the lead in keeping your systems—and your community—running. Is your water utility #CyberReady? https://t.co/0my9FTiB5X

Meet “Brian.” He’s always first to try a new tool, quick to speak up, and eager to take the lead on the next big idea. But here’s the question: Does ambition and a love for technology make him the right cyber leader? A true cyber leader doesn’t just chase what’s new—they champion what’s secure. They balance curiosity with caution, model smart decision-making, and help others adopt new technologies safely and responsibly. Like this post if you think Brian would make a great cyber leader. Learn more about nominating a cyber leader for your office: https://t.co/0my9FTiB5X #CyberReadiness #SmallBusinessMonth #ChangeBehavior #BeCyberReady #CyberLeadership

Phishing Friday Alert: Old Vulnerabilities + New Attacks A 17-year-old Microsoft Excel vulnerability is being actively exploited again—proof that old security flaws never really go away (via PC Gamer). Attackers are pairing outdated, unpatched vulnerabilities with modern phishing tactics, AI, and automation. Translation: Cybercriminals don’t always need new tricks… They just wait for organizations to fall behind on updates. Why this matters: Unpatched systems remain one of the easiest ways into a network. One outdated device or missed update can open the door to: - Malware - Credential theft - Ransomware - Full system compromise Patch your system before the next cyberattack strikes: - Keep software and systems updated - Don’t ignore security patches or reminders - Be cautious with unexpected Excel attachments or downloads - Train employees to spot phishing attempts - Report suspicious files or emails immediately Remember: Cybersecurity isn’t just about defending against the newest threats… Old vulnerabilities are still gold mines for attackers. Source: https://t.co/i0uDzAYHXW #PhishingFriday #CyberSecurity #PatchManagement #StayAlert

Cybersecurity doesn’t have to be complicated to be effective. In this video, Sasha Pailet Koff, Managing Director at CRI, shares why the most impactful investment small and mid-sized businesses can make isn’t in tools—it’s in people. Through CRI’s Cyber Readiness Program, organizations can quickly equip a dedicated “cyber leader” with the practical skills needed to manage risk, build stronger habits, and integrate security into everyday decisions—no technical background required. It’s a simple shift that can make a lasting difference. Learn more and get started today: https://t.co/0my9FTiB5X #CyberReady #CyberLeadership

Agentic AI tools are quickly becoming part of everyday operations for small and mid-sized businesses — but many teams are still unsure how to manage the new cyber risks that come with them. Our Agentic AI Guide is designed to help SMB leaders cut through hype and confusion with clear, practical actions you can take now to use AI agents more safely and responsibly. Use this resource to start building a more secure, resilient, and #CyberReady organization today: https://t.co/B2lj66RI8r #BeCyberReady #AgenticAI #CyberResilience #AIGuide

When even bath time gets political, it’s time to pay attention. Critical infrastructure, like water treatment plants, are increasingly in the spotlight for cyberattacks. Make sure yours is ready to respond. Learn how to build stronger defenses today using CRI's Critical Infrastructure Program for water utilities: https://t.co/khcuZiv8Ee #BeCyberReady #ChangeBehavior #CyberResilience

Phishing Friday Alert! This week: Supply Chain & Third-Party Attacks Hackers don’t always attack the target directly anymore, when it’s sometimes easier to breach one of their trusted partner instead. Companies are increasingly being compromised through: • Vendors • SaaS platforms • External integrations • Third-party access One weak link can open the door to an entire organization. This matters because attackers know trusted partners often have system access, shared data, and built-in trust. And once inside, the damage spreads fast. Call To Action: Trust, But Verify Before clicking, approving, or sharing anything: • Verify third-party requests through trusted channels • Limit vendor access to only what’s necessary • Monitor unusual login attempts or account behavior • Treat shared files and external links with caution • Report suspicious partner communications immediately Don’t assume an email is safe just because it comes from a known vendor or partner. Attackers are counting on that trust. Remember: You don’t always have to hack the company… Sometimes you just hack the company they trust. #PhishingFriday #CyberSecurity #SupplyChainSecurity #StayAlert

Meet “Dwayne.” He’s got the drills scheduled, the policies memorized, and zero tolerance for risky clicks. But here’s the question: is being a stickler for the rules enough to be cyber leader in his office? A true cyber leader doesn’t just follow the rules—they help build a culture where everyone understands why cyber readiness matters and feels empowered to act securely every day. Like this post if you think Dwayne would make a good cyber leader. Learn more about nominating a cyber leader for your office: https://t.co/aTEmWqWvH8 #CyberReadiness #SmallBusinessMonth #ChangeBehavior #BeCyberReady #CyberLeadership

Cybersecurity isn’t just a technical issue—it’s a leadership responsibility. Sasha Pailet Koff, Managing Director at CRI, explains why every small and medium-sized business needs a dedicated cyber leader to help build a culture of security across the workforce. Through our free Cyber Readiness Program, organizations can empower leaders with the practical skills needed to strengthen everyday cybersecurity habits—no technical background required. Because when cyber readiness becomes part of your culture, your entire business is stronger. Want to become a cyber leader? Sign up, today: https://t.co/aTEmWqWvH8 #CyberReady #CyberLeader

Agentic AI is reshaping how small businesses operate. It's also creating risks that most SMBs aren't prepared for...yet. Our new Agentic AI Guide cuts through the noise — practical steps, real considerations, no jargon — so you can move forward with AI agents confidently and securely. Download it here and get started on creating a #CyberReady environment, today: https://t.co/B2lj66RI8r #BeCyberReady #AgenticAI #ChangeBehavior #AIGuide