Skip to main content
Loading Obsidian Ridge…
Obsidian Ridge
ServicesIndustriesCyber Insurance
For Your BusinessFor You & Your FamilyFor Enterprise
Pricing
BlogCase Studies
AboutTrust
Take AssessmentBook a Briefing

Blog

Field notes from a working security practitioner

Practical writeups on tools, compliance, incident response, personal security, and what actually matters when security has to work in the real world.

Browse articlesRSS feed

Categories

Explore by category

AI Security

LLM security, prompt injection, AI governance, and practical guidance on using AI safely in real organizations.

View category

Compliance

SOC 2, HIPAA, CMMC, PCI-DSS, ISO 27001, audit prep, and control mapping for growing teams.

View category

Device Management

MDM, Intune, JAMF, Addigy, Workspace ONE, and Kandji guidance for secure device fleets.

View category

Endpoint & Detection

EDR, MDR, XDR, Huntress, SentinelOne, CrowdStrike, Defender, and practical endpoint detection guidance.

View category

Personal Security

Online scams, identity theft, family digital safety, and personal cybersecurity explained in plain language.

View category

Security Awareness

Phishing simulation, scam recognition, social engineering, and awareness training programs that actually change behavior.

View category

Threat Intelligence & Incident Response

Threat actor profiles, recent breaches, vendor compromises, and incident response playbooks.

View category

Featured

Start with the current benchmark article

May 16, 2026 · 12 min read

Cyber Insurance for First-Time SMB Buyers: What the 2026 Questionnaire Actually Asks and How to Pass It

A CISSP-led walkthrough of cyber insurance for first-time SMB buyers in 2026 — what the policy covers, what the questionnaire asks, the controls carriers review, and how to pass the application without overspending.

SMB
Read article

Search

Find the topic you need

Compliance · guide

Do You Need CMMC? A Small Manufacturer's Guide to the 2026 Rules

If you make anything for the defense supply chain — even as a sub-tier subcontractor — CMMC may now gate your contracts. Here's who's actually in scope, what Level 2 requires, and what non-defense manufacturers should do instead.

Compliance · guide

Do Auto Dealers Have to Comply with the FTC Safeguards Rule? (2026)

Most dealerships that arrange financing are 'financial institutions' under the FTC Safeguards Rule — which means a specific, named cybersecurity program is required by regulation. Here's what's on the list and how to satisfy it.

Compliance · guide

GLBA, the SEC, and Your Small Advisory: Which Cybersecurity Rules Actually Apply

RIAs, insurance agencies, and small advisory firms sit under overlapping cybersecurity rules — the FTC/GLBA Safeguards Rule and, for registered firms, the SEC and FINRA. Here's which ones actually apply to you, plain-English.

Compliance · guide

Cybersecurity for Nonprofits on a Budget: Donor Data, Grants, and What Actually Matters

Nonprofits face the same attacks as any business on a fraction of the budget. There's no nonprofit-specific cyber law — but PCI, grant requirements, and state breach laws still bite. The high-leverage, low-cost controls that matter.

Compliance · guide

Cybersecurity for Property Management: Tenant Data, Rent Fraud & FCRA in 2026

Property managers hold tenant SSNs and bank details, pull credit reports under FCRA, and move owner money — making them a prime target for wire fraud and data theft. The real exposures and the controls that close them.

Compliance · guide

HIPAA Cybersecurity for Senior Care & Assisted Living: What's Required in 2026

Skilled nursing and home health are HIPAA covered entities; assisted living often handles PHI too. What senior-care operators must protect, the proposed Security Rule changes, and the controls that keep residents and revenue safe.

Recent

Recent articles across the site

Filter by audience, industry, or article type. The list updates after Apply.

June 17, 2026 · 9 min read

Do You Need CMMC? A Small Manufacturer's Guide to the 2026 Rules

If you make anything for the defense supply chain — even as a sub-tier subcontractor — CMMC may now gate your contracts. Here's who's actually in scope, what Level 2 requires, and what non-defense manufacturers should do instead.

ManufacturingSMB
Read article

June 17, 2026 · 9 min read

Do Auto Dealers Have to Comply with the FTC Safeguards Rule? (2026)

Most dealerships that arrange financing are 'financial institutions' under the FTC Safeguards Rule — which means a specific, named cybersecurity program is required by regulation. Here's what's on the list and how to satisfy it.

Auto dealersSMB
Read article

Newsletter

Get monthly field notes

One practical email a month with new articles, security observations, and the patterns worth paying attention to.

Obsidian Ridge

Real coverage, plain language, and a practitioner who picks up the phone — for businesses, families, and security teams that need depth.

security@obsidianridge.ioLinkedIn

Solutions

  • For You & Your Family
  • For Your Business
  • For Enterprise
  • Dental Practices
  • Law Firms
  • CPA & Accounting Firms
  • Cyber Insurance
  • Cyber Insurance Readiness

Services

  • All Services
  • Managed Detection & Response
  • Managed ESPM
  • Multi-Vendor Managed Security
  • Ridge Watch ($15/device)
  • Huntress Partner
  • Cyber Insurance Program
  • Integrations

Resources

  • Blog
  • Case Studies
  • Frameworks
  • Cyber Insurance Questionnaire
  • Take the assessment

June 17, 2026 · 9 min read

GLBA, the SEC, and Your Small Advisory: Which Cybersecurity Rules Actually Apply

RIAs, insurance agencies, and small advisory firms sit under overlapping cybersecurity rules — the FTC/GLBA Safeguards Rule and, for registered firms, the SEC and FINRA. Here's which ones actually apply to you, plain-English.

Financial servicesSMB
Read article

June 17, 2026 · 8 min read

Cybersecurity for Nonprofits on a Budget: Donor Data, Grants, and What Actually Matters

Nonprofits face the same attacks as any business on a fraction of the budget. There's no nonprofit-specific cyber law — but PCI, grant requirements, and state breach laws still bite. The high-leverage, low-cost controls that matter.

NonprofitsSMB
Read article

June 17, 2026 · 8 min read

Cybersecurity for Property Management: Tenant Data, Rent Fraud & FCRA in 2026

Property managers hold tenant SSNs and bank details, pull credit reports under FCRA, and move owner money — making them a prime target for wire fraud and data theft. The real exposures and the controls that close them.

Property managementSMB
Read article

June 17, 2026 · 9 min read

HIPAA Cybersecurity for Senior Care & Assisted Living: What's Required in 2026

Skilled nursing and home health are HIPAA covered entities; assisted living often handles PHI too. What senior-care operators must protect, the proposed Security Rule changes, and the controls that keep residents and revenue safe.

Senior careSMB
Read article

June 17, 2026 · 8 min read

Does a Small Store Have to Be PCI Compliant? PCI DSS 4.0 in Plain English

If you take card payments — in a shop or online — PCI DSS applies to you, and 51 new v4.x requirements became mandatory in 2025. What that means for a small merchant, plain-English, without the jargon.

Retail & e-commerceSMB
Read article

June 17, 2026 · 9 min read

Wire Fraud, Title Companies, and the GLBA Rule You Didn't Know Applied (2026)

Closing-wire fraud is the most expensive cyberattack in real estate — and most title and settlement firms don't realize the FTC Safeguards Rule already treats them as financial institutions. Here's the exposure and the fix.

Real estate & titleSMB
Read article

June 17, 2026 · 8 min read

Is Pet Data Covered by HIPAA? Cybersecurity for Veterinary Practices in 2026

No — HIPAA doesn't cover pets, and there's no federal law requiring vets to safeguard animal health records. But veterinary practices still run on payment data and cloud software that ransomware loves. The real risk, and what to do about it.

VeterinarySMB
Read article

June 17, 2026 · 8 min read

Beyond the Safeguards Rule: The Cyberattacks That Actually Hit Car Dealerships

Compliance is one thing; the attack that stops a dealership is another. Ransomware on the DMS, F&I identity data, and vendor outages like the 2024 CDK attack are the real exposure. What actually hits dealers, and how to be ready.

Auto dealersSMB
Read article

June 17, 2026 · 8 min read

Why Contractors Are a Top Ransomware Target — and How to Protect Your Payments and Projects (2026)

Contracting services were the second-most-reported non-critical sector in the FBI's 2025 ransomware data. The two exposures that actually hurt a construction firm — project downtime and progress-payment wire fraud — and how to close them.

ConstructionSMB
Read article

June 17, 2026 · 8 min read

Ransomware on the Factory Floor: Protecting Production for Small Manufacturers

For a small manufacturer, the expensive cyberattack isn't data theft — it's the ransomware that stops the line. Manufacturing is the most-attacked industry, and downtime is the real loss. The exposure and the fix.

ManufacturingSMB
Read article

June 16, 2026 · 11 min read

CMMC compliance for small defense contractors: costs, timeline, and Level 2 steps

A plain-English CMMC guide for small defense contractors covering what Level 2 means in 2026, what actually drives cost, how the rollout works, and the steps to get ready.

SMB
Read article

June 16, 2026 · 12 min read

NIST 800-171 self-assessment: how to score your SPRS and close gaps

A plain-English guide for defense contractors on how the NIST SP 800-171 self-assessment score works, what SPRS actually stores, and how to close the gaps that keep the score low.

SMB
Read article

June 16, 2026 · 10 min read

North Carolina data breach notification law: what small businesses must do

A plain-English guide to North Carolina's data breach notification law for small businesses, including who must notify, what the notice must say, when to contact the Attorney General, and when consumer reporting agencies must be told.

SMB
Read article

June 16, 2026 · 10 min read

PCI DSS 4.0.1 for small merchants: which SAQ you need and what changed

A plain-English PCI DSS 4.0.1 guide for small merchants covering how to choose the right SAQ, what changed in the v4.0.1 SAQ set, and where merchants usually scope themselves wrong.

SMB
Read article

June 16, 2026 · 11 min read

Vendor and third-party risk for SMBs: how to vet your software supply chain

A plain-English vendor risk guide for small and midsize businesses covering how to classify suppliers, what to ask software vendors before purchase, which contract points matter, and how to avoid treating every third party like the same level of risk.

SMB
Read article

June 16, 2026 · 11 min read

Affordable EDR for small business: options with transparent monthly pricing

A plain-English guide to small-business EDR options that actually publish pricing, with official vendor numbers normalized into monthly cost.

SMB
Read article

June 16, 2026 · 11 min read

Best managed EDR for Microsoft Defender users

A practitioner-led comparison of the best managed EDR options for small businesses already running Microsoft Defender, with an emphasis on operational fit instead of replacing the stack.

SMB
Read article

June 16, 2026 · 10 min read

The cheapest MDR for small business: real 2026 pricing by endpoint count

A pricing-first look at small-business MDR in 2026, using only public vendor pricing where it actually exists and showing how endpoint minimums change the math.

SMB
Read article

June 16, 2026 · 11 min read

Best password manager for seniors in 2026

A plain-English guide to the best password managers for seniors in 2026, focused on ease of use, caregiver recovery, and the setups that older adults will actually keep using.

Individuals
Read article

June 15, 2026 · 11 min read

Do I need an MSSP or just an MSP? A decision guide for North Carolina SMBs

A plain-English guide for North Carolina small businesses deciding whether general IT support is enough or whether they need a managed security service provider.

SMB
Read article

June 15, 2026 · 11 min read

How much does it cost to outsource cybersecurity for a small business?

A plain-English pricing guide to outsourced cybersecurity for small businesses, including endpoint-only coverage, managed programs, identity monitoring, and one-time readiness work.

SMB
Read article

June 15, 2026 · 10 min read

Is antivirus enough for my small business? Why ransomware walks past it

A plain-English small-business guide to what antivirus still does well, where ransomware bypasses it, and what controls have to sit around it.

SMB
Read article

June 15, 2026 · 11 min read

AI voice-cloning scams: how to protect your family with a safe word

A plain-English guide to AI voice-cloning scams, how family emergency calls get faked, and the one shared safe-word rule that stops many panic-driven losses.

Individuals
Read article

June 15, 2026 · 9 min read

Do you really need a VPN? An honest 2026 answer

A plain-English guide to whether most people actually need a VPN in 2026, what a VPN really does, when it helps, and what it does not protect you from.

Individuals
Read article

June 15, 2026 · 10 min read

Government impersonation scams: when the IRS, SSA, or Medicare calls

A plain-English guide to government impersonation scams, including IRS, Social Security, Medicare, and FTC fake-contact schemes, with the red flags families should treat as immediate warnings.

Individuals
Read article

June 15, 2026 · 11 min read

How to freeze your credit for every family member in 30 minutes

A practical step-by-step guide to freezing credit for adults, kids, and aging parents, with what a freeze actually blocks, what it does not, and how to lift it when you need new credit.

Individuals
Read article

June 15, 2026 · 10 min read

How to tell if your email or password was leaked in a data breach

A plain-English guide to checking whether your email or password was exposed in a data breach and the exact steps to take next if it was.

Individuals
Read article

June 15, 2026 · 10 min read

Identity theft protection: what to do in the first 24 hours

A plain-English first-day response guide for suspected identity theft, covering the federal recovery steps that matter most before more accounts, credit lines, or claims appear in your name.

Individuals
Read article

June 15, 2026 · 12 min read

Investment and crypto scams: how fake trading platforms steal retirement savings

A plain-English guide to modern investment and crypto scams, how fake trading platforms create the illusion of profits, and the red flags that matter before retirement money is gone.

Individuals
Read article

June 15, 2026 · 12 min read

The most common scams targeting seniors in 2026

A plain-English guide to the scam types hitting older adults hardest in 2026, ranked by the patterns families should recognize first and the one response rule that prevents many losses.

Individuals
Read article

June 15, 2026 · 10 min read

Online shopping scams during the holidays: how to spot fake deals before you click

A plain-English holiday shopping scam guide covering fake online stores, scam ads, package-text tricks, and the payment red flags that matter before you buy.

Individuals
Read article

June 15, 2026 · 10 min read

Phishing explained: how to recognize a scam email or text in 30 seconds

A plain-English guide to spotting phishing emails and texts fast, what the common red flags actually look like, and what to do next without making the mistake worse.

Individuals
Read article

June 15, 2026 · 9 min read

Public Wi-Fi safety: what's actually risky and what isn't

A plain-English guide to public Wi-Fi safety in 2026, what risks are still real, what is mostly outdated fear, and how to use airport, hotel, and coffee-shop networks without overreacting.

Individuals
Read article

June 15, 2026 · 11 min read

Romance scams: warning signs and how to help someone who's being targeted

A practical guide to the warning signs of romance scams and how to help someone who may already be emotionally involved, without pushing them deeper into the scammer's control.

Individuals
Read article

June 15, 2026 · 10 min read

Smart home security: how to lock down cameras, doorbells, and speakers

A plain-English guide to securing smart home devices in 2026, with the practical steps that matter most for cameras, video doorbells, smart speakers, and the apps that control them.

Individuals
Read article

June 15, 2026 · 10 min read

Strong passwords vs passkeys: what to use in 2026

A plain-English guide to passkeys versus passwords in 2026, when passkeys are better, where passwords still matter, and how families and small teams should handle both.

Individuals
Read article

June 15, 2026 · 10 min read

Tech-support scams: why that 'Microsoft' pop-up is fake

A plain-English guide to fake Microsoft pop-ups and tech-support scams, including what the warning signs look like, what to do right away, and how to help an older relative recover if they already called.

Individuals
Read article

June 15, 2026 · 11 min read

What is multi-factor authentication and why it stops most account takeovers

A plain-English MFA explainer: what multi-factor authentication is, why it blocks many password-based account takeovers, and which MFA methods are strongest in real life.

Individuals
Read article

June 15, 2026 · 10 min read

What is ransomware? A plain-English guide for non-technical people

A plain-English explanation of ransomware, how it spreads, what attackers want, and what normal families and small businesses should do first if they think they have a ransomware problem.

IndividualsSMB
Read article

June 12, 2026 · 11 min read

Email security for small business: stopping BEC and phishing on a budget

A plain-English small-business email security guide focused on the cheap controls that cut business email compromise and phishing risk first.

SMB
Read article

June 12, 2026 · 11 min read

HIPAA risk assessment: how to use the free HHS SRA Tool and when to get help

A plain-English guide to using the free HHS and ASTP/ONC Security Risk Assessment Tool for HIPAA Security Rule work, including what the tool does well, where small practices get stuck, and when outside help is worth it.

SMB
Read article

June 10, 2026 · 9 min read

Small Business Cybersecurity Basics: 10 Things to Do This Week

A plain-English small business cybersecurity checklist — the ten controls most worth doing first, before you spend a dollar on tools you may not need yet.

SMB
Read article

June 8, 2026 · 10 min read

What Controls Do Cyber Insurers Require in 2026? The 10 That Decide Your Application

The 10 security controls cyber insurers actually score in 2026 — what carriers ask, what passes, and the quiet answers that get applications declined.

SMB
Read article

June 1, 2026 · 15 min read

How to protect aging parents from online scams without overwhelming them

A practical guide for adult children who want to reduce scam risk for aging parents without treating them like children or burying them in security advice.

Individuals
Read article

May 21, 2026 · 14 min read

What to do in the first 24 hours after a small business ransomware scare

A practical first-24-hours ransomware checklist for small businesses: isolate systems, preserve evidence, call the right parties, and avoid the panic moves that make recovery worse.

SMB
Read article

May 16, 2026 · 11 min read

Cyber Insurance for Accounting Firms: The Controls Underwriters Are Asking About in 2026

What cyber insurance for CPA and tax firms actually covers in 2026, the underwriting questionnaire controls carriers review, and how to pass the application without overspending.

Accounting firmsSMB
Read article

May 16, 2026 · 12 min read

Cyber Insurance for First-Time SMB Buyers: What the 2026 Questionnaire Actually Asks and How to Pass It

A CISSP-led walkthrough of cyber insurance for first-time SMB buyers in 2026 — what the policy covers, what the questionnaire asks, the controls carriers review, and how to pass the application without overspending.

SMB
Read article

May 16, 2026 · 14 min read

Cyber Insurance Questionnaire 2026: The 22 Controls Underwriters Are Asking About

The 22 cyber-insurance underwriting controls carriers ask about in 2026 — what each one asks, why carriers care, and how to answer without overcommitting your stack.

SMB
Read article

May 16, 2026 · 15 min read

IRS Publication 4557 & FTC Safeguards Rule for CPA Firms: What You Actually Have to Do in 2026

What IRS Publication 4557, IRS Publication 5708, the FTC Safeguards Rule, AICPA SSTS Section 1.3, and the state breach laws actually require of CPA firms in 2026 — the technical safeguards, the documented program, and where most firms get it wrong.

Accounting firmsSMB
Read article

May 16, 2026 · 12 min read

The IRS WISP Template for Solo and Small CPA Firms (12 Pages, Not 60)

What an IRS Publication 4557-aligned Written Information Security Plan (WISP) actually has to contain for a small CPA firm in 2026 — and a 12-page outline you can adapt instead of buying a 60-page template.

Accounting firmsSMB
Read article

May 16, 2026 · 12 min read

MDR vs EDR vs MSSP vs SOC-as-a-Service: A Practitioner's Decision Tree for Small Business

MDR, EDR, MSSP, and SOC-as-a-service compared honestly for small business buyers — what each delivers, what each costs, and a five-question decision tree that gets to the right answer.

SMBEnterprise
Read article

May 16, 2026 · 11 min read

Securing Lacerte, Drake, CCH Axcess, UltraTax, and ATX: A Practical Hardening Guide for Small Tax Firms

Field-tested hardening guide for the tax software CPA firms actually use — Lacerte, Drake, CCH Axcess, UltraTax, and ATX — covering account hygiene, MFA, server isolation, audit logging, and the e-file PIN problem.

Accounting firmsSMB
Read article

May 16, 2026 · 11 min read

1Password vs Bitwarden vs Apple Passwords: What a CISSP Actually Uses at Home (2026)

A CISSP-led, vendor-neutral comparison of 1Password Families, Bitwarden, and Apple Passwords for household password management in 2026 — what each does well, where each fails, and which is right for your family.

Individuals
Read article

May 16, 2026 · 12 min read

LifeLock vs Norton 360 with LifeLock — and why we withdrew our Aura recommendation (2026 update)

A CISSP-led 2026 update: LifeLock vs Norton 360 with LifeLock for identity theft protection. Plus why we withdrew the Aura recommendation in May 2026 after parent-company security concerns surfaced.

Individuals
Read article

May 16, 2026 · 14 min read

The Complete 2026 Guide to Personal Cybersecurity for Families: What a CISSP Actually Recommends

What a CISSP-certified security practitioner actually recommends for personal and family cybersecurity in 2026 — identity protection, password managers, MFA, browser protection, device protection, and the family conversation that matters more than any tool.

Individuals
Read article

May 16, 2026 · 11 min read

Guardio vs Bitdefender vs Malwarebytes: Browser-Layer Protection Compared (2026)

A CISSP-led comparison of Guardio, Bitdefender Total Security, and Malwarebytes Plus for browser-layer and endpoint protection in 2026 — what each catches, where each fails, and which one fits your household.

Individuals
Read article

May 16, 2026 · 10 min read

Wire Fraud and Client-Trust Compromise: The BEC Pattern That's Costing Accounting Firms Six Figures

How BEC and wire-fraud unfold in CPA firms — refund redirect, payroll wire interception, vendor payment scams — and the controls that catch the chain before the wire leaves.

Accounting firmsSMB
Read article

May 16, 2026 · 11 min read

Tax Season Ransomware: Why CPA Firms Get Hit Between February and April

Why ransomware operators target accounting firms during tax season, the attack chains that work, the recovery timelines firms cannot afford, and the controls that break the chain.

Accounting firmsSMB
Read article

May 14, 2026 · 15 min read

ABA Cybersecurity Duties for Law Firms: What Model Rule 1.6, Formal Opinion 477R, and Formal Opinion 483 Actually Require

What ABA Model Rule 1.6, Formal Opinion 477R, and Formal Opinion 483 actually require of law firms in 2026 — reasonable efforts, breach response duties, supervisory obligations, and where most firms get it wrong.

Law firmsSMB
Read article

May 14, 2026 · 10 min read

Cyber Insurance for Dental Practices: The Controls Underwriters Are Asking About in 2026

What dental cyber insurance actually covers in 2026, the underwriting questionnaire controls carriers review, and how to pass the application without overspending.

Dental practicesSMB
Read article

May 14, 2026 · 10 min read

Cyber Insurance for Law Firms: The Controls Underwriters Are Asking About in 2026

What law firm cyber insurance actually covers in 2026, the underwriting questionnaire controls carriers review, and how to pass the application without overspending.

Law firmsSMB
Read article

May 14, 2026 · 14 min read

HIPAA Cybersecurity for Dental Practices: What the Security Rule Actually Requires

What the HIPAA Security Rule actually requires of dental practices in 2026 — risk analysis, administrative safeguards, MFA, encryption, breach response, and where most practices get it wrong.

Dental practicesSMB
Read article

May 14, 2026 · 12 min read

Multi-Location Dental & DSO Cybersecurity: The Consolidation Problem

Why DSO and multi-location dental groups inherit the worst cybersecurity posture of their weakest practice — and the 4-quarter program that fixes it without slowing down acquisitions.

Dental practicesSMBEnterprise
Read article

May 14, 2026 · 12 min read

Multi-Office Law Firm Cybersecurity & Cyber Diligence in Legal M&A: The Consolidation Problem

Why multi-office firms and acquiring firms inherit the worst cybersecurity posture of their weakest office — and the 4-quarter program that fixes it without slowing down growth.

Law firmsSMBEnterprise
Read article

May 14, 2026 · 10 min read

Protecting Privileged Communications and Sealed Court Records: The Confidentiality Stack Every Small Law Firm Should Build

How small law firms actually protect attorney-client privileged communications, work product, and sealed court records in 2026 — the technical controls, the process controls, and the ABA-aligned stack.

Law firmsSMB
Read article

May 14, 2026 · 10 min read

Securing Dentrix, Eaglesoft, and Open Dental: A Practical Hardening Guide

A field-tested hardening guide for Dentrix, Eaglesoft, and Open Dental — server isolation, account hygiene, backup strategy, audit logging, and the specific defaults that get practices breached.

Dental practicesSMB
Read article

May 14, 2026 · 11 min read

Securing NetDocuments, iManage, Clio, MyCase, ProLaw, and PracticePanther: A Hardening Guide for Small Law Firms

A field-tested hardening guide for the document management and practice management systems law firms actually use — access controls, audit logs, MFA, BYOD policy, and the integration gaps that get firms breached.

Law firmsSMB
Read article

May 14, 2026 · 9 min read

Business Email Compromise in Dental Offices: The $50k Wire-Fraud Pattern

How BEC and wire fraud actually unfold in a dental practice — the supplier-impersonation pattern, the inbox-rule trick, the controls that catch it, and what to do in the first 4 hours.

Dental practicesSMB
Read article

May 14, 2026 · 11 min read

Dental Ransomware in 2026: Why Practice Management Systems Are the Number-One Target

Why ransomware operators target dental practices, how attacks land on Dentrix and Eaglesoft, what a real incident week looks like, and the controls that actually break the chain.

Dental practicesSMB
Read article

May 14, 2026 · 10 min read

Business Email Compromise in Law Firms: The Closing-Wire-Fraud Pattern That Keeps Costing Firms Millions

How BEC and closing-wire-fraud actually unfold in a law firm — the impersonation pattern, the inbox-rule trick, the controls that catch it, and what to do in the first four hours.

Law firmsSMB
Read article

May 14, 2026 · 11 min read

Law Firm Ransomware in 2026: Why Mid-Size Firms Are the New Sweet Spot for Ransomware Operators

Why ransomware operators target law firms specifically, how the attack chain works against a typical practice, what a real incident week looks like, and the controls that actually break the chain.

Law firmsSMB
Read article

May 13, 2026 · 15 min read

Intune for small businesses: when it is enough and when it is not

A practical SMB guide to where Microsoft Intune is enough on its own, where it starts to fall short, and how to make the decision without overspending or under-operating.

SMB
Read article

May 12, 2026 · 14 min read

Phishing training program for small business: what works

Learn how to build a phishing training program for small business employees with realistic simulations, easy reporting, and metrics that matter.

SMB
Read article

May 11, 2026 · 14 min read

Huntress vs SentinelOne for SMBs: what actually changes operationally

A practitioner-style comparison of Huntress and SentinelOne for small businesses, focused on operations, staffing, response ownership, and what actually changes after deployment.

SMB
Read article

April 27, 2026 · 12 min read

SOC 2 readiness for small businesses: what founders should do first

A practical guide to SOC 2 readiness for small businesses, including what founders should do first, what to avoid, and how to prepare without wasting money.

SMB
Read article

April 27, 2026 · 13 min read

EDR vs MDR vs XDR: A 2026 buyer's guide for small businesses

A practical 2026 buyer's guide to EDR, MDR, and XDR for small businesses, with honest recommendations, tradeoffs, and staffing realities.

SMBEnterprise
Read article
Phish or Real?

Company

  • About
  • Pricing
  • Get a briefing
  • Trust & Legal
  • For Procurement
  • Privacy
  • Terms
  • Refunds
  • Accessibility

© 2026 Obsidian Ridge. All rights reserved.

Confidential, practical cybersecurity support for individuals, businesses, and enterprise teams.