Picture the fire alarm at midnight.

One guard thinks it’s a drill, has a snack, and twenty minutes later half the wing is smoke-logged.

Swap flames for PHI and you’ve got our recent near miss: an after-hours alert brushed off as “probably a test,” triggering fines none of us budgeted for.

Block 45 minutes this week for a no-notice tabletop exercise.

Phones, pagers, personal email—see who shows up and how fast.

How do you make sure your team can tell a drill from the real thing?

Need motivation? 
Watch one of our short Cyber Attack Awareness videos and count how many controls you spot missing. https://www.reintivity.com/how-vulnerable-is-your-greater-chicago-business-to-cyber-attacks/

This content was originally posted on Linkedin.

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....

Ever cleared a new lane on the highway only to see traffic jam up anyway?

That’s what can happen during a cloud-migration: shiny route, hidden bottleneck.

Legacy imaging servers—the ones humming in a back closet—often hold untracked dependencies.
If you flip the switch without spotting them first, files stall, scans repeat, and schedules slide.

Take five minutes today and inventory one DICOM node that predates your youngest team member.
Map every system that still calls it home, then book its retirement before your next cut-over.
Future you—and every patient downstream—will thank you.

Need a step-by-step for zero-downtime hand-offs?

Grab my one-page Launch-Readiness Checklist.

Which dusty server is still hiding in your equipment closet?

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....

Snapped this at the gate this morning. Before a plane leaves, a crew runs checklists, ground teams prep, and the pilot makes the final call.

Security in business works the same way.

Every business needs a security auditor.

You don’t have to be one—but you do need one on your team (and a leader who turns their findings into business wins).

When I help clients build tech teams, here’s the split that actually works:
– Auditors map controls to recognized frameworks (NIST CSF, PCI DSS) and test what’s real—not what’s hoped.
– Leaders translate those controls into budgets, deadlines, and workflows people can run every day.

What “great” looks like in plain English:

• Advice you can act on (not just checklists).
• Communication that calms—clear updates, no scare tactics.
• Ongoing education + teamwork so the same problem doesn’t boomerang.

Next: Conduct a sanity check for your upcoming project(s) to verify where a security auditor and a clean plan fits.

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....

Because attackers don’t just guess—they trick and reuse.

Here’s what actually moves the needle:

1. MFA/passkeys on the money apps (email, payroll, finance, anything customer-facing).
2. Password manager for everyone to end the “Summer2025!” habit.
3. Monthly/quarterly phishing drill: one test, measure report rate, share lessons—no shaming.

Add login alerts on critical systems so strange sign-ins don’t become strange invoices.

Security works when it feels boring and repeatable. If you make these three habits default, you’ll drop a lot of risk without buying another tool.

What’s the one habit you’ll start this week—MFA/passkeys, password manager, or monthly drill?

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....

Yesterday a Chicagoland CFO sent an SOS:
“Our interface froze for 17 minutes—delayed care and $28K in overtime.”

In the manuscript I’m polishing, we tackle moments like this with the CARE Modernization™ Framework:

1. CLARIFY the real-world stakes (patients, revenue, reputation)
2. ALIGN every leader on a downtime-proof roadmap
3. REGULATE early—security, compliance, funding in one loop
4. ENGAGE teams to deliver upgrades without disruption

Each cover draft reminds me the real “cover” we need is a resilient tech backbone—so clinicians focus on care, not spinning hourglasses or “system unavailable” banners.

Skim the 2-page overview (PDF) — low-commitment read
Join the launch team — early preorder links & share graphics

Thanks for following the journey. Let’s turn downtime stories into uptime victories together.

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....

A plain-English playbook for Providers, Payers & Population-Health Leaders to secure and scale IT.

Why it matters

1. Silence hidden tech threats draining budgets & morale
2. Turn downtime into growth time with the CARE Modernization™ Framework
3. Lead with confidence—no coding required

What you’ll master

• Clarify the Wins 
• Align the Teams 
• Regulate as You Build 
• Engage for Lift-Off

Grab the 2-page overview (PDF) – low-commitment skim
Join the launch team – early preorder links + share-graphics

Huge thanks to every colleague who offered feedback, tools, or cheer-squad energy—you made this milestone possible. If you know someone wrestling with outdated tech, tag them below and let’s turn hidden threats into mission momentum together!

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....

Recently, the FBI, Microsoft, and global law-enforcement partners pulled the plug on Lumma Stealer—the most widely used “info-stealer-as-a-service” on the dark web. The takedown removed 2,300+ malicious domains and shuttered the control panels criminals used to sell stolen logins and crypto-wallet keys.

Why does this matter to boards and P&L owners?

1. Credentials are today’s crown jewels. Lumma was linked to at least 1.7 million successful breaches—the prelude to ransomware, wire-fraud, and IP theft. 
2. Cybercrime is now “productized.” For as little as $250 a month, any bad actor could rent Lumma like Salesforce. That subscription model collapses the barrier to entry and multiplies the number of attackers. 
3. Takedowns buy time, not immunity. History shows that criminal crews rebrand or rebuild within weeks. The question isn’t if they return—but whether we use the pause to raise our defenses.

Executive next steps:

• Demand multifactor authentication everywhere. One-time codes or passkeys stop credential replay cold.
• Ask for a “privileged-access” map. Finance systems, email and backups should be behind extra checks.
• Test incident response quarterly. If a fake invoice lands tomorrow, who pulls the plug and who calls legal?
• Budget for continuous discovery. Ensure IT can see every SaaS account, shadow server, and remote worker.

Suggest reading: Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer – Microsoft

Cybersecurity is ultimately a business resilience investment. Use the Lumma takedown as a boardroom moment: applaud the good news—then fund the controls that keep it that way.

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....

The Rising Stakes of Data Privacy.

Whether you’re running a family-owned retail shop, growing a medical practice, or managing multiple office locations, if you handle customer or employee data, privacy compliance applies to you.

In Illinois, two of the strictest privacy laws in the country—the Biometric Information Privacy Act (BIPA) and the Personal Information Protection Act (PIPA)—create clear legal obligations that can cost thousands (or millions) if ignored.

As an IT consultant who works with small and midsize businesses across the state, I’m here to break down what you need to know and how you can protect your business before problems arise.

Understanding Key Illinois Privacy Laws

Biometric Information Privacy Act (BIPA)

BIPA regulates how private businesses collect, use, and store biometric data like fingerprints, facial scans, and retina scans. It requires:

• Informed written consent before collecting or storing biometric data.
• Disclosure of the specific purpose and storage duration.
• A public retention and destruction policy.
• A strict prohibition on selling or profiting from biometric data.
• Private right of action, meaning individuals can sue your business for violations.

Even something as common as a fingerprint time clock or facial recognition camera falls under BIPA. Penalties and fines can be applied for violations of negligence, recklessness or intentional action.

Personal Information Protection Act (PIPA)

PIPA focuses on safeguarding broader categories of personal data, including Social Security numbers, driver’s license numbers, medical and health insurance information, account numbers, and login credentials.

It requires:

• Prompt breach notification to affected Illinois residents.
• Reporting breaches to the Illinois Attorney General (if 500+ individuals are impacted).
• Reasonable security measures to protect data.
• Proper disposal of sensitive data.
• Contracts with third parties that require them to maintain security.

Violations are considered unlawful practices under the state’s Consumer Fraud Act and can result in enforcement actions.

Common Compliance Pitfalls

Despite the legal requirements, many businesses unintentionally fall short. Here are some of the most common missteps:

• Using biometric time clocks without proper notice or consent.
• Collecting customer or employee data without a written policy or retention schedule.
• Failing to implement encryption, firewalls, or access controls.
• Assuming that cloud storage providers automatically ensure compliance.
• Not having an incident response plan or breach notification process.

Often, the biggest risk comes not from bad intentions but from lack of awareness.

Steps Toward Compliance: IT Consultant’s Checklist

Here is a practical checklist to help your business align with Illinois privacy laws:

1. Audit Your Data: Know what types of personal and biometric data you collect, where it’s stored, who has access, and how long you keep it.
2. Create a Written Privacy Policy: Include clear language about data collection, usage, retention, and destruction.
3. Implement Consent Procedures: Obtain written consent before collecting biometric data and explain how it will be used.
4. Secure Your Systems: Use encryption, secure user authentication, regular patching, and monitoring to protect stored data.
5. Train Your Employees: Ensure your staff understands data privacy procedures and how to respond to data incidents.
6. Plan for Breaches: Develop and test an incident response plan, including breach notification protocols.
7. Review Vendor Contracts: Make sure service providers who access your data agree to meet your security requirements.

The Cost of Non-Compliance

Non-compliance isn’t just a legal problem—it can be a business-ending event. Illinois courts have upheld massive BIPA settlements, with some cases costing businesses millions in damages. A single fingerprint scan collected without consent can lead to multiple violations, each carrying its own penalty.

With PIPA, a data breach could force you to notify thousands of customers, face scrutiny from the Attorney General, and deal with damaged customer trust.

Tools and Tech That Can Help

Fortunately, the right tools can make compliance manageable:

• Consent management platforms to track and store written consents.
• Data loss prevention (DLP) software to monitor sensitive information.
• Security information and event management (SIEM) tools for real-time alerts.
• Encryption solutions for both stored and transmitted data.
• Automated backups with secure, offsite storage.

Don’t overlook free or low-cost training platforms to keep your team informed.

Make Privacy a Business Priority

Privacy compliance isn’t a one-time fix—it’s an ongoing responsibility. If you collect any form of personal or biometric data, you are legally and ethically responsible for protecting it.

By investing in secure systems, clear policies, and proper staff training, you’re not just avoiding fines—you’re building customer trust and long-term resilience.

If you’re unsure where to start or whether your current practices meet Illinois standards, now is the time to act.

Local IT consultants, privacy professionals can help you:

• Audit your systems and data handling practices
• Develop legally sound policies and consent forms
• Deploy the right technologies for security and monitoring
• Train your team to maintain compliance

Don’t wait until a lawsuit or a breach that forces your hand. Reach out to a trusted local technology expert today and take control of your privacy compliance strategy.

This content was originally posted on Medium

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....

They almost got me.

A week ago, we filed a new trademark application.
Yesterday morning, we got an email.
Looked official.
Said a few items were missing from the application.
Said we needed to send info to the USPTO.

All day, I was thinking about that email.
Telling myself, get the info together.
Don’t want to mess up the process.
Don’t want our application rejected.

Last night, I looked at the email again.
Something felt off.
Email address? Looked funny.
Didn’t have the right domain.
No links. No instructions.
Just the USPTO logo. That’s it.

So I went straight to USPTO.gov.
Logged in. Checked the application.
Nothing missing. No errors.
Everything looked fine.

Then I found the real email from USPTO when I first applied.
It said—watch out for scams.
Said all emails would come from USPTO.gov.

That email I got yesterday morning?
Didn’t have that domain.
Scam.

Took it a step further.
Used WHO.IS to check the sender’s domain.
Domain was created yesterday.
Classic scam move.

They almost got me.
But not in this attempt.

If I had been rushing yesterday morning…
If I had replied with info…
I would’ve given them sensitive details about me and our business.
Worse—I would’ve shown them I’m willing to communicate.

They could’ve kept emailing us.
Asking for more.
And I might’ve sent it.

So—watch those email addresses.
Check the content.
Don’t rush.

This content was originally posted on Medium

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....

I’ve met countless professionals who believe that earning certifications like CISSP, CISM, Security+, etc. is the key to advancing their careers. And while certifications are valuable—they demonstrate expertise, commitment, and a solid understanding of best practices—there’s one critical skill they don’t teach: how to communicate security and technology risks in a way that leadership understands.

I have several myself: CISSP, PMP, ITIL, MCSE and more — each one has helped me gain deeper technical knowledge and industry credibility. But none of them, on their own, prepared me for the real challenge of leadership: translating complex security concepts into business priorities.

A few weeks ago, I spoke with a colleague who had just completed a major certification. He was feeling confident about his technical knowledge, but then he walked into a leadership meeting and was asked to explain why his team’s proposed security initiative mattered to the business. He knew the technical details inside and out, but when it came to making the case to executives—framing security as a business priority rather than a technical challenge—he struggled.

That moment made it clear: Certifications don’t prepare you for the real challenges of leadership.

The Gap Between Certifications and Real-World Leadership

Certifications focus on frameworks, methodologies, and compliance—which are important. But in the real world, professionals must be able to:

• Translate security risks into business impact.
• Justify IT investments in terms of ROI.
• Persuade leadership to prioritize security initiatives.

I’ve seen too many skilled IT professionals hit a ceiling in their careers—not because they lack knowledge, but because they struggle to communicate complex ideas in a way that decision-makers care about.

For example, if you’re discussing Zero Trust security with your executive team, you need to go beyond saying,

“Zero Trust limits network access to reduce attack surfaces.”

Instead, translate that into business terms:

“Zero Trust ensures that only the right people have access to critical systems, reducing the likelihood of a data breach that could cost us millions in fines and lost customer trust.“

This shift in communication changes the conversation—and ultimately determines whether your initiatives get the support they need.

Three Skills Every Cybersecurity and IT Leader Needs

If you want to stand out and drive real change, focus on developing these three essential leadership skills:

1. Storytelling & Business Impact

Leaders don’t respond to jargon and technical specs—they respond to narratives that connect security to real business challenges.

• Instead of saying: “We need to implement multi-factor authentication (MFA) to strengthen security.”
• Say: “Over 80% of breaches come from weak passwords. MFA would immediately reduce our risk of unauthorized access, protecting both our data and our reputation.”

The difference? One statement sounds like an IT upgrade. The other sounds like a business necessity.

2. Risk-Based Decision Making

Security isn’t about eliminating all risks—it’s about prioritizing the most critical ones without disrupting operations.

• Understand risk appetite — how much risk your company is willing to tolerate.
• Learn how to quantify risk in dollars — leaders want to know what a security failure could cost the business.
• Frame recommendations in terms of business value, not just security best practices.

Example: Instead of saying, “This patch reduces vulnerabilities,” explain, “This patch could prevent an outage that would cost us $50K in lost revenue per hour.”

3. Stakeholder Influence & Negotiation

Your ability to secure buy-in for security initiatives determines whether they actually get implemented.

• Speak the language of finance, operations, and executive leadership—not just IT.
• Identify the real drivers behind security decisions (often compliance, customer trust, or financial impact).
• Build relationships before you need them—so when a crisis arises, decision-makers already trust your expertise.

If you can’t convince the CFO or CEO why security investments matter, even the best technology solutions will go underfunded or deprioritized.

How to Develop These Skills (Beyond Certifications)

So, how do you bridge the gap between technical expertise and executive influence?

1. Start practicing now. Present security insights to non-technical colleagues and get feedback on clarity.
2. Study leadership communication. Take courses on storytelling, negotiation, and business strategy.
3. Follow cybersecurity leaders who articulate security in business terms—watch how they frame discussions.
4. Get involved in executive-level conversations. Don’t just sit in IT meetings—engage with finance, operations, and leadership.

The professionals who stand out are the ones who combine technical depth with the ability to communicate its value to the business.

Certifications prove what you know—but your ability to connect security to business priorities is what sets you apart.

If you’re serious about advancing in cybersecurity or IT leadership, ask yourself:
Are you just learning technical frameworks, or are you preparing to lead?

Tech skills get you in the door. Communication skills put you at the table.

Are you ready for that next-level conversation?

Get more great content at WylieBlanchard.com... Need a great speaker for your next event, contact us to book Wylie Blanchard now.
Learn what clients are saying about his programs....