Skip to content
We Handle Tech // Cyber

Field Notes

Cybersecurity, written for the businesses that actually need it.

Plain-language guides, breach commentary, and compliance breakdowns — built for small and mid-size businesses, by the engineers in our SOC. No fear-marketing. No vendor pitches. Just what works.

All topics Security Basics Compliance Cyber Insurance How-To Carolinas
Most recent

The latest from our SOC.

Security Basics MFA, plainly: what it is, why your insurance asks, and the three ways small businesses get it wrong. 6 min · Jun 10 Security Basics What is a SOC, and does your small business actually need one? 7 min · Jun 10 How-To What a 2026 phishing email actually looks like (and why your training is out of date). 8 min · Jun 10 Compliance The HIPAA Security Risk Assessment most small practices get wrong. 9 min · Jun 10 Carolinas · RIA What an SEC examiner actually looks for at a small RIA. 8 min · Jun 10
Category

Security Basics

View all →
Security Basics

MFA, plainly: what it is, why your insurance asks, and the three ways small businesses get it wrong.

Multi-factor authentication blocks 99% of automated account attacks. Most SMBs deploy it halfway. Here's the no-jargon version — and the three mistakes we see at almost every audit.

WHT Engineering · 6 min
Security Basics

What is a SOC, and does your small business actually need one?

Security Operations Center. SOC. MDR. MSSP. The acronyms blur. Here's what these services actually do, what they cost, and the questions to ask before you pay anyone to watch your alerts.

WHT Engineering · 7 min
How-To

What a 2026 phishing email actually looks like.

Broken English and weird URLs are gone. Here's what modern phishing actually looks like — and the five patterns your employees still need to recognize.

WHT Engineering · 8 min
Category

Compliance & Regulation

View all →
HIPAA · Compliance

The HIPAA Security Risk Assessment most small practices get wrong.

OCR isn't auditing your antivirus license. They want a documented risk assessment that maps to 45 CFR § 164.308. Here's the 8-page version your auditor will accept.

WHT Engineering · 9 min
RIA · SEC

What an SEC examiner actually looks for at a small RIA.

Reg S-P, the proposed cybersecurity rule, and the 2026 exam priorities — in plain English, with the controls that satisfy them.

WHT Engineering · 8 min
Cyber Insurance

Your cyber insurance renewal questionnaire, line by line.

Underwriters are tightening every clause. Here's what each control actually means, what evidence to keep, and where to push back.

WHT Engineering · 12 min

Need this turned into a real plan for your environment?

A 30-minute call. No deck, no pressure. If we're not a fit, you walk away with notes.

Book the call See the stack →