
CYBERSECURITY & COMPLIANCE
Businesses and the Private Sector
BUSINESSES AND THE PRIVATE SECTOR
Consultants Helping Dayton Area Businesses with Cybersecurity
BUSINESSES AND THE PRIVATE SECTOR
Consultants Helping Dayton Area Businesses with Cybersecurity

As businesses advance in technology, social trends, and continue to build consumer trust, we must continue to evolve and adapt with the increasingly complex cyber threats. Information Security Officers play a strategic role in providing the knowledge necessary for small businesses to advance and conduct business efficiently and securely. By developing strong security and risk management programs, small businesses can continue to innovate, grow, and offer advanced solutions to their customers with confidence.
As businesses advance in technology, social trends, and continue to build consumer trust, we must continue to evolve and adapt with the increasingly complex cyber threats. Information Security Officers play a strategic role in providing the knowledge necessary for small businesses to advance and conduct business efficiently and securely. By developing strong security and risk management programs, small businesses can continue to innovate, grow, and offer advanced solutions to their customers with confidence.
COMMON QUESTIONS RELATED TO PRIVATE SECTOR CYBERSECURITY
BUSINESSES AND THE PRIVATE SECTOR
Create a Customized Information Security Program for your Midwest Company
BUSINESSES AND THE PRIVATE SECTOR
Create a Customized Information Security Program for your Midwest Company
LMS Consulting goes beyond the “check a box” approach to information security compliance standards. Information security is not a “One size fits all” program. As your virtual CISO, LMS navigates the complex industry requirements and develops a customized Information Security Program for your financial institution. LMS is a Dayton are firm which guides Ohio small businesses to achieving higher security standards, stronger security awareness, and a more mature security posture by using a framework consisting of five core functions: Identify, Protect, Detect, Respond, and Recover.
IDENTIFY
LMS will help your small business develop an understanding of how to identify and manage cybersecurity risks to systems, data, people, assets, and capabilities. This is often completed using cybersecurity risk assessment frameworks such as NIST and the Payment Card Industry Standard.
PROTECT
LMS will help your small business outline the appropriate safeguards and protocols to protect all items identified. This may consist of access control changes, security awareness training, and/or adoption of policies and procedures.
DETECT
Your small business must have a way of detecting potential security incidents. Monitoring software, policies and procedures are necessary to quickly identify any new threats posed to the financial institution.
RESPOND
Your small business needs to develop an Incident Response Plan. LMS will build your business an Incident Response Plan to include plans for communication measures, system forensic analysis, mitigation actions, and incorporating future improvements.
RECOVER
Statistics show a strong correlation between incident/ breach recovery time and cost to a small business. A strong recovery plan supports timely recovery to normal operations to reduce the impact from a cybersecurity incident. The plan should consist of actions necessary to maintain resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
LMS Consulting will walk your small business through the PCI DSS by providing the risk assessment, expertise, report of findings, and remediation plan.
LMS is equipped to help your small business understand the requirements under the Ohio Chapter 1354, as well as walk your business through the necessary steps to remain in compliance.
We are highly experienced and ready to partner with you. Call or email LMS today for a free consultation.
WHAT IS PCI COMPLIANCE AND HOW DOES IT IMPACT MY DAYTON-BASED BUSINESS?
Payment Card Industry (PCI) compliance means a business must adhere to a set of guidelines created by the PCI Standards Council. These requirements will vary for each business based on data stored, technology used, and size of business. Whether your organization is based in Dayton, or another Midwest area, the general guidelines for PCI compliance include:
- Building and maintaining a secure network
- Protecting cardholder data
- Maintaining a vulnerability management program
- Implementation of strong access control measures
- Regularly monitoring and testing of networks
- Maintaining an Information Security Policy
HOW DO I QUALIFY UNDER OHIO’S DATA SECURITY SAFE HARBOR?
Ohio’s Chapter 1354: Businesses Maintaining Recognized Cybersecurity Programs is a safe harbor to protect businesses from lawsuits due to a data breach. Businesses may qualify by satisfying the requirements listed in Chapter 1354.02. These require your business to “create, maintain, and comply with a written cybersecurity program that contains administrative, technical, and physical safeguards for the protection of personal information and restricted information and that reasonably conforms to an industry recognized cybersecurity framework”.
SHOULD MY DAYTON-BASED CREDIT UNION HIRE A CISO?
Whether your organization is based in Dayton, other Ohio areas, or anywhere in the Midwest, a Chief Information Security Officer (CISO) can be critical in helping your financial institution develop an Information Security Program and maintain a strong security posture. Many companies have discovered a virtual CISO (vCISO) to an effective and cost-efficient way to achieve their goals. A vCISO will perform many of the same functions at a fraction of the cost.
vCISO Services should include:
- Security Plan and Risk Assessment Framework
- Governance and Board Strategy Development
- Corrective Action Plan Development and Execution Strategies
- Compliance Audit Guidance and Assistance
- Policy Development
- Security Awareness Program Development
- Social Engineering
- Incident Response Plan Development
- Business Continuity Planning
- Vulnerability Assessment and Penetration Testing
HOW MUCH DOES A CISO COST IN DAYTON, OH?
A Chief Information Security Officer (CISO) earns an average estimated salary ranging from $120,000 – $250,000 annually. This investment may be too much for a small to medium-sized company to handle. Many Dayton-based companies have discovered a virtual CISO (vCISO) to be an effective and cost-efficient way to achieve their goals. A vCISO will perform many of the same functions at a fraction of the cost.
IS MY MIDWEST COMPANY TOO SMALL TO BE ATTACKED?
According to a 2018 Verizon Data Breach Investigations Report, 58% of cyber-attack victims were small businesses. While all companies are susceptible to a cyber-attack, small businesses often have a more difficult time recovering from such an attack. Therefore, it is increasingly important for small businesses to develop strong Information Security Programs to protect their data.
HOW DO I STOP PHISHING?
Email phishing attempts are the most common method of cyber-attacks. These attempts continue to grow in sophistication, making detection increasingly difficult for your employees. While you cannot stop all phishing attempts, you can significantly reduce the risk of a data breach by following these guidelines:
- Email Filtering – Many of the top-recommended filtering software programs will block most spam emails. While this is necessary, it may also create a false sense of security since these phishing attempts are increasing in sophistication.
- Website Filtering – Companies should have filters setup to prohibit their users from navigating to potentially malicious websites. These websites may contain malware that can be downloaded onto your employee’s devices.
- Phishing Simulation – Building a strong security awareness culture and is much like building a muscle. With routine simulation and training, your staff will build these security “muscles”, which helps detect any attempts not stopped by software filters.
- Security Awareness Training – Security awareness training can improve your staff and make them your “eyes and ears” for cyber-defense. Strong security awareness programs help turn your staff into a human firewall. They should understand how to detect phishing attempts (whether from email, phone, or text), in-person masquerading by social engineers, USB drop attempts, etc.

LeBrun Management Solutions, LLC
3572 Dayton Xenia Road, Suite 210
Beavercreek, Ohio 45432
Phone (937) 912-9045
Email info@lmsolutionsllc.com
Website https://lmsolutionsllc.com
In addition to Dayton, we also serve those in Kettering, Centerville, Englewood, Huber Heights, Springboro, Columbus, Cincinnati, and other Ohio areas as well as Indiana and Kentucky.
BUSINESSES AND THE PRIVATE SECTOR
A Cybersecurity Consulting Firm Helping Small Businesses with PCI Compliance