Menu

Why I Lost Everything: A Personal Lesson for Iowa Business Owners

Meta Description: Edgar Ortiz shares the personal story of losing his previous business to a cyberattack and the five cybersecurity fundamentals every Des Moines business owner must implement to protect their equity.

URL Slug: /why-i-lost-everything-cybersecurity-lesson-iowa/

Most business owners believe they are too small to be a target. They assume that because they do not have a global footprint or a household name, they are invisible to cybercriminals. This is a dangerous misconception that results in the total loss of businesses every single year.

I know this because it happened to me.

Before leading CMIT Solutions of Des Moines and Overland Park, I owned a different business. I thought we were secure because we were small, localized, and "under the radar." I was wrong. A single breach wiped out years of hard work, financial stability, and the future of that company. I lost everything.

That experience is exactly why I do what I do today. It is the reason CMIT exists with a mission of "military precision" in IT management. I want to ensure that no other Iowa business owner has to sit in a quiet office and realize their livelihood has vanished because of a preventable technical failure.

The Myth of Being "Too Small to Target"

In the Des Moines metro area, from West Des Moines to Ankeny, we have a thriving community of small and mid-sized businesses (SMBs). Many of these owners feel safe because they aren't Fortune 500 companies.

Cybercriminals do not think like traditional burglars. They do not pick a specific building and watch it for weeks. Instead, they use automated bots to scan the entire internet for open "doors": unpatched software, weak passwords, or lack of multi-factor authentication (MFA).

To an automated script, your business is not a name or a legacy; it is an IP address with a vulnerability. If that script finds a way in, it will deploy ransomware or steal data regardless of your revenue size. In fact, SMBs are often preferred targets because they typically have weaker defenses and no dedicated security leadership.

My Story: The Day the Screens Went Dark

It started as a normal Friday. We were focused on operations, closing out the week, and looking forward to the weekend. Then, the systems slowed down. Within an hour, we were locked out of our own data.

The feeling of helplessness is difficult to describe. You realize that every invoice, every client record, and every proprietary process is now in the hands of someone who wants to extort you. When you lose your data, you lose your ability to serve your customers. When you can’t serve your customers, you no longer have a business.

The financial impact was immediate, but the reputational damage was the final blow. Trust is the currency of business in Iowa. Once that trust is broken by a data breach, it is nearly impossible to earn back. That failure taught me that IT is not a "background task." It is the foundation of business continuity.

Smartphone and tablet on a Des Moines boardroom table showing a detected cyber threat vulnerability.

The 5 Fundamentals of Operational Hygiene

To protect your business, you must move away from "hope-based" security. You need a framework that treats IT as a disciplined operation. At CMIT, we focus on five fundamentals that every leader must verify within their organization.

1. Multi-Factor Authentication (MFA)

Password theft is the leading cause of unauthorized access. MFA requires a second form of verification, such as a code from an app or a physical token.

  • The Goal: Ensure that even if a password is stolen, the account remains inaccessible.
  • Measurable Outcome: 99% reduction in risk from automated credential attacks.

2. Disciplined Patching and Vulnerability Management

Software companies constantly release updates to fix security holes. If your systems are not updated immediately, you are leaving a door unlocked.

  • The Goal: Close known security gaps before they can be exploited.
  • Measurable Outcome: Faster closing of the "vulnerability window" and reduced technical debt.

3. Backup Integrity and Regular Testing

Having a backup is not the same as being able to recover. Many businesses discover their backups are corrupted or incomplete only after a disaster occurs.

  • The Goal: Maintain offsite, immutable backups that are tested at least monthly.
  • Measurable Outcome: Guaranteed recovery time objectives (RTO) that minimize downtime.
  • Learn more about our backup and disaster recovery services.

4. Endpoint Protection with 24/7 Monitoring

Standard antivirus is no longer enough. Modern threats require Endpoint Detection and Response (EDR) and Managed Detection and Response (MDR). This means having "eyes on glass" 24 hours a day.

  • The Goal: Detect and isolate a threat the moment it enters a device, long before it reaches the server.
  • Measurable Outcome: Faster detection and immediate isolation of malicious activity.
  • Explore our cybersecurity solutions.

5. Documented Policies and Incident Response

Technology cannot solve a people problem. You must have written policies regarding data handling and a clear, rehearsed plan for what happens if a breach occurs.

  • The Goal: Eliminate confusion during a crisis and ensure every employee knows their role in security.
  • Measurable Outcome: Clear accountability and reduced "panic" response during an event.

IT Team Collaboration

Compliance as Operational Hygiene

Many executives in healthcare, finance, and manufacturing view compliance (like HIPAA, SEC rules, or CMMC) as a "checkbox" exercise or a legal burden.

We view it differently. Compliance is simply high-level operational hygiene. If you are meeting the standards required by your industry, you are naturally building a more resilient business. This isn't about satisfying a regulator; it is about protecting your valuation.

As we approach major global events like the 2026 World Cup, cyber activity tends to spike as attackers use the distraction of high-traffic events to launch phishing campaigns. Maintaining rigorous hygiene year-round ensures that these external distractions don't become internal disasters.

The Value of a vCISO

Most SMBs in Iowa cannot justify the $250,000 salary of a full-time Chief Information Security Officer (CISO). However, they still face the same risks as a global bank.

This is where a Virtual CISO (vCISO) becomes a strategic asset. A vCISO provides executive-level guidance, risk assessment, and governance without the full-time overhead. They help you bridge the gap between "IT that works" and "IT that is secure."

A vCISO focuses on:

  • Risk Management: Identifying where the business is most vulnerable.
  • Cyber Insurance Readiness: Ensuring your controls meet the strict requirements of modern insurance carriers to prevent claim denials.
  • Strategic Alignment: Making sure your technology investments actually support your long-term business goals.

Strategic IT governance layers protecting a city skyline to ensure long-term business resilience.

Shifting the Conversation

Leadership needs to stop asking "What does this IT project cost?" and start asking "How does this protect our equity?"

If you lost access to your systems today, how many days could your business survive? For many, the answer is less than a week. Cybersecurity is no longer an "IT issue": it is a fundamental business risk that belongs in the boardroom.

By implementing the five fundamentals and treating IT compliance as a standard of excellence, you are not just "buying security." You are investing in the permanence of your company.

This is why I am so passionate about the work we do at CMIT Solutions. We don't just fix computers; we protect the dreams and hard work of Iowa business owners. We use a disciplined, military-grade approach to ensure that your "Friday afternoon" never turns into the day you lose everything.

Take the Next Step

Protecting your business starts with understanding your current risk profile. Don't wait for a crisis to find out where your gaps are.

If you want to move from uncertainty to clarity, start with a professional cybersecurity assessment. We can help you identify your vulnerabilities and build a roadmap to true operational resilience.

Edgar Ortiz
CEO, CMIT Solutions of Des Moines and Overland Park
Contact Us Today

Back to Blog

Share:

Related Posts

How Des Moines Businesses Use AI & EOS to Scale Smarter | CMIT Solutions

The Des Moines Advantage: Local Businesses Leading the Change Des Moines business…

Read More

Why Everyone Is Talking About AI Governance (And You Should Too)Why Everyone Is Talking About AI Governance (And You Should Too)

Most business leaders think AI governance is something for tech companies to…

Read More

Is Your Business IT Services Company Actually Blocking Hackers? (The Truth Might Surprise You)

Most business owners in Ankeny, West Des Moines, and Urbandale assume their…

Read More