{"id":883,"date":"2026-05-07T14:49:00","date_gmt":"2026-05-07T19:49:00","guid":{"rendered":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/?p=883"},"modified":"2026-05-08T15:02:27","modified_gmt":"2026-05-08T20:02:27","slug":"what-should-a-business-cybersecurity-plan-include","status":"publish","type":"post","link":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/","title":{"rendered":"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall"},"content":{"rendered":"<h2><b>Key Takeaways<\/b><\/h2>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Cybersecurity is a layered strategy, not a single product<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Employees are a critical line of defense and require ongoing training<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">MFA and strong password practices can prevent the majority of breaches<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Incident response planning is essential for minimizing damage<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Continuous monitoring is required in today\u2019s threat landscape<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Cybersecurity plans must be tailored to each business<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">In today\u2019s rapidly evolving threat landscape, understanding <a href=\"https:\/\/cmitsolutions.com\/it-services\/cybersecurity\/\">what should a business cybersecurity plan include<\/a> is no longer optional\u2014it\u2019s essential. The recent episode of Behind the Firewall podcast reveals many small and mid-sized businesses still believe cybersecurity is just about installing antivirus software. In reality, it\u2019s a comprehensive, layered strategy designed to protect people, systems, and data from increasingly sophisticated attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Drawing insights from Edgar Ortiz of CMIT Solutions, this guide translates expert advice into practical, business-focused cybersecurity strategies.<\/span><\/p>\n<h2><b>Cybersecurity Is a Strategy, Not a Product<\/b><\/h2>\n<p><span style=\"font-weight: 400\">One of the biggest misconceptions highlighted on Behind the Firewall is that cybersecurity can be solved with a single tool.<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u201cThey think cybersecurity is just one product. It\u2019s not\u2014it\u2019s a layered defense strategy.\u201d \u2014 Edgar Ortiz<\/span><\/p>\n<p><span style=\"font-weight: 400\">Antivirus software alone is no longer sufficient. Modern threats\u2014ransomware, AI-driven phishing, and social engineering\u2014require a dynamic, multi-layered defense approach.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Think of cybersecurity like home security: a lock on the door isn\u2019t enough. You need monitoring, alerts, and awareness working together.<\/span><\/p>\n<h2><b>The 7 Essential Layers of a Cybersecurity Plan<\/b><\/h2>\n<p><span style=\"font-weight: 400\">According to Edgar Ortiz of CMIT Solutions, every small to mid-sized business should implement these seven critical layers:<\/span><\/p>\n<h3><b>1. Endpoint Protection (EDR)<\/b><\/h3>\n<p><span style=\"font-weight: 400\">Advanced, behavior-based protection for laptops, desktops, and servers that can detect and stop threats like ransomware in real time.<\/span><\/p>\n<h3><b>2. Email Security<\/b><\/h3>\n<p><span style=\"font-weight: 400\">Since over 90% of attacks begin with email, advanced filtering is essential to block phishing, malicious attachments, and impersonation attempts.<\/span><\/p>\n<h3><b>3. DNS Filtering<\/b><\/h3>\n<p><span style=\"font-weight: 400\">Prevents access to dangerous websites, stopping threats before they even reach your systems.<\/span><\/p>\n<h3><b>4. Multi-Factor Authentication (MFA)<\/b><\/h3>\n<p><span style=\"font-weight: 400\">One of the most effective controls against unauthorized access\u2014especially for email, cloud apps, and administrative accounts.<\/span><\/p>\n<h3><b>5. Dark Web Monitoring<\/b><\/h3>\n<p><span style=\"font-weight: 400\">Provides early warning if employee credentials are exposed in data breaches.<\/span><\/p>\n<h3><b>6. SIEM (Security Information and Event Management)<\/b><\/h3>\n<p><span style=\"font-weight: 400\">Gives visibility into your environment by collecting and analyzing logs to detect real threats.<\/span><\/p>\n<h3><b>7. Security Awareness Training<\/b><\/h3>\n<p><span style=\"font-weight: 400\">Often the most overlooked\u2014but most important\u2014layer.<\/span><\/p>\n<h2><b>Why Employees Are Your First Line of Defense<\/b><\/h2>\n<p><span style=\"font-weight: 400\">A recurring theme from the podcast is that cybersecurity isn\u2019t just technical\u2014it\u2019s human.<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u201c90% of successful cyberattacks start with a human decision.\u201d \u2014 Edgar Ortiz<\/span><\/p>\n<p><span style=\"font-weight: 400\">Employees are frequently the entry point for attacks, whether through phishing emails or social engineering tactics.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Effective programs\u2014like those implemented by CMIT Solutions\u2014focus on:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Monthly micro-training<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Simulated phishing campaigns<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Real-time coaching after mistakes<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">This approach transforms employees from a vulnerability into a powerful defense layer.<\/span><\/p>\n<h2><b>The Importance of Strong Passwords and MFA<\/b><\/h2>\n<p><span style=\"font-weight: 400\">Credential-based attacks remain one of the biggest risks.<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u201cIf you fix passwords and authentication, you eliminate most of your risk.\u201d \u2014 Edgar Ortiz<\/span><\/p>\n<p><span style=\"font-weight: 400\">Best practices include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Using long passphrases (14+ characters)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Avoiding password reuse<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Using a password manager<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Enabling MFA everywhere possible<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Authenticator apps or hardware keys provide stronger protection than SMS-based authentication.<\/span><\/p>\n<h2><b>What to Do in the First Hour After a Breach<\/b><\/h2>\n<p><span style=\"font-weight: 400\">One of the most practical takeaways from Behind the Firewall is how to respond when something goes wrong.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The first hour is critical:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><b>0\u201310 minutes:<\/b><span style=\"font-weight: 400\"> Contain the threat by isolating systems (without shutting them down)<\/span><\/li>\n<li style=\"font-weight: 400\"><b>10\u201320 minutes:<\/b><span style=\"font-weight: 400\"> Notify your incident response team and cyber insurance provider<\/span><\/li>\n<li style=\"font-weight: 400\"><b>20\u201335 minutes:<\/b><span style=\"font-weight: 400\"> Preserve evidence and document actions<\/span><\/li>\n<li style=\"font-weight: 400\"><b>35\u201350 minutes:<\/b><span style=\"font-weight: 400\"> Assess scope and rotate credentials<\/span><\/li>\n<li style=\"font-weight: 400\"><b>50\u201360 minutes:<\/b><span style=\"font-weight: 400\"> Activate internal communication with leadership and legal teams<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Preparation\u2014not reaction\u2014is what makes the difference during a breach.<\/span><\/p>\n<h2><b>Customizing Your Cybersecurity Plan<\/b><\/h2>\n<p><span style=\"font-weight: 400\">CMIT Solutions emphasizes that no two businesses are alike.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Cybersecurity strategies should be built around:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><b>Industry requirements<\/b><span style=\"font-weight: 400\"> (HIPAA, PCI, etc.)<\/span><\/li>\n<li style=\"font-weight: 400\"><b>Business size<\/b><span style=\"font-weight: 400\"> and infrastructure<\/span><\/li>\n<li style=\"font-weight: 400\"><b>Risk profile<\/b><span style=\"font-weight: 400\"> and data sensitivity<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">A structured implementation roadmap typically includes:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">30-day plan: Address critical vulnerabilities<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">60-day plan: Deploy core security controls<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">90-day plan: Establish monitoring and response<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">12-month roadmap: Mature and optimize the program<\/span><\/li>\n<\/ul>\n<h2><b>Cybersecurity and Compliance Go Hand in Hand<\/b><\/h2>\n<p><span style=\"font-weight: 400\">Rather than treating compliance as a checklist, the smarter approach is to build strong security first.<\/span><\/p>\n<p><span style=\"font-weight: 400\">As discussed in the podcast, when proper controls are in place\u2014such as access management, encryption, and monitoring\u2014compliance naturally follows.<\/span><\/p>\n<h2><b>Continuous Monitoring Is Non-Negotiable<\/b><\/h2>\n<p><span style=\"font-weight: 400\">Cyber threats evolve constantly, which means cybersecurity cannot be static.<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u201cCybersecurity isn\u2019t a project you finish. It\u2019s an ongoing practice.\u201d \u2014 Edgar Ortiz<\/span><\/p>\n<p><span style=\"font-weight: 400\">Modern security programs require:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Continuous vulnerability scanning<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Regular penetration testing<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Quarterly reviews<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Annual formal assessments<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Businesses that treat cybersecurity as a continuous process are far better positioned to prevent and respond to attacks.<\/span><\/p>\n<h2><b>Building a Resilient Business with Cybersecurity<\/b><\/h2>\n<p><span style=\"font-weight: 400\">Understanding <a href=\"https:\/\/cmitsolutions.com\/it-services\/cybersecurity\/\">what should a business cybersecurity plan include<\/a> is the foundation of a resilient organization. Insights from Behind the Firewall and experts like Edgar Ortiz at CMIT Solutions make one thing clear: cybersecurity is not about buying tools\u2014it\u2019s about building a living, evolving strategy.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Businesses that adopt a layered approach, invest in employee awareness, and commit to continuous improvement will be far better equipped to navigate today\u2019s complex threat landscape.<\/span><\/p>\n<h2><b>FAQs<\/b><\/h2>\n<h3><b>What is the most important part of a cybersecurity plan?<\/b><\/h3>\n<p><span style=\"font-weight: 400\">A layered defense strategy that combines technology, processes, and employee awareness.<\/span><\/p>\n<h3><b>Is antivirus software enough for protection?<\/b><\/h3>\n<p><span style=\"font-weight: 400\">No. Antivirus alone cannot defend against modern threats like phishing, ransomware, and AI-based attacks.<\/span><\/p>\n<h3><b>How often should cybersecurity training be conducted?<\/b><\/h3>\n<p><span style=\"font-weight: 400\">Training should be continuous, with monthly updates and regular phishing simulations.<\/span><\/p>\n<h3><b>Why is multi-factor authentication so important?<\/b><\/h3>\n<p><span style=\"font-weight: 400\">MFA drastically reduces the risk of unauthorized access, even when passwords are compromised.<\/span><\/p>\n<h3><b>How often should a cybersecurity plan be reviewed?<\/b><\/h3>\n<p><span style=\"font-weight: 400\">Quarterly reviews combined with continuous monitoring are recommended to stay ahead of evolving threats.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h4>Podcast Transcript:<\/h4>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> Hi everybody, I\u2019m your host, Mike Downer on <\/span><i><span style=\"font-weight: 400\">Behind the Firewall<\/span><\/i><span style=\"font-weight: 400\">. I\u2019m here again with Edgar Ortiz, owner and managing partner of CMIT Solutions of Des Moines. How are you doing today, Edgar?<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> We\u2019re doing excellent\u2014really happy to be here for another episode.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> Absolutely. Today, we\u2019re discussing one of your favorite topics: what a small business cybersecurity plan should actually include. So let me ask you\u2014what are the essential components of a cybersecurity plan for a small to mid-sized business, and how do you build one?<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> That\u2019s a great place to start, because this is where most small businesses get it wrong. They think cybersecurity is just one product. It\u2019s not\u2014it\u2019s a layered defense strategy.<\/span><\/p>\n<p><span style=\"font-weight: 400\">We typically talk about seven layers every small business should have:<\/span><\/p>\n<p><span style=\"font-weight: 400\">Layer one is endpoint protection\u2014modern EDR (Endpoint Detection and Response). This should be running on every laptop, desktop, and server. Not just consumer antivirus like Norton\u2014this is behavior-based detection that can stop ransomware before it encrypts your files.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Layer two is email security. Over 90% of cyberattacks start with email. You need advanced filtering to catch phishing, malicious attachments, and business email compromise\u2014especially with AI making attacks more convincing.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Layer three is DNS filtering. This blocks malicious websites at the network level, stopping malware before it downloads.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Layer four is multi-factor authentication (MFA). This should be on everything\u2014email, VPN, cloud apps, admin accounts. It\u2019s one of the most effective controls against credential-based attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Layer five is dark web monitoring. If employee credentials show up in a breach, you need to know immediately and force password resets.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Layer six is security information and event management (SIEM). This collects and analyzes logs across systems to detect real threats. Without it, you\u2019re essentially blind.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Layer seven is security awareness training. Most attacks happen due to human error, so you must train employees continuously.<\/span><\/p>\n<p><span style=\"font-weight: 400\">That\u2019s why cybersecurity is a multi-layered approach.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> That makes sense. Early on, you mentioned antivirus. Can you explain why having a full cybersecurity plan is different from just buying antivirus software?<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> Absolutely. This is a question every business owner should ask before a breach.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Antivirus is a product. A cybersecurity plan is a living strategy.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Antivirus scans for known threats\u2014that worked back in 2005. But today\u2019s threats\u2014ransomware, AI phishing, social engineering, supply chain attacks\u2014don\u2019t always show up in antivirus databases.<\/span><\/p>\n<p><span style=\"font-weight: 400\">A real cybersecurity plan evolves constantly. It includes governance, incident response, training, patch management, vendor risk, and continuous monitoring.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Here\u2019s the analogy: buying antivirus and calling it cybersecurity is like buying a deadbolt and calling it home security. Real security includes alarms, cameras, monitoring, and more.<\/span><\/p>\n<p><span style=\"font-weight: 400\">At CMIT, we build programs\u2014not products. We review them quarterly, update them as threats evolve, and test them regularly.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> Great explanation. Let me ask you this\u2014why are employees considered the first line of defense?<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> Because 90% of successful cyberattacks start with a human decision. Someone clicks a link, opens an attachment, or wires money based on a fake email.<\/span><\/p>\n<p><span style=\"font-weight: 400\">No technology can stop everything\u2014but training employees can stop most attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400\">At CMIT, training isn\u2019t a once-a-year video. That approach is outdated.<\/span><\/p>\n<p><span style=\"font-weight: 400\">We provide:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Monthly micro-training (short, relevant videos)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Simulated phishing campaigns<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Immediate coaching when someone clicks<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">This isn\u2019t about punishment\u2014it\u2019s about improving behavior.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Industry click rates are 20\u201330%. We bring that down to 2\u20133%.<\/span><\/p>\n<p><span style=\"font-weight: 400\">We also train for modern threats like deepfake voice scams, AI phishing, vendor impersonation, and QR code attacks.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The threat landscape has evolved, and training must evolve with it.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> That\u2019s powerful. Let\u2019s talk about passwords and MFA. Why are they so critical?<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> Here\u2019s a key stat: over 80% of data breaches involve stolen or weak credentials.<\/span><\/p>\n<p><span style=\"font-weight: 400\">If you fix passwords and authentication, you eliminate most of your risk.<\/span><\/p>\n<p><span style=\"font-weight: 400\">For passwords:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Use long passphrases (at least 14 characters)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Use a password manager<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Never reuse passwords<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Monitor the dark web for leaks<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Old advice like changing passwords every 90 days is outdated\u2014it leads to weaker passwords.<\/span><\/p>\n<p><span style=\"font-weight: 400\">For MFA:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Use it everywhere<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Authenticator apps are better than SMS<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Hardware keys are even stronger<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">If you combine strong passwords, MFA, and monitoring, you eliminate about 80% of breach risks.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> Let\u2019s say something still goes wrong. What should a business do in the first hour after discovering a breach?<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> The first hour is critical.<\/span><\/p>\n<p><b>0\u201310 minutes:<\/b><span style=\"font-weight: 400\"> Contain the threat. Isolate affected systems. Disconnect them from the network\u2014but don\u2019t shut them down, or you\u2019ll lose forensic evidence.<\/span><\/p>\n<p><b>10\u201320 minutes:<\/b><span style=\"font-weight: 400\"> Notify your incident response team. Call your cyber insurance provider immediately\u2014this is crucial.<\/span><\/p>\n<p><b>20\u201335 minutes:<\/b><span style=\"font-weight: 400\"> Preserve evidence. Don\u2019t wipe systems or restore backups yet. Document everything.<\/span><\/p>\n<p><b>35\u201350 minutes:<\/b><span style=\"font-weight: 400\"> Assess the scope. Identify affected systems and rotate credentials.<\/span><\/p>\n<p><b>50\u201360 minutes:<\/b><span style=\"font-weight: 400\"> Activate your communication plan. Notify executives, legal counsel, and others as needed\u2014but don\u2019t go public without legal guidance.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The key is having a plan \u0437\u0430\u0440\u0430\u043d\u0435\u0435\u2014so no one is guessing during a crisis.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> How do you customize cybersecurity plans for different businesses?<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> Every business is different. We base plans on three factors: industry, size, and risk profile.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Industry determines compliance requirements (HIPAA, PCI, etc.).<\/span><span style=\"font-weight: 400\"><br \/>\n<\/span><span style=\"font-weight: 400\"> Size determines the scale of your security architecture.<\/span><span style=\"font-weight: 400\"><br \/>\n<\/span><span style=\"font-weight: 400\"> Risk profile determines priorities.<\/span><\/p>\n<p><span style=\"font-weight: 400\">We conduct assessments and build:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">30-day plan (fix critical gaps)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">60-day plan (deploy controls)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">90-day plan (monitor and respond)<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">12-month roadmap (mature the program)<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">We translate technical risks into business language so owners can act on them.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> How does a cybersecurity plan help with compliance?<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> Cybersecurity and compliance go hand in hand.<\/span><\/p>\n<p><span style=\"font-weight: 400\">If you build strong security controls, you naturally meet most compliance requirements.<\/span><\/p>\n<p><span style=\"font-weight: 400\">For example:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">HIPAA requires access control, encryption, and training<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">PCI requires segmentation, MFA, and monitoring<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Instead of treating compliance as a checklist, we build real security first\u2014compliance becomes a byproduct.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> Final question\u2014why are regular assessments so important today?<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> Because threats change constantly.<\/span><\/p>\n<p><span style=\"font-weight: 400\">An annual assessment gives you a snapshot\u2014but everything can change within weeks.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Modern cybersecurity requires:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Continuous vulnerability scanning<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Monthly penetration testing<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Quarterly reviews<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Annual formal assessments<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\">Attackers operate 24\/7\u2014your defenses must too.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Cybersecurity isn\u2019t a project you finish. It\u2019s an ongoing practice.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> Edgar, this has been incredibly insightful. Thank you for breaking this down so clearly. I\u2019m looking forward to our next conversation.<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> Thank you\u2014happy to be here.<\/span><\/p>\n<p><b>Mike Downer:<\/b><span style=\"font-weight: 400\"> Thanks again for joining me on <\/span><i><span style=\"font-weight: 400\">Behind the Firewall<\/span><\/i><span style=\"font-weight: 400\">. Until next time\u2014have a great day.<\/span><\/p>\n<p><b>Edgar Ortiz:<\/b><span style=\"font-weight: 400\"> See you next time.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Key Takeaways Cybersecurity is a layered strategy, not a single product Employees&#8230;<\/p>\n","protected":false},"author":1033,"featured_media":884,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-883","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-local-it"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO Pro 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"Cybersecurity isn&#039;t a product; it&#039;s a strategy. Edgar Ortiz reveals the 7 essential layers every business cybersecurity plan must include in 2026.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"eoritz\"\/>\n\t<meta name=\"google-site-verification\" content=\"Zo6VfJWwG3XxQaIOM8ZsRUFB5rWXu3r7JTNyHpezKh8\" \/>\n\t<link rel=\"canonical\" href=\"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO Pro (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Des Moines, IA 1210 | CMIT Solutions\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz\" \/>\n\t\t<meta property=\"og:description\" content=\"Cybersecurity isn&#039;t a product; it&#039;s a strategy. Edgar Ortiz reveals the 7 essential layers every business cybersecurity plan must include in 2026.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-05-07T19:49:00+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-05-08T20:02:27+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/CMIT-Solutions-of-Des-Moines\/61573121069687\/\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@CMITofDesMoines\" \/>\n\t\t<meta name=\"twitter:title\" content=\"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Cybersecurity isn&#039;t a product; it&#039;s a strategy. Edgar Ortiz reveals the 7 essential layers every business cybersecurity plan must include in 2026.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@CMITofDesMoines\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#blog\",\"headline\":\"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall\",\"description\":\"Edgar Ortiz of CMIT Des Moines breaks down the 7 layers of a modern cybersecurity plan, from EDR to employee training.\",\"datePublished\":\"2026-05-07T08:30:00-06:00\",\"dateModified\":\"2026-05-07T08:30:00-06:00\",\"author\":{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/#edgar-ortiz\",\"name\":\"Edgar Ortiz\"},\"publisher\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/#local-business\"},\"mainEntityOfPage\":{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/\"},\"keywords\":\"what should a business cybersecurity plan include, cybersecurity Des Moines, small business IT security Iowa\"},{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#blogposting\",\"name\":\"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz\",\"headline\":\"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall\",\"author\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/author\\\/eoritz\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/wp-content\\\/uploads\\\/sites\\\/227\\\/2026\\\/05\\\/CMIT-Podcast-4.png\",\"width\":2560,\"height\":1440,\"caption\":\"Banner for CMIT Solutions episode 'Behind the Firewall' showing a man speaking into a microphone on a blue tech background.\"},\"datePublished\":\"2026-05-07T14:49:00-05:00\",\"dateModified\":\"2026-05-08T15:02:27-05:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#webpage\"},\"articleSection\":\"Local IT\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/category\\\/local-it\\\/#listItem\",\"name\":\"Local IT\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/category\\\/local-it\\\/#listItem\",\"position\":2,\"name\":\"Local IT\",\"item\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/category\\\/local-it\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#listItem\",\"name\":\"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#listItem\",\"position\":3,\"name\":\"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/category\\\/local-it\\\/#listItem\",\"name\":\"Local IT\"}}]},{\"@type\":\"FAQPage\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#faq\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"What should a business cybersecurity plan include?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A comprehensive cybersecurity plan should include seven essential layers: Endpoint Detection &amp; Response (EDR), Email Security, DNS Filtering, Multi-Factor Authentication (MFA), Dark Web Monitoring, SIEM monitoring, and ongoing Security Awareness Training.\"}},{\"@type\":\"Question\",\"name\":\"What should be done in the first hour of a data breach?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The first hour should focus on containment (isolating systems), notifying your response team and insurance provider, preserving forensic evidence, and activating a communication plan with legal and leadership teams.\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/#organization\",\"name\":\"CMIT Solutions Des Moines\",\"description\":\"CMIT Solutions\",\"url\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/\",\"telephone\":\"+15154164113\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"http:\\\/\\\/cmitsolutions.com\\\/template\\\/wp-content\\\/uploads\\\/sites\\\/2\\\/2022\\\/09\\\/CMMIT-Solutions-Logo.png\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#organizationLogo\"},\"image\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#organizationLogo\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/CMIT-Solutions-of-Des-Moines\\\/61573121069687\\\/\",\"https:\\\/\\\/x.com\\\/CMITofDesMoines\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/author\\\/eoritz\\\/#author\",\"url\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/author\\\/eoritz\\\/\",\"name\":\"eoritz\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/9e5c84bef494c5e9de71b59c9a055bc976047aa9a6d855effd51e9d719375434?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"eoritz\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#webpage\",\"url\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/\",\"name\":\"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz\",\"description\":\"Cybersecurity isn't a product; it's a strategy. Edgar Ortiz reveals the 7 essential layers every business cybersecurity plan must include in 2026.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/author\\\/eoritz\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/author\\\/eoritz\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/wp-content\\\/uploads\\\/sites\\\/227\\\/2026\\\/05\\\/CMIT-Podcast-4.png\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#mainImage\",\"width\":2560,\"height\":1440,\"caption\":\"Banner for CMIT Solutions episode 'Behind the Firewall' showing a man speaking into a microphone on a blue tech background.\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/blog\\\/what-should-a-business-cybersecurity-plan-include\\\/#mainImage\"},\"datePublished\":\"2026-05-07T14:49:00-05:00\",\"dateModified\":\"2026-05-08T15:02:27-05:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/#website\",\"url\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/\",\"name\":\"CMIT Solutions Des Moines\",\"description\":\"CMIT Solutions\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/cmitsolutions.com\\\/des-moines-ia-1210\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO Pro -->\r\n\t\t<title>What Should a Business Cybersecurity Plan Include? | Edgar Ortiz<\/title>\n\n","aioseo_head_json":{"title":"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz","description":"Cybersecurity isn't a product; it's a strategy. Edgar Ortiz reveals the 7 essential layers every business cybersecurity plan must include in 2026.","canonical_url":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"google-site-verification":"Zo6VfJWwG3XxQaIOM8ZsRUFB5rWXu3r7JTNyHpezKh8","miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#blog","headline":"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall","description":"Edgar Ortiz of CMIT Des Moines breaks down the 7 layers of a modern cybersecurity plan, from EDR to employee training.","datePublished":"2026-05-07T08:30:00-06:00","dateModified":"2026-05-07T08:30:00-06:00","author":{"@type":"Person","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/#edgar-ortiz","name":"Edgar Ortiz"},"publisher":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/#local-business"},"mainEntityOfPage":{"@type":"WebPage","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/"},"keywords":"what should a business cybersecurity plan include, cybersecurity Des Moines, small business IT security Iowa"},{"@type":"BlogPosting","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#blogposting","name":"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz","headline":"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall","author":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/author\/eoritz\/#author"},"publisher":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-content\/uploads\/sites\/227\/2026\/05\/CMIT-Podcast-4.png","width":2560,"height":1440,"caption":"Banner for CMIT Solutions episode 'Behind the Firewall' showing a man speaking into a microphone on a blue tech background."},"datePublished":"2026-05-07T14:49:00-05:00","dateModified":"2026-05-08T15:02:27-05:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#webpage"},"isPartOf":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#webpage"},"articleSection":"Local IT"},{"@type":"BreadcrumbList","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210#listItem","position":1,"name":"Home","item":"https:\/\/cmitsolutions.com\/des-moines-ia-1210","nextItem":{"@type":"ListItem","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/category\/local-it\/#listItem","name":"Local IT"}},{"@type":"ListItem","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/category\/local-it\/#listItem","position":2,"name":"Local IT","item":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/category\/local-it\/","nextItem":{"@type":"ListItem","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#listItem","name":"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall"},"previousItem":{"@type":"ListItem","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#listItem","position":3,"name":"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall","previousItem":{"@type":"ListItem","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/category\/local-it\/#listItem","name":"Local IT"}}]},{"@type":"FAQPage","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#faq","mainEntity":[{"@type":"Question","name":"What should a business cybersecurity plan include?","acceptedAnswer":{"@type":"Answer","text":"A comprehensive cybersecurity plan should include seven essential layers: Endpoint Detection &amp; Response (EDR), Email Security, DNS Filtering, Multi-Factor Authentication (MFA), Dark Web Monitoring, SIEM monitoring, and ongoing Security Awareness Training."}},{"@type":"Question","name":"What should be done in the first hour of a data breach?","acceptedAnswer":{"@type":"Answer","text":"The first hour should focus on containment (isolating systems), notifying your response team and insurance provider, preserving forensic evidence, and activating a communication plan with legal and leadership teams."}}]},{"@type":"Organization","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/#organization","name":"CMIT Solutions Des Moines","description":"CMIT Solutions","url":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/","telephone":"+15154164113","logo":{"@type":"ImageObject","url":"http:\/\/cmitsolutions.com\/template\/wp-content\/uploads\/sites\/2\/2022\/09\/CMMIT-Solutions-Logo.png","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#organizationLogo"},"image":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#organizationLogo"},"sameAs":["https:\/\/www.facebook.com\/people\/CMIT-Solutions-of-Des-Moines\/61573121069687\/","https:\/\/x.com\/CMITofDesMoines"]},{"@type":"Person","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/author\/eoritz\/#author","url":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/author\/eoritz\/","name":"eoritz","image":{"@type":"ImageObject","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/9e5c84bef494c5e9de71b59c9a055bc976047aa9a6d855effd51e9d719375434?s=96&d=mm&r=g","width":96,"height":96,"caption":"eoritz"}},{"@type":"WebPage","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#webpage","url":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/","name":"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz","description":"Cybersecurity isn't a product; it's a strategy. Edgar Ortiz reveals the 7 essential layers every business cybersecurity plan must include in 2026.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/#website"},"breadcrumb":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#breadcrumblist"},"author":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/author\/eoritz\/#author"},"creator":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/author\/eoritz\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-content\/uploads\/sites\/227\/2026\/05\/CMIT-Podcast-4.png","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#mainImage","width":2560,"height":1440,"caption":"Banner for CMIT Solutions episode 'Behind the Firewall' showing a man speaking into a microphone on a blue tech background."},"primaryImageOfPage":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#mainImage"},"datePublished":"2026-05-07T14:49:00-05:00","dateModified":"2026-05-08T15:02:27-05:00"},{"@type":"WebSite","@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/#website","url":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/","name":"CMIT Solutions Des Moines","description":"CMIT Solutions","inLanguage":"en-US","publisher":{"@id":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/#organization"}}]},"og:locale":"en_US","og:site_name":"Des Moines, IA 1210 | CMIT Solutions","og:type":"article","og:title":"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz","og:description":"Cybersecurity isn't a product; it's a strategy. Edgar Ortiz reveals the 7 essential layers every business cybersecurity plan must include in 2026.","og:url":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/","article:published_time":"2026-05-07T19:49:00+00:00","article:modified_time":"2026-05-08T20:02:27+00:00","article:publisher":"https:\/\/www.facebook.com\/people\/CMIT-Solutions-of-Des-Moines\/61573121069687\/","twitter:card":"summary_large_image","twitter:site":"@CMITofDesMoines","twitter:title":"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz","twitter:description":"Cybersecurity isn't a product; it's a strategy. Edgar Ortiz reveals the 7 essential layers every business cybersecurity plan must include in 2026.","twitter:creator":"@CMITofDesMoines"},"aioseo_meta_data":{"post_id":"883","title":"What Should a Business Cybersecurity Plan Include? | Edgar Ortiz","description":"Cybersecurity isn't a product; it's a strategy. Edgar Ortiz reveals the 7 essential layers every business cybersecurity plan must include in 2026.","keywords":null,"keyphrases":{"focus":{"keyphrase":"what should a business cybersecurity plan include","score":59,"analysis":{"keyphraseInTitle":{"score":9,"maxScore":9,"error":0},"keyphraseInDescription":{"score":3,"maxScore":9,"error":1},"keyphraseLength":{"score":6,"maxScore":9,"error":1,"length":7},"keyphraseInURL":{"score":5,"maxScore":5,"error":0},"keyphraseInIntroduction":{"score":9,"maxScore":9,"error":0},"keyphraseInSubHeadings":{"score":3,"maxScore":9,"error":1},"keyphraseInImageAlt":[],"keywordDensity":{"score":0,"type":"low","maxScore":9,"error":1}}},"additional":[]},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":"","og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[{"id":"#aioseo-custom-moxccvijlstr","custom":true,"graphName":"CMIT Des Moines Security Roadmap Graph","schema":"{ \"@graph\": [ { \"@type\": \"BlogPosting\", \"@id\": \"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#blog\", \"headline\": \"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall\", \"description\": \"Edgar Ortiz of CMIT Des Moines breaks down the 7 layers of a modern cybersecurity plan, from EDR to employee training.\", \"datePublished\": \"2026-05-07T08:30:00-06:00\", \"dateModified\": \"2026-05-07T08:30:00-06:00\", \"author\": { \"@type\": \"Person\", \"@id\": \"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/#edgar-ortiz\", \"name\": \"Edgar Ortiz\" }, \"publisher\": { \"@id\": \"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/#local-business\" }, \"mainEntityOfPage\": { \"@type\": \"WebPage\", \"@id\": \"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/\" }, \"keywords\": \"what should a business cybersecurity plan include, cybersecurity Des Moines, small business IT security Iowa\" }, { \"@type\": \"FAQPage\", \"@id\": \"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/#faq\", \"mainEntity\": [ { \"@type\": \"Question\", \"name\": \"What should a business cybersecurity plan include?\", \"acceptedAnswer\": { \"@type\": \"Answer\", \"text\": \"A comprehensive cybersecurity plan should include seven essential layers: Endpoint Detection & Response (EDR), Email Security, DNS Filtering, Multi-Factor Authentication (MFA), Dark Web Monitoring, SIEM monitoring, and ongoing Security Awareness Training.\" } }, { \"@type\": \"Question\", \"name\": \"What should be done in the first hour of a data breach?\", \"acceptedAnswer\": { \"@type\": \"Answer\", \"text\": \"The first hour should focus on containment (isolating systems), notifying your response team and insurance provider, preserving forensic evidence, and activating a communication plan with legal and leadership teams.\" } } ] } ] }"}],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":"-1","robots_max_videopreview":"-1","robots_max_imagepreview":"large","priority":null,"frequency":"default","local_seo":null,"seo_analyzer_scan_date":"2026-05-18 08:35:57","breadcrumb_settings":null,"limit_modified_date":false,"open_ai":null,"ai":{"faqs":[],"keyPoints":[],"schemas":[],"titles":[],"descriptions":[],"socialPosts":{"email":[],"linkedin":[],"twitter":[],"facebook":[],"instagram":[]}},"created":"2026-05-07 14:42:01","updated":"2026-05-18 08:35:57"},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/cmitsolutions.com\/des-moines-ia-1210\" title=\"Home\">Home<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\t<a href=\"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/category\/local-it\/\" title=\"Local IT\">Local IT<\/a>\n<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\tWhat Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall\n<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/cmitsolutions.com\/des-moines-ia-1210"},{"label":"Local IT","link":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/category\/local-it\/"},{"label":"What Should a Business Cybersecurity Plan Include? A Modern Guide Inspired by Behind the Firewall","link":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/blog\/what-should-a-business-cybersecurity-plan-include\/"}],"_links":{"self":[{"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/posts\/883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/users\/1033"}],"replies":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/comments?post=883"}],"version-history":[{"count":0,"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/posts\/883\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/media\/884"}],"wp:attachment":[{"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/media?parent=883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/categories?post=883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cmitsolutions.com\/des-moines-ia-1210\/wp-json\/wp\/v2\/tags?post=883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}