How Texas Small Businesses Can Stay Ahead of Cybercrime

IACCGH Open Forum Business Hour | HUM FM 103.5

By Somdatta Basu

On November 15, 2025, IACCGH’s Open Forum Business Hour on HUM FM 103.5 featured Rashmi Sheel, President of CMIT Solutions of Sugar Land, in a timely discussion on how small and midsize businesses can defend themselves against today’s rapidly evolving cyber threats—without enterprise-sized budgets.

Drawing on her experience delivering IT and cybersecurity projects in Fortune 500 environments, Sheel emphasized that cybercrime has become highly organized and profit-driven. “Tools alone are no longer enough,” she noted. “Effective protection requires layered security, continuous monitoring, tested recovery plans, and trained people who know how to respond when something looks wrong.”

A key takeaway was the rise of session-token hijacking, a technique that allows attackers to bypass passwords and even multifactor authentication. By stealing login tokens through malicious browser extensions or scripts, criminals can impersonate users without ever accessing credentials. This reality, Sheel stressed, makes real-time detection and response—such as SOC monitoring and rapid isolation—essential components of modern cybersecurity.

Sheel outlined a practical layered-security approach, including endpoint and network protection, advanced email filtering, privileged-access controls, and immutable or offline backups that are routinely tested. She advised treating public Wi-Fi and USB charging stations as unsafe and shared best practices for responding to ransomware incidents—disconnecting the network (not the power) and engaging professionals to contain and recover safely.

The program also addressed common and emerging scams, from spoofed invoices and fake antivirus alerts to AI-driven voice impersonation used to pressure employees into wiring funds. Clear policies and training, Sheel said, are critical safeguards—particularly out-of-band verification for financial changes and disciplined habits around clicking links and sharing credentials.

Sheel highlighted Texas’s new Safe Harbor law (SB 2610), effective September 1, 2025, which can help reduce civil liability for small businesses (250 employees or fewer) that demonstrate baseline cybersecurity controls, employee training, and documented response plans. “You can’t eliminate risk entirely,” she explained, “but preparation should work in your favor.”

Addressing cost concerns, Sheel encouraged businesses to right-size their security investments rather than postpone action. Managed service providers can offer enterprise-grade monitoring and response capabilities at a fraction of the cost of building in-house teams. Still, she warned, mindset matters most: “Many owners believe they’re too small to be targeted. In reality, that’s exactly why attackers choose them.”

Her closing message resonated strongly with listeners:
“Replace ad-hoc fixes with systems. With continuous monitoring, immutable backups, and a practiced incident-response plan, a bad day doesn’t have to become a business-ending week.”