Mounting data breach disruption has a ripple effect on the American economy, driving up costs and refocusing time on recovery rather than growth for businesses. According to the latest report by IBM, the average data breach cost victimized organizations a staggering $4.88 million in 2024, an increase from the $4.45 million in 2023. Fortunately, this is what professionals like Folajimi Fapohunda, a trusted Information Security expert with a proven track record in risk management, compliance, and cloud security, exist for. Folajimi’s goal is to help financial institutions reduce gaps in protection, prevent fraud, and safeguard sensitive data.
“Entrepreneurs can no longer afford to assume their third-party vendors are secure,” Folajimi explains. “They must proactively assess, monitor, and enforce strict security controls. By integrating third-party risk management into their cybersecurity strategy, businesses can prevent supply chain attacks and strengthen overall security resilience.”
Conducting third-party security assessments is key to entrepreneurs protecting themselves. He recommends using frameworks such as NIST 800-171, SOC 2 Type II, or ISO 27001 to assess cybersecurity posture and to require that vendors offer detailed risk assessments prior to onboarding. It is also integral to implement Multi-Factor Authentication (MFA) and Zero Trust Architecture (ZTA) to limit access to critical data.
Many small business owners are working with limited resources, but that doesn’t mean they need to sacrifice their cybersecurity. A large financial investment is not necessary to tactfully leverage free security tools and educate employees about best practices. MFA, as previously mentioned, is an excellent tool to add that additional layer of security for free as many platforms (Google, Microsoft) offer it at no extra cost. Weak passwords are also a main cause of data breaches, so business owners would be wise to enforce long and complex passwords. These can be generated and stored securely in free password management platforms like Bitwarden or LastPass Free Tier. All of this is fruitless, however, without extensive employee training on how to spot phishing emails and scammers. The biggest threat to cybersecurity often comes from human error, so using free resources like Google’s “Protect Your Business” guide, SANS Security Awareness Training, and KnowBe4’s free phishing test can help educate employees.
With data privacy regulations constantly evolving, it can feel overwhelming for small-business entrepreneurs to keep up. It often seems as though the ability for a business to flourish is stifled by having to stay up-to-date with all the cybersecurity industry laws and changes, but Folajimi argues that you don’t have to sacrifice growth for compliance. There are many ways to innovate while staying compliant with shifting regulations still without adding unnecessary overhead.
“The key,” Folajimi says, “is to integrate privacy into business operations early and use efficient, scalable strategies that balance security and agility. Instead of treating compliance as a last-minute burden, embed Privacy by Design (PbD) principles into product development and business processes.” If you start with a strong foundation, it will be much more seamless to evolve with the changing times.
The ultimate goal, of course, is to help reduce financial losses and keep companies running smoothly. Folajimi’s work directly impacts companies by preventing security breaches, minimizing downtime, and ensuring regulatory compliance. His aim is to help businesses identify vulnerabilities before hackers have the opportunity to exploit them. He also conducts third-party security assessments in order to ensure vendors meet strict security standards.
Another factor to consider is the financial and emotional strain that comes with not properly aligning with industry regulations, an action that could face legal penalties, including hefty fines. Folajimi has worked to prevent this by implementing audit frameworks that help businesses pass compliance audits and avoid penalties. This way, they can focus more on the goal of their business rather than dealing with legal consequences. The future of cybersecurity is shifting every day, and businesses of all sizes should take advantage of the tools at their disposal and the knowledge that professionals like Folajimi can provide.
