5 Cybersecurity Steps Every Business Should Take, According to CBC’s InfoSec Officer

Kevin Tsuei, CISSP, CISA, CEH, serves as the Information Security Officer at Commercial Bank of California. With over a decade of experience in cybersecurity and risk management, Kevin leads CBC’s efforts to protect clients, staff, and systems from today’s rapidly evolving digital threats.

Kevin holds several respected industry certifications:

• FirstCISSP (Certified Information Systems Security Professional): Recognized globally, this certification demonstrates a deep knowledge of cybersecurity architecture, operations, and risk management.
• FirstCISA (Certified Information Systems Auditor): This credential signifies expertise in auditing, controlling, and assuring the security of information systems.
• FirstCEH (Certified Ethical Hacker): This designation means Kevin is trained to think and act like a hacker—but for good—identifying vulnerabilities before they can be exploited.

He recorded a video of tips for our clients and partners about the top 5 cybersecurity tips every business should take. Read more below and watch his video.

At Commercial Bank of California, we invest heavily in security to protect our systems and clients—but the strongest line of defense always includes you. Whether you’re a business owner or team manager, following these five steps can significantly reduce your risk of cyberattacks.

1. Replace Antivirus Software with Managed Detection & Response (MDR)

Traditional antivirus is no longer enough. Instead, Kevin recommends Managed Detection and Response (MDR), a 24/7 monitoring service that not only detects threats but also responds to them in real time.

“Many threat actors today use automation that can steal data in under 30 minutes. MDR helps shoulder that burden, especially for small business IT teams already stretched thin.”

2. Invest in Security Awareness Training

The majority of successful cyberattacks start with human error. Educating your team is critical.
A 2021 report from Keeper Security found that 90% of ransomware victims hadn’t conducted employee training until after the attack—a costly mistake.

“Training is one of the most effective preventive measures you can take,” Kevin emphasizes.

3. Use Multi-Factor Authentication (MFA)

Passwords alone are no longer secure. MFA adds an extra layer of protection by requiring users to verify their identity through a second method—like a phone app or text code.
According to Microsoft, MFA can prevent 99% of all password-based attacks.

“Whether it’s for an individual device or your entire network, MFA is essential.”

4. Keep Operating Systems & Applications Up-to-Date

Using outdated software increases your exposure to known vulnerabilities. If your operating systems or applications are no longer supported by the manufacturer, it’s time to retire or replace them.

“It’s a simple, often-overlooked step that can make a huge difference in your risk profile.”

5. Block Suspicious & Malicious Websites

Many malware infections begin with a single click on a bad link. Businesses should use network-level URL filtering tools, such as those included in enterprise antivirus programs or firewalls.
If your workforce is remote, consider a secure web gateway for safe access.

Final Thought:

Cyber threats are evolving fast—but so are the tools and strategies to fight them. By following these five essential steps, you can dramatically reduce your risk and keep your business safe.

At CBC, we’re always here to support your business security needs. If you have questions about protecting your data or funds, don’t hesitate to reach out to our team.