Uncovering Risks | SMB Automations | App-Based MFA

🌉 Bridging the Gaps and Uncovering Risks

Enterprise risk in 2025 is a whole different animal than what we’ve dealt with in decades past. Companies today are juggling expanded digital operations and increasingly complex global supply chains — which means risks aren’t static. Businesses have gotten really good at building sophisticated risk frameworks, but they're still missing connections between different threats or chains of events that may result in multiple risks being realized.

📖 Read the Article from NTM Advisory: How Enterprises Can Uncover Hidden Risk Connections in 2025

🔓 Multi-Factor Authentication: SMS or App-Based?

Multi-factor authentication (MFA) is a must-have for protecting business and personal accounts. But not all MFA methods are created equal. As cyber threats grow more sophisticated, security experts and federal agencies increasingly recommend app-based MFA (using authenticator apps like Microsoft Authenticator or Google Authenticator) over SMS-based MFA. Here’s why.

📖 Read the Article from NTM Advisory: Why App-Based MFA Is Better Than SMS: A 2025 Guide for Secure Authentication

Compliance Updates

⏹️ SEC Proposes New AI Disclosure Rules for Investment Advisers

In June 2025, the U.S. Securities and Exchange Commission (SEC) proposed new rules requiring investment advisers to disclose their use of artificial intelligence in client interactions and investment decision-making. If adopted, the rules would require advisers to clearly explain how AI models influence investment recommendations and to implement safeguards against conflicts of interest. The public comment period is open through October 2025, with a potential effective date in early 2026. This move reflects the SEC’s broader initiative to address emerging technology risks in the financial sector.

⏹️ Colorado Privacy Act Expands Protections for Minors Effective October 1, 2025

Effective October 1, 2025, Colorado will implement significant new protections for minors under its amended Privacy Act. These changes require controllers (entities that determine the purposes and means of processing personal data) to use reasonable care to avoid heightened risk of harm to minors when offering online services, products, or features. The law prohibits targeted advertising, selling minors’ data, and profiling for decisions with legal or significant effects without consent. Additionally, controllers must conduct and document data protection assessments if there is a heightened risk of harm to minors. These requirements apply to any controller doing business in Colorado or targeting Colorado residents, regardless of the volume of data processed or revenue generated.

💡Simple Business Automations for SMBs

Smart automation can save you time and reduce errors, but only if implemented with security and compliance in mind. Enhance your workflows with suggestions like those above, but take the time to vet, configure, and monitor your automation tools.

📖 Read the Article from NTM Advisory: 10 Simple Automations Every Small Business Can Set Up This Month (No Coding Required)

👇 Free Training Webinars from Start Small Think Big 👇

This organization offers free online events and educational workshops for all entrepreneurs. Covering topics ranging from creating pitch decks to navigating commercial leases. 

Browse the Webinars: https://www.startsmallthinkbig.org/events-for-small-businesses 

If you’re interested in cybersecurity specifically, consider the upcoming “Secure Your Small Business: A Cybersecurity Essentials Webinar” on June 24, 2025, at 3:00 PM EDT. This session is free and tailored for small business owners looking to strengthen their cyber defenses. 

🤔 Questions or Concerns?

We’re happy to listen! Just reply to this email and we’ll be in touch!