London Security Solutions

🎁 We Couldn’t Do This Without You, Rockwall! ❤️

Every toy collected, dollar donated and every smile delivered.
It all happens because of YOU — our incredible community. 💪

From our local first responders and volunteers, to our amazing sponsors, and our partners at Rockwall Helping Hands — you are the heartbeat of this mission. Together, we’re ensuring that no child in Rockwall County goes without joy this Christmas season.

But we’re not done yet…
We need everyone’s help to finish strong and reach our goal of 10,000 toys and $12,000 in gift cards — changing the lives of children and families right here at home.

So bring a toy.
Drop a gift card.
Spread the word.
Because when Rockwall unites, hope wins every time. 💫

Thank you for standing with us, believing in our mission, and helping make this A Very Galactic Christmas. Thank you to our presenting sponsor Stoked Out Construction for your support and contributions to the mission!

✨ May the Toys Be With You! ✨

Security Fatigue: The 2016 Warning We Ignored

Back in 2016, the National Institute of Standards and Technology (NIST) published an article titled “Security Fatigue Can Cause Computer Users to Feel Hopeless and Act Recklessly.”
https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly

At the time, it described something subtle but serious - how constant security warnings, password resets, and breach notifications were wearing people down. Users were getting so overwhelmed that they simply stopped caring.

Nine years later, that security fatigue has evolved into something worse... breach fatigue.
We’ve reached a point where people expect their data to be stolen. It’s not if a breach/hack will happen... but when.

Even when you do everything right with unique passwords, MFA, endpoint protection, yet your information still gets compromised somewhere else. The breaches are bigger, the threats more sophisticated, and the sense of control smaller than ever.

So if we take a look back, you know, back to when security defaults were actually secure. I’ve been in this industry long enough to remember when the default settings leaned toward security, and not convenience.

In the mid-to-late ’90s, firewalls came preconfigured to “deny all” by default. You had to deliberately open what you needed, and that discipline made environments safer by design.

Endpoint security worked the same way. Antivirus software and desktop firewalls blocked nearly everything until you customized the rules. Gateways, email filters, and network appliances followed the same logic. Things were actually simpler.

Then something changed.
Somewhere along the way, the industry decided it was easier to sell “plug-and-play” than “secure-and-configure.” Vendors chased simplicity and market share - and the default quietly flipped from deny all to allow all.

It’s no wonder users are fatigued. They’re doing their part, but the system is stacked against them.

In the chase for convenience and profit, we've basically traded discipline for dependency - and in the end security took the hit.

I know some of my fellow infosec pros might not like hearing this, but hey… sometimes the truth is a hard pill to swallow.

Today, the focus needs to shift back to empowerment and resilience:
✅ Build systems that *assume* compromise.
✅ Minimize the blast radius through real Zero Trust principles.
✅ Automate the basics but simplify the rest.

We may not be able to stop every breach, but we can stop this ongoing security fatigue from turning into security surrender.

Okay folks, it's your turn - what’s the "old-school" security habit or principle you miss the most?

Dennis London
President and Founder
London Security Solutions

‘Security Fatigue’ Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests After updating your password for the umpteenth time, have you resorted to using one you know you’ll remember because you’ve used it before?

Going to sound weird but I absolutely love it when I see headlines like these. Why? Because I read sites like SecurityWeek because they help me rest easy at night. Every headline is a reminder of why we do what we do — and confirmation that we’re taking the right steps to protect our customers.

When I see the latest breach reports or zero-day disclosures, I don’t panic — I verify that our systems, processes, and partners are already ahead of it. That’s the peace of mind you only get when you stay informed, proactive, and focused on doing things the right way.

It's not for the headlines themselves, but for the reassurance that our customers are protected from what’s making them.

Security Week Home Cybersecurity News, Insights & Analysis

Message from CEO/President - Dennis London
"People ask why I don't sell Microsoft licensing or support. Yesterday was a great reminder to me, my company, and our customers.

If you can't login to your Windows computer, can't login to the admin portal, can't reset your password, and can't use the mandatory multi-factor authentication (MFA) - what's the point of having a microsoft account?

Yesterday I decided we would do a little work...well, at least I thought we would. Nope! Microsoft is having a global issue with MFA and I got to sit on hold with support to try and explain that we were having the same issue that was being reported globally. I could possibly understand an email or office issue, but for the simple fact we had to jump through all this just so people can get logged in.

Thankfully I use a Mac and can at least log onto my laptop. But Windows users...nope. They get a lovely error saying incorrect password or pin. They can't even reset passwords, and since MFA is having issues it wouldn't matter if they did reset their passwords.

Welcome to the Microsoft s**t show.
This just strengthens my resolve to never sell their operating system. I switched years ago and now I do believe the rest will be following suite. In todays interconnected and online world, this is completely unacceptable!

Update: we've been waiting for over 14 hours for support to resolve this issue. Fourteen hours!? Really? We can't get off this sad excuse for an operating system fast enough.

Dennis London
CEO/President
London Security Solutions
Verified Mac User

The question was brought up "why don't you post more regularly. Well, there comes a point where it's all just noise. And unless you're posting something of value...why add to the noise?

In reality, we fully know that this post will reach a few people and even then, most will simply move on without even a like or comment. People get so caught up in how many likes or clicks they get, but what should matter is if you're posting actionable content that means something to people. If we have nothing of value to say...we're just adding to the noise.

Came across this old McGraw Council podcast that Dennis was on from 2021. Still relevant today.
https://creators.spotify.com/pod/profile/themcgrawcouncil/episodes/Real-Small-Business-with-The-McGraw-Council-Dennis-London-e1943lg/a-a6obktt

We keep getting asked how we reduced attrition. It's really simple - don't treat people like they're your customer, treat them as a partner. From 2010 through 2016 we maintained 100% customer retention with over 100 mid and enterprise accounts. That doesn't happen by accident.

Real Visibility - Real People - Real Time.

Our SOC-as-a-Service offering gives you:
✅ 24x7 threat monitoring
✅ Smart alert triage
✅ Playbook-based response
✅ Monthly subscriptions
✅ No infrastructure required

Protect 10 endpoints, 100 or 10,000 - we scale with you.
Remember - security is a process, not a product.

You Don’t Need Another Alerting Tool. You Need a Response Team.

Adding another alerting tool won’t stop breaches or attacks. What you need is correlation, context, and people ready to respond 24x7.

That’s where Pillr SIEM+SOAR comes in. It's a real solution powered by real analysts, not just dashboards.

After yesterdays post we received a couple of questions about the comparison between an in-house SOC and a service provided SOC.

Overall, it comes down to salaries and hardware/software. While you're trying to maintain hardware and software which we refer to as "tool bloat". You'll find the stuff you were told you only had to purchase once becomes obsolete and needs to be replaced every 3 to 5 years. Plus the backups and failovers $$$

If you want 24/7 coverage, you'll need 3 teams working 8-hour shifts. Each team needs 2 engineers or analysts, with salaries ranging from $80K to $150K per person. That’s $160K to $300K per team. Multiply that by 3 teams, and you're looking at $480K to $900K a year in salaries alone - and that’s if you can even find trained staff. Yikes!

Building an in-house Security Operations Center is a major lift and cost. Both in hardware and personnel.

We're offering a smarter, faster, and much less expensive option. Especially for small business! $80/month for full 24x7 coverage of 10 systems. You can't beat it.

It's not just the critical infrastructure which is under siege.

Increased global tensions = increased cyber threat activity for everyone. DHS has issued alerts urging organizations across ALL sectors - healthcare, energy, education, finance, manufacturing, etc - to prepare.

Are you watching your environment around the clock? If not, we can do it for you. We start at $80/mo for coverage of 10 systems.

True Story: "Consultants Said It Was Clean" - They Were Wrong.

Our SOC team recently stopped malicious code sitting dormant on a system that consultants claimed was “clean.” If it had activated, it would have restarted the entire attack.

🚨 Don’t take chances with your business. For just $80/month, get:
✔️ 10 licenses monitored 24/7 by our SOC analysts
✔️ Enterprise-grade protection tailored for small businesses

Because when it comes to cybersecurity, being proactive isn’t optional.

📲 Learn more and message us today: