schedule a free data safety check

WHO I WORK WITH

Small businesses across central Kentucky.

I work with one kind of customer — small businesses. The industry doesn't matter much. The size does.

Page intro

My only real requirement: you're small.

If you're a sole proprietor, a five-person office, or a family business with a couple dozen employees, we'll probably get along. I don't work with enterprises — not because I can't, but because they have IT departments and procurement processes and dedicated security vendors, and they don't really need what I do.

You probably do.

The list below isn't exhaustive. It's a sample of the industries I've worked with, with notes on what tends to be specific about each. If your business isn't on this list, that almost certainly means I haven't worked with you yet — not that I won't. Get in touch and we'll figure out whether what I do is a fit for what you need.

Churches & Religious Organizations

Churches sit in an awkward spot. They handle real money — weekly giving, online donations, capital campaigns — and real personal information about members and their families. But most churches operate with volunteer staff, donated computers, and budgets that have to answer to the congregation.

What I focus on for churches:

  • Member data protection — giving records, prayer lists, contact directories. Encrypted backups so a stolen laptop doesn't become a privacy breach.

  • Donation security — keeping online giving and bookkeeping systems out of attackers' hands.

  • Pastor and staff email — guarding against the scams that target churches specifically. Gift card requests and fake prayer needs sent from spoofed pastor accounts are a constant threat.

  • Sermon and service recording archives — backed up so years of work aren't lost to a single drive failure.

  • Affordable pricing that respects the fact that money given to your church should fund your mission, not an IT bill.

Dental & Medical Offices

Dental and small medical practices are a known favorite target for ransomware crews. Patient records carry real value, practices generally have insurance, and a few days of downtime puts enormous pressure on the office to pay quickly. The result: small practices get hit constantly.

What I bring to a practice:

  • HIPAA-aligned backup and security — encrypted, off-site, with audit-ready documentation

  • Practice management protection — Dentrix, Eaglesoft, Open Dental, Curve, and similar systems backed up correctly. The practice management software is the practice.

  • Imaging archive backup — X-rays and intraoral images are huge files. They need a backup strategy built for that volume.

  • Email security for patient communications. The email a hygienist sends about an appointment shouldn't be the weak link in your compliance posture.

  • Business Associate Agreement (BAA) on file, as HIPAA requires whenever a vendor like me touches patient data.

Funeral Homes

Funeral homes carry data that's deeply personal — pre-need contracts, family histories, insurance assignments, vital records. Losing it is unthinkable. Having it stolen is worse.

How I help:

  • Long-term records protection — Kentucky requires funeral records be retained for years. Your backup strategy has to outlast hard drives.

  • Pre-need contract security — these contain financial and beneficiary information that has to stay locked down.

  • Vital records system access — secure connections to the state registries you rely on every week.

  • Email and online obituary management — because a hacked email account that sends fake invoices to grieving families is a reputational disaster you don't recover from quickly.

  • Continuity planning so a server failure on a Saturday morning doesn't cancel a Sunday service.

Self-Storage Facilities

Self-storage has quietly become a technology business. Gate access codes, motion-detecting cameras, online payment portals, lien processing, automated billing — most of it networked, much of it cloud-based, and all of it a target.

What I focus on:

  • Management software protection — storEDGE, SiteLink, and similar platforms backed up and monitored.

  • Surveillance footage retention — making sure the camera footage you need exists when an insurance claim or law enforcement asks for it.

  • Gate and access system security — networked access controls are convenient, but they're also a way in if they're not configured carefully.

  • Customer payment data — PCI considerations, even if you're using a payment processor.

  • Lien and auction records — kept in compliance with Kentucky law, with audit-ready backups.

Law Firms

Law firms run on confidentiality. The Kentucky Rules of Professional Conduct require attorneys to take reasonable steps to protect client information, and that obligation increasingly means real cybersecurity infrastructure — not just a locked file cabinet.

How I help:

  • Client file protection — encrypted backup of practice management systems (Clio, MyCase, PracticePanther, Smokeball, and others)

  • Email security — wire fraud through compromised attorney email is one of the most common and devastating attacks against law firms

  • Document retention — Kentucky's record retention requirements vary by practice area; your backup strategy needs to match

  • Conflict checks and matter records preserved against drive failure

  • Encryption at rest for laptops that travel — a stolen attorney laptop is a confidentiality breach

Accounting & Tax Offices

Accountants and tax preparers handle financial data the IRS itself cares about. The IRS requires written information security plans (WISPs) for tax professionals, and every January there's a wave of phishing attacks targeting CPAs and EAs specifically.

What I focus on:

  • Tax software backup — Drake, Lacerte, ProSeries, UltraTax, and similar systems backed up correctly

  • Multi-year client records retention — IRS retention rules require keeping returns and supporting documents for years, sometimes decades for specific cases

  • Client portal security — if you're sharing returns electronically, the portal is a target

  • Tax-season uptime — your backup and recovery strategy should assume the system has to come back fast in February through April, not whenever it's convenient

  • WISP support — helping you build and maintain the written information security plan the IRS expects

Sole Proprietors & Small Retail

Maybe you're a contractor running QuickBooks on a single laptop. Maybe you're a consultant whose entire business is a Gmail inbox and a Google Drive. Maybe you run a small retail shop with a point-of-sale system and a back-office computer. Whatever you do, your business runs on data — and right now, the only thing standing between you and losing all of it is hope.

There's money to be made in the sole-proprietor space. There's also a lot to lose.

How I help:

  • Right-sized solutions — you don't need an enterprise security stack. You need backups, common sense, and someone to call when something feels wrong.

  • Affordable pricing that fits a one-person budget — you're not subsidizing some Fortune 500 contract.

  • Plain-English explanations — I'll never make you feel dumb for asking questions about your own business.

  • Setup that just works — once your systems are configured properly, they should mostly run themselves.

If your business is you and a laptop, that's fine. Let's make sure the laptop is protected.

Other Small Businesses

The list above is a sample, not a limit. I've also worked with — or am happy to work with — small businesses in:

  • Construction and trades

  • Restaurants and food service

  • Real estate offices

  • Insurance agencies

  • Photography and creative studios

  • Daycares and small schools

  • Veterinary offices

  • Auto repair and mechanics

  • Salons and small wellness practices

  • Nonprofits of every shape

  • Anyone running a small business out of an office, a home, or a truck

If you're a small business in central Kentucky and you've ever lain awake wondering whether your data is actually protected, get in touch. We can have a conversation, no pressure, and figure out whether what I do is a fit for what you need.

What I Won't Do

For the sake of being honest about it:

  • I won't take on enterprise clients. I'm one person. Big organizations need teams of people, formal SLAs, and dedicated account managers — none of which I can provide. If you're an enterprise, I'm not for you.

  • I won't pretend to be a compliance auditor. I help you build the technical infrastructure compliance frameworks require, but for formal HIPAA audits, PCI assessments, or SOC 2 work, I'll point you to specialists.

  • I won't help you pay a ransom. If you've been hit by ransomware, I'll help you recover from backups. I won't negotiate with criminals on your behalf or facilitate a payment.

  • I won't sell you something you don't need. If your free 30-minute Data Safety Check ends with "you're in better shape than you thought," that's how the call ends.

Final Pitch

Protect. Prevent. Prepare.

The work is the same regardless of what your business does. Your data matters. Your reputation matters. Your ability to keep operating after something goes wrong matters most of all.

Let's make sure all three are protected.