top of page

Blocking Your Mom Is a Good Thing: Smart Cybersecurity for SMBs

  • Writer: Ric Wallace
    Ric Wallace
  • Jul 7
  • 4 min read

A few weeks ago, I had a great exchange with the Principal at one of our Private Equity partners. He was laughing (mostly) as he told me:

“Your email security is so tight it blocked a message from my mom!”

We both got a good chuckle out of it. But my response to him was dead serious:

“Honestly—that’s exactly what you want.”

It may sound counterintuitive. Why would you want your security system to block Mom’s email? Shouldn’t it be seamless, frictionless, easy?

Well, let me explain why that little moment of friction is not only expected but actually evidence that your cybersecurity is doing its job.


ree

The Modern Phishing Attack Isn’t What You Think

We often picture phishing emails as laughably obvious: the misspelled lottery win, the Nigerian prince.


But those days are gone.


Today’s attacks are smart, personal, and surgically targeted. Criminals study their victims. They scrape LinkedIn, learn who you talk to, figure out the vendors you use, and even research your family connections.


Impersonation attacks are especially dangerous:

  • They’ll register lookalike domains that differ by one letter.

  • They’ll hijack real accounts to reply in existing threads.

  • They’ll send messages pretending to be your mom, your CFO, or your attorney—anyone you’d trust implicitly.


So yes—sometimes your security system will look at a message from “Mom” and say: Hold on a second. Are we sure?

That pause might feel annoying. But it’s there for a reason.


The Story of "Blocked Mom": A Teachable Moment

When our client’s Principal told me about the blocked email, I asked him:

“What did it say?”

Turns out it had an unusual attachment she’d never sent before. The system flagged it because it didn’t match her typical behavior.


In other words:

✅ It recognized her real address.

✅ But it also knew something about that email was off.


That’s behavioral analysis at work—an advanced security feature we deploy for our clients. It doesn’t just check the sender’s name. It looks at how they normally communicate. When something breaks the pattern, it steps in.

Yes, it caused a minor inconvenience. But it could have prevented a catastrophic breach.


Social Engineering: Why “Trusted Senders” Are the Most Dangerous

Cybercriminals know you’re skeptical of strangers. That’s why they don’t act like strangers.


They act like your Mom. Or your business partner (I have personally seen this!). Or your bookkeeper. Or your vendor’s CEO.


They might:

  • Send you a fake invoice that looks exactly like your supplier’s.

  • Email your AP department pretending to be your CFO, asking them to wire funds.

  • Reply to an existing email thread with malicious instructions.


The entire premise of social engineering is exploiting trust.


If your security is only looking at the sender’s name or email address, it’s going to fail.

That’s why we use multi-layered protection:


✅ Sender reputation analysis

✅ Domain and address lookalike detection

✅ Behavioral analytics for anomalies

✅ Attachment and link sandboxing

✅ User training to spot red flags


It’s how we help SMBs build defenses that match what the big companies do—without blowing the budget.


Not Everyone Is Targeted Equally

Another nuance most small businesses miss:

Your entire team isn’t targeted equally.

  • Executives are prime for BEC scams—huge-dollar fraud.

  • Finance and AP see carefully forged invoices.

  • IT admins are targeted for their elevated access.

  • New hires are tested for inexperience.

We tailor protection based on roles.

So when your security system is more strict with your Principals’ emails, there’s a reason. They’re the ones criminals want to fool most.


Why Bespoke Security Beats One-Size-Fits-All

Too many small and mid-sized businesses settle for out-of-the-box security that treats everyone the same. That’s cheaper. But it’s also riskier.


Circle Square’s philosophy is different:

✅ We learn your business.

✅ We understand who is most at risk

✅ We build layered defenses around real workflows.

✅ We balance security with usability—so you can work without feeling handcuffed.


Blocking “Mom” isn’t about blocking family. It’s about blocking the criminal pretending to be family.


The Tradeoff Is Worth It

Yes, sometimes it’s annoying. It might mean:

  • Reviewing quarantined messages.

  • Confirming unexpected attachments.

  • Calling to verify an unusual request.


But here’s the alternative:

✅ $50,000 wired to a fraudster’s account.

✅ Your customers’ data stolen.

✅ Ransomware shutting down operations

.✅ Your reputation damaged.

We’d argue the extra 10 seconds of friction is cheap insurance.


Let’s Talk About Securing Your Business

We believe SMBs deserve the same caliber of protection as the big guys—but delivered with empathy and practicality.

We don’t want to make your life harder. We want to keep you working securely.


If you’re ready to talk about how bespoke security could work for you, let’s have that conversation.


Because in this business, blocking “Mom” might just be the smartest thing you ever do.


About Circle Square

Circle Square delivers IT services and technology consulting that mean business. We help SMBs modernize their infrastructure and secure their operations with tailored solutions built for today’s threats and opportunities.

Comments

Commenting on this post isn't available anymore. Contact the site owner for more info.
bottom of page