Florida IT firm releases findings from 24+ security assessments of law firms, insurance agencies, and media companies — revealing the same five critical gaps appearing across every business assessed.
ORLANDO, Fla., March 10, 2026 /PRNewswire-PRWeb/ -- Most small businesses assume their cloud provider handles security. They don't. And for the businesses that find out the hard way, the damage is rarely just financial.
JubilantWeb, an IT infrastructure and security firm founded in Orlando in 2007, today released findings from more than 24 security assessments conducted across professional service businesses in Florida and New York between 2024 and 2026. The same five vulnerabilities showed up in firm after firm.
THE FIVE GAPS THAT KEEP APPEARING
- NO INCIDENT RESPONSE PLAN — 79% of businesses assessed had no written plan for what to do if they get hacked. Without one, the first hours of an attack are chaos — wrong people get called, wrong decisions get made, and downtime doubles.
- MFA NOT FULLY DEPLOYED — 68% had multi-factor authentication turned on for some systems but not all. Remote access points and cloud apps left without MFA are the most common entry point for credential attacks.
- NO OFFSITE BACKUPS — 61% were backing up data locally only. When ransomware hits a network, it encrypts every connected drive — including local backups. Without an offsite or immutable cloud backup, there is nothing to restore from.
- EMAIL DOMAIN NOT AUTHENTICATED — 57% had incomplete or missing DMARC, DKIM, and SPF records. Without these, anyone can send email that appears to come directly from your domain — targeting your clients, vendors, and staff.
- OUTDATED ENDPOINT PROTECTION — 52% were relying on basic antivirus that does not catch fileless malware or zero-day exploits, now the most common attack methods used against small businesses.
WHAT THIS LOOKS LIKE IN PRACTICE
In one recent assessment of a mid-sized media company operating on Azure with a distributed workforce, JubilantWeb identified three of the five gaps within 11 minutes — including an unmonitored remote access point that had been active, and exposed, for over a year. The company had no idea it existed.
"The businesses we assessed are not careless — they're busy," said Nelson Penagos, Founder of JubilantWeb. "Most are running on Azure or Microsoft 365 and assume the cloud handles security. It handles the platform. The gaps we find are on the business side, and most of them can be fixed in days, not months."
This pattern is most common in law firms, insurance agencies, and media companies — where confidential client data is high-volume and there is rarely a dedicated IT person watching for problems.
"A 20-attorney law firm is managing discovery documents, settlement records, and client financials on shared drives with no one monitoring access. The fix is often simpler than people expect — but only if you know where to look."
ABOUT THE METHODOLOGY
Findings are drawn from JubilantWeb's Security Baseline Analyzer, available at jubilantweb.com/security-check. The tool evaluates businesses across five control areas mapped to NIST SP 800-171 and CIS Controls v8. Businesses assessed ranged from 10 to 250 employees across Florida, New York, New Jersey, and Colombia between Q1 2024 and Q1 2026.
ABOUT JUBILANTWEB
JubilantWeb has been helping B2B businesses manage IT infrastructure, cloud security, and digital marketing since 2007. Founded by Nelson Penagos and based in Orlando, Florida, the firm works with businesses across Florida, New York, and internationally. Businesses can request a complimentary Security Baseline Assessment at jubilantweb.com/security-check.
Contact: Nelson Penagos | [email protected] | +1 407-641-2526
Media Contact
Lori Thompson, Jubilantweb.com, 1 407-641-2526, [email protected], Jubilantweb.com
SOURCE Jubilantweb.com
Share this article