Skip to main content
Michelle Drolet, CEO & co-founder, Towerwall
Michelle Drolet
CEO and co-founder

Michelle Drolet is the CEO and co-founder of Towerwall a  woman owned cyber security company.  As one of Towerwall’s resident cyber security experts, Ms. Drolet assists Towerwall’s customers through the risk mitigation process to help them protect critical data by the evaluation, establishment, education and enforcement of sound cyber security, network security and data security practices.

Ms. Drolet is responsible for all aspects of business for Towerwall. She has more than 24 years of, network and cyber security experience. She has leveraged that knowledge to make Towerwall a leading cyber security service and solution provider. Well respected in the analyst and trade community, Ms. Drolet is often published in national magazines and is a regular contributor to the Forbes Counsel, and IDG CSOonline.

Ms. Drolet recently was named the Top CEO’s to Watch in 2020 and Top 5 Women in Cybersecurity in 2019.  She has received citations from Senator Spilka for her community service and has received the Cyber Citizenship award several times on behalf of Towerwall for community support and participation. She has received the Athena award, the ESL Christine Taylor Award and been named one of the 10 most powerful women in the channel by VARBusiness magazine.

Currently she sits on the Framingham Foundation Board Events Committee as well as the MassBay Cyber Security Advisory Board and her churches SBRC Committee. She is past chair of the Mass Bay Foundation Board, Metrowest Chamber of Commerce and Framingham ESL.

This article is by Featured Blogger Michelle Drolet from her Blog Page. Republished with the author’s permission.

For small to mid-size businesses, knowing what you need to remain secure and setting a resilient plan in place is half the battle. 

  • With the average cost of a security breach nearing $4 million, organizations need to detect threats early. 

  • Threat monitoring, detection and response (MDR) services offer businesses a turnkey security response. 

  • Combined with penetration testing and endpoint device monitoring, MDR services reduce threat detection and response times. 

  • Companies need to measure their potential exposure to crippling ransomware, phishing, and data theft. 

  • By outsourcing industry-standard cybersecurity services, SMBs gain protection from common threats and business disruption. 

With data theft and cyber-attacks ramping up exponentially since the onset of the pandemic, it’s crucial for small businesses (SMBs) to safeguard against the growing threat. Even a small breach can be detrimental financially as a business spends time and money to investigate and resolve the issue. 

The cyber security arena offers a slew of potentially beneficial services; but weeding through the often-confusing options can prove cumbersome for businesses unequipped to understand the developing technology. 

Despite this, SMBs without a sizeable IT department should consider outsourcing cyber security technology, in addition to securing cyber insurance coverage to ensure adequate protection from losses associated with a cyber-attack, should one occur. 

The most common cyber threats facing SMBs today are ransomware, phishing, and data theft. 

The U.S. Small Business Administration defines ransomware as a “specific type of malware that infects and restricts access to a computer until a ransom is paid.”  

In commercial scenarios, ransomware is typically delivered through phishing in emails designed to fool employees in order to exploit a business’ software vulnerabilities. Often containing a link or an attachment carrying a malicious code that once clicked or opened by an employee triggers the program to run, infecting a business’ software with malware. Typically, the goal is to either shut down business operations and/or collect sensitive information. Either way, the resulting damage will likely be significant.  

When it comes to protecting SMBs from a cyber-attack, the best way to reduce costs is by detecting threats early. 

Current cyber security services to consider include MDR, EDR and pentesting. In most cases, these services require a professional service provider to perform them. 

Threat monitoring, detection and response (MDR) 

Threat monitoring, detection and response (MDR) services offer businesses turnkey security operations center (SOC) capabilities remotely to quickly detect, analyze, investigate, and respond to threats either through containment or disruption. Data is logged and analyzed by skilled cyber security experts in incident detection and response services that are available 24/7.  

MDR services are designed to reduce the time to detect, as well as the time to respond to cyber threats through the use of a number of cybersecurity tools.  

SMBs interested in MDR will work with a service provider to determine specific security goals and results desired. 

Endpoint Detection and Response (EDR) 

Endpoint security is the practice of safeguarding data and workflows associated with individual devices that connect to a business’ network. Endpoint protection platforms, such as EDR, examine files as they enter a network. 

A factor driving the rise in EDR adoption is the rise in the number of endpoints attached to networks. Another major driver is the increased sophistication of cyberattacks, which often focus on endpoints as easier targets for infiltrating a network. 

Small businesses may have hundreds of endpoints, such as desktops, servers, laptops, tablets, smartphones, and even internet of things (IoT) devices. Each unprotected endpoint holds the potential for a cyber-attack. 

EDR offers the ability to detect and monitor suspicious activities on host and endpoints to monitor and collect data that could indicate a threat. The data is analyzed to pinpoint threat patterns and automatically respond to identified threats to remove or contain them and notify security personnel. 

This type of security technology allows designated individuals to control security -- through application control and encryption -- for each device remotely through a centralized console. The software can be delivered as a SaaS and managed remotely or installed directly on each device. By controlling data loss and through continuous monitoring, EDR offers SMBs with a significant number of endpoints a substantial solution to combat cyber-attacks. 


Penetration testing or “pentesting” is a security assessment tool that utilizes simulated attacks to search for network system vulnerabilities. It’s essentially a stress test to evaluate cyber security services and products already in place. Pentesting is invaluable because each scenario is customized to meet an individual business’ cyber security needs. Testing can be done internally and externally and focus on a specific area, like wireless applications or social engineering.  

There are three types of pentesting: white box, gray box, and black box. 

In white box testing, the tester is given information about the system or network to be breached. It is the most time-consuming and therefore the most comprehensive of the three types. 

Gray box pentesters have some knowledge of a business’ network, but not as much as in white box testing. In this case, the testing can be focused on areas of potential risk for data loss.  

Black box pentesting is the least comprehensive of the three types. In this simulation, the tester has no insider knowledge of the network system that it will attempt to breach. The problem with black box testing is that if a simulated breach is unsuccessful, there is no indication of whether internal network weaknesses exist.  

At completion, a comprehensive report is provided the business highlighting vulnerabilities, risks posed, and outlining information security solutions.  

SMBs choosing to arm themselves with these latest cyber security services will be safeguarding not only their intellectual property and other financial assets, but also their brand reputation in the event of an attack. 

About the Author 

Michelle Drolet is CEO of Towerwall, a specialized cybersecurity firm offering compliance and professional cybersecurity solution with clients such as Foundation Medicine, Boston College and Middlesex Savings Bank. Founded in 1999 in Framingham, MA, Towerwall focuses exclusively on providing small to mid-size businesses customized cybersecurity technology programs. Reach her at