[00:00:00] What is going to ruin you is a different sort of scenario than what's going to ruin the next person down the street.
Welcome back to success in mind. I am thrilled to guide you through an insightful conversation on one of today's most critical topics for small business owners. Cyber security. In this episode, I sit down with Dylan Evans, a seasoned expert in the cyber security field to dissect and demystify the often daunting world of digital security.
Together, we're going to share and explore some misconceptions and practical strategies that are not only affordable, but highly effective in protecting your business from cyber threats. You'll hear from Dylan why relying solely on tech solutions isn't the full answer and learn how identifying your business's unique vulnerabilities can be your strongest defense against cybercrime.
If you're a solopreneur or you're [00:01:00] managing a small to midsize business, this episode is a goldmine of actionable advice tailored just for you. And we'll discuss how AI is impacting cybersecurity, what it truly means for maintaining your peace of mind in this digital age. So join me as we explore this topic with expert Dylan Evans to give you the clarity you need to keep your business safe and thriving.
You're listening to Success in Mind, the show for high performing leaders, changemakers, and entrepreneurs ready to take your life and business to the next level. If you're ready for whole life success, keep listening.
Hi Dylan. Welcome to the show.
I am so excited to be here.
Good. I'm glad to hear that.
So I want to, I want to dive right in. What are some common misconceptions that people have when it comes to cybersecurity?
[00:02:00] Well,
do you mind being a guinea pig?
Sure. Yeah, go for it.
So if you. We're worried about cybersecurity. Maybe you saw something on the news or, or your buddy got nailed for some amount or something. What would you do to say, say you had a medium sized business and you wanted to keep it safe? What would you do?
What would I do? I don't even know. I think I would panic and probably
look your business owner risks happen all the time.
Fair enough. I, I, I really don't know. I think. To be totally honest, it's something I don't think I've paid enough attention to in my business, uh, which is one of the reasons I wanted to have you on.
'cause I know that I mm-hmm . Probably have some big gaps when it comes to cybersecurity or maybe some things that I'm not even aware of. Um, yeah,
yeah.
Know what I do.
Gimme a guess. Any guess? And I'll give you the answers if
Okay.
You can't come up with some,
probably like invest in some kind of [00:03:00] software.
Mm-hmm . I'd probably do something like that. Maybe. Call you.
Yeah. Okay. Those are, those are the first two. There's a third one that people usually say.
Okay.
Any guesses?
No idea.
Call the bank? I don't know. Yeah. You Google it. Right? Right. So those are the three answers. Maybe you ask your IT people to do something about it or you do something kind of IT ish.
Like you said, the first one. Second, you go hire someone in that space. Maybe you know somebody. Maybe you know about a consulting shop. Something like that. And third, you Google it, you just, how do I stop this stuff, right? These are the most common answers and they will all lead you to the same source, though you may not know it.
And that source is the cybersecurity industry. And that makes most sense. The top 10 listicles are written [00:04:00] from that you find on Google about what you should do, mostly correspond with the things that the consultants are going to tell you, or that. The IT people have, have gotten used to and are able to explain, but what gets lost in translation is that that cyber industry is not, the advice you're getting is not designed to solve the problem you came to it with, you came to it probably hoping to stop crime, to avoid getting nailed, right?
But the cyber industry is laser focused. It is just really good. And it's at something else. Helps make people defensible. If you need to be able to say, don't fire me. I did what a reasonable person would do. If you're the leader of it or maybe security and you need, [00:05:00] and you're, you know, you're going to get blamed if something bad happens and you don't have control over bad things happening.
Cause like it's people, right? It's fine. You can't police everybody. Then. You don't try. You try to keep your job when it does happen. And that's what the cyber industry is good at. You get a lot of money, and it makes you defensible.
Okay. Okay. So, what are some things that we should be doing? Yeah, what do we
do?
Easier than it sounds, and it's far cheaper than buying like a whole bunch of tech. Perfect. Yeah. I know. Unfortunately, it doesn't fit in a top 10 listicle because the answer is different for every business. What is going to ruin you is a different sort of scenario than what's going to ruin the next person down the street.
And maybe the person after them [00:06:00] doesn't have any risk at all. Think about what are, I mean, we're about stopping crime. If that's what you want. I mean, how many. How much business is done over the computer? All of it these days, right? Unless, unless you're running like a plumbing subcontractor and you're getting paid in cash and you're hiring people with cash on the side of the Home Depot when you pick up.
I mean, not many businesses work like that. There's some still, but because we work on the computer, crime happens on the computer too.
Yeah.
So all you need to do, easy answer, is figure out what's gonna be really painful for you. What kind of crime is gonna be really painful for you? And then figure out the easiest way to stop it.
Sounds, oh, of course, it's, it's so easy, right?
Yeah, yeah.
And of course, the devil's in the details, right? Of course. What is going to be effective for a mid sized commercial law firm [00:07:00] is different than a tire shop is different than someone selling cedar planking on 3 percent margin.
Are you ready to turn your passion into a podcast, but you're not sure where to start. Imagine going from idea to launching your own podcast in just five days. Yep. That's five days. Join me for the five day launcher podcast challenge. I've designed this challenge to take you step by step from concept to launch.
You'll learn everything from defining your podcast vision to the technical side of recording. And the best part you get direct support from me. Every day on live coaching calls, I've been where you are and I know what it takes. And now I'm a top 1 percent podcast host. So if you're ready to share your voice with the world, this challenge is your perfect starting point.
You'll be joining a vibrant community of like minded creators and together we'll make your podcasting dreams come true. Spaces are [00:08:00] limited because I'm committed to providing personalized support. So don't wait, sign up now and let's get your podcast off the ground.
, Small businesses, solopreneurs?
That are primarily online businesses. What are some of the things we should be looking at?
Solopreneurs are in a pretty good place because for a lot of reasons, the cyber industry is not half bad at protecting consumers. And the threats for a solopreneur are pretty much the same for like a regular consumer.
Mostly what you're going to worry about is people tricking you out of money. Right? It's just. Like the old, hello, this is the Microsofts, we have detected that your computer is so sad, please send us a million dollars so we can fix it. That's the sort of thing you're going to have to worry about. There are some high [00:09:00] value targets out there that are probably solopreneurs.
Think of like really boutique lawyers that are billing out at 1, 500 an hour or something like that. Uh, they probably have access to some Good funds or good information that could be converted into funds, but most of us, it's the regular stuff. It's someone tricking the IRS into into thinking they're you and giving you their or giving them your tax return tricking, tricking you into giving them money or taking out credit in your name or your business's name.
Okay.
If you make sure those things Don't happen, you're probably fine.
Okay. That's good.
We actually have an infographic back in early November, maybe late October. We did an interview, uh, a webinar partner and [00:10:00] I basically describing these threats for consumers. And we had an infographic saying like, here are the three risks that you need to worry about and here's the easy things you can do about them.
Yeah. You could, you could check that out. Yeah. Link in the description, I
guess. Yeah. That'd be perfect. Yeah. Okay. So can you share with us some of those things that we could be doing that's on that infographic? Some of the things
to
help us?
To avoid getting credit taken out in your name and the creditors coming after you, you do a credit freeze.
Everything else is worthless and credit freezes are substantially cheaper and faster.
Okay.
Easy, easy, easy. Second, not getting tricked into giving people money. This one. I mean, there's a million ways to trick people, right? We've been doing it for 7, 000 years. What we find works really well right now is don't pay unless it's in person or like the company's [00:11:00] actual payments portal.
Don't give any card numbers over the phone. Don't do Zelle. Don't do a wire. I mean, sometimes you can't, you have to, but these are the, this is how criminals love to take money.
Right.
Credit cards are awesome. That 3 percent they charge all the merchants, I mean, that goes to funding fraud. You can call them up 18 months later and say, hi, that was fraudulent.
And they'll say, okie dokie, and refund your money out of, out of those proceeds. That's the difference between credit and debit cards is with a debit card, you get none of the protection and the bank gets to keep all of the 3 percent that it charges the merchant. That's why they love you using a debit card.
I'll get to know. Okay. And what sparked your interest in working in cybersecurity? That's a
great question. I still haven't [00:12:00] figured out the answer to that yet.
No?
I started out like a typical nerd. My, like my, my first real job was IT and I liked it, but then I quickly figured out that It's more valuable, like I'd rather be the most hated person on a succeeding team than the most, than a, than a well liked person on a failing team.
And that the title for most hated person on a, on a team is project manager. So I did that for five or five or six years and then, and then moved into kind of like process because you get a whole lot more value in adjusting process. Toyota, lean, all that stuff, then you do in converting tools, which is mostly what IT is.
It's just like tooling. Right. And then from there, I kind of went on to like strategy and culture. And it seems like a lot of like, this [00:13:00] is a really painful area and it feels like, I don't know, it seemed like a missional goal of, Hey, let's send less money to North Korea's nuclear weapons program. Um, one fraudulent ACH transfer.
At a time. So, I don't know. I think a lot of people need it. There's a lot of misconceptions. There's more misconceptions than truth. Yeah. Don't buy tech. Don't give that money to Cisco. They don't need it. No? No. They don't need it.
Are there softwares out there or tools that we should be investing in to help us?
No. Really?
It's process. It's like, how does your firm do risky activities? What is risky to you, right? For some, it's going to be how do you handle money? How do you pay invoices? How do you send invoices, right? Making sure, even if someone breaks into your email or the, your customer's email, that that money is not absconded with [00:14:00] in transit.
Okay.
A missing. Invoice could mean the loss of your best customer, right? The loss of trust. That can be really damaging. I mean, even if the insurance payments that pays out eventually, that can be painful and, but that's completely different from, I don't know, someone who takes a lot of credit cards. Best way of protecting credit card data is not to have any credit card data.
Outsource that thing. It's not worth your effort. It's not worth the pain of losing them and then having the PCI council. Take away your ability to take credit cards. No fun.
Right. So what if we're, if we're accepting payments online through something like PayPal or Stripe, like, is that a safe route to go?
And, and who's liable for that? Like if. You know, for example, I'll use my business. Clients go on online, they, they pick their coaching package, their [00:15:00] program, whatever, they pay online. And then, and I never see, I don't touch their credit card information, I never see it. If there was like a data breach there, who's responsible for that?
Who's liable?
Not you.
Really?
Cause it's, yeah, and this is the way the PCI council wants it. Okay. Think of their, so PCI council is like Visa and MasterCard and most of the major underwriters and banks and stuff. And they, because they're liable in this product segment for all the fraud, they have a terrific incentive towards reducing it for everybody.
Right. And the easiest way to do that. It's to take away all the credit card access from all these merchants. Because imagine how many people, what, 20 years ago were taking credit card payments, like millions. Right? Mm hmm. You remember that thing at the gas station where [00:16:00] you'd put your credit card down and you'd run the little thing back and forth and it was like the blue imprint?
Come a long way. But it's like, that was a world, that was a higher trust world where secrets weren't needed. Right? The merchant was invested in keeping that number safe, and it was hard for people to break in and do fraud with all those blue receipt. Now we're in a world where like post Target, Michaels had a breach.
There've been a million credit card breaches. Credit card issuers want merchants to not have credit cards. And the easiest way to do that is to build up this industry of do it for you. And then have a big stick of making compliance really annoying.
Right.
So that everybody moves on to Stripe. Stripe is great.
Stripe is [00:17:00] wonderful. Yeah. I recommend Stripe all day long for lots of businesses.
Great. That's good to know because that's what I use. So that's very comforting.
That is what, that is what every visa partner would like you to do too. So
really. Okay.
Yeah.
Okay. That's good. That's good. How would we know if If we have any sort of issues with our like data we're collecting from clients or anything like what, what should we be aware of when we're collecting information from our clients?
This is, this is the hardest question and in part because it is not answerable. If you do things right, you should not have to be worrying about it, right? Like, okay, I'm going to put you on the spot, Teri.
All right.
Do you do all your operational finance for your coaching business?
Yeah.
Send out the invoices, pay all the bills.
Is that something you're good at?
I do it. I would say I'm pretty proficient in it. Yeah.[00:18:00]
Do you use like Stripe or, or some software to.
Yeah,
or are you writing in the checks in the checkbook and balancing the books at the end of the month?
Wouldn't even know how to do that. No,
right, right. My granny wouldn't cheat. She loves it But yeah My point is when you're using a system like Stripe It takes care of the boring stuff for you and it surfaces the important stuff to you
right,
and so you can tell if something is out of whack if something is strained and Stripe or PayPal or PayPal or PayPal Any of those, uh, merchant payment systems, finance systems, it's in their interest and making it really obvious to you because they recognize that your success depends on you not making judgment calls about boring [00:19:00] things.
It's part of their value proposition to take away the boring.
Oh, I like that. Right? Yeah. And the
unimportant. And if, when you grow, when you octuple your consulting business. You'll probably end up even with Stripe or whatever, outsourcing to an operational finance team. Maybe you get it from your bank, they have treasury management services or some, I don't know, outsourced partner.
Um, maybe you're, maybe you hire, hire an accounting firm. Cause they're, they're always like that combination is always going to be better at finding the problems than you will. Because you have limited. Headspace. Mm hmm. So when someone says, what should we know about security? What's, if you're doing it right, it should feel exactly like Stripe, that you shouldn't know anything.
You [00:20:00] shouldn't worry about security.
Okay.
If someone is telling you that you need to become security aware, they're not doing their job.
Hmm. Okay.
Well, if a security person is telling you, you need to be security aware.
Right, right. Okay.
I'm going to get flack for this, aren't I?
What?
I'm going to get flack for this.
This is, this is heresy in the security world. Really? Because the secu Yeah. I mean, everybody thinks that what they do is the most important. Accountants think that everybody should care about accountant, accounting and finance. Manufacturing people think everybody should care about inventory management and like scrap rates and stuff.
And security people think people should care about security. Right. I am, I am telling you no. Delegate that stuff. Yeah. They're smart
people. Okay. So good to know. This is like, this is giving me so much peace of mind right now. You have no idea. Yeah.
[00:21:00] Just don't pay over the phone. Yeah. Don't pay on anything sent to you in an email.
Okay. Google it. Yeah. How do I pay my bill on random tomato vendor? of Northern Duluth and then follow, follow the link on Google. It's going to get you there every time. And if they don't, that's your vendor's problem. Maybe, maybe they, if they can't be bothered to put a payment portal up on the internet, they can wait another couple weeks to get their payment until you show up in person.
Right. Okay. So good to know. How about, is um, is AI impacting Cybersecurity.
Yeah. But not in the way you think.
Okay.
So AI is this like super hot marketing buzzword, right?
Yeah.
Which is, which is like, it's in the news, right? Everybody wants some AI. And so as you'd expect, security [00:22:00] companies are putting AI in front of and behind all of their products and company names and stuff, right?
Yes. A piece of that AI action. AI adds no value to the protection side.
Okay.
What AI is good at, like the new generative AI, Chad GPT and its ilk, are really good at sounding believable, sounding convincing. What they are bad at is being right and being insightful. This is a perfect fit for the needs of a crime ring, because a crime ring does not care about being right.
Right. They
just need to sound convincing so you can part, part with your money. We are already experiencing a huge, not spike, but, but like it went up and now it's still up. It's going to be up forever in the maturity and the sophistication of, [00:23:00] of, of crime. Because it used to be that you'd need to pay like a fairly competent scammer.
Mm hmm. to have a sophisticated attack. And so it was only worth the time for a crime ring to, to pay that person to attack fairly large targets for fairly large amounts. And everybody else gets just like, please, this, this is the Microsofts, right? The poor two, three year. Call center worker, it's given a script and like,
you
know, but now, now the cost of running the white glove approach just went to pennies.
So cause you can, you can throw a computer at it. You don't need to hire proficient scammers 10 years in the, in, in, with 10 years of experience.
Right. Okay.
So it's, [00:24:00] it's going to be exciting. It already is for, for some businesses. They're just getting flammed.
Wow.
It's exciting. Is it? Brave New World. Sure.
Yeah. I mean, the solution is the same, right? If your solution to cybercrime was, well, we just need a lot more training. We need to train Pam and Victor and Deb and like these, these monthly trainings, you're not going to like, you're, you're going to reduce the frequency, but it's not going to be sustainable.
Okay. Victor's going to not pay any attention anymore after a year from his last training or something. But if you tighten your process so that no matter how fooled Victor is, there's no way he can buy 10 iTunes gift certificates or change the ACH number, the deposit information for a vendor. [00:25:00] There's no way he can do it without like four people being emailed that then, then this explosion of sophistication won't matter.
Okay. Yeah, that makes sense. Yeah. Good.
It's easier than, than people make it sound.
Yeah, that's what I'm hearing. Like it's, uh, you're making it sound very simple, very doable [00:26:00]
You can get really far by buying a couple pizzas and getting your You and your, um, maybe your best friends, your advisors, your coach in a room and like talking through what could end me and then removing single points of failure in those processes.
Maybe it's Deb who signs all the checks, right? Maybe, um, and, and adding resiliency to those steps. That'll get you really far. It's still complicated. Maybe that's what I like about it. It's fun. It's complicated. Never a dull moment. And so, and we have a lot of content on our website about like all the things that you probably didn't think about, like probably don't actually need to worry about [00:27:00] medical records.
Nobody cares. Right. That's the sort of insight that like you're not going to be able to come up no matter how many pizzas you buy your, your, uh, consulting consultants. And of course, like we're running a business too for those who don't want to spend those hours. Yeah, we, we help them out, but it is, yeah, it's simpler than most people make it sound.
Yeah.
Don't give money to Cisco. They don't need it.
Okay. Good to know. Good to know. Now, tell us about Simple Salt and what do you do there? What are some of the things that you do for your clients? How do you help people?
We basically just help them, advise them about how scared they should be, internet crime, and the easiest things to do about it.
What's worth their time. Most people who want to solve that problem are well protected on the technical [00:28:00] sense. They've, I wouldn't want to say overspent, but definitely adequately spent in almost every case. Their remaining pain points are, their remaining risks are usually at the strategic level, like, like you were saying, making a decision to not store credit card payments anymore and go to strike.
Usually that's at a, that's a decision made with, with many parties in a company, more than just the tech, right? Cause there's, you're, you're going to pay more to Stripe cause it's doing more for you than if you were just buying point of sales and, you know, running it through the phone lines. That's where we advise we, we, we can show clear ROI on this is how much you're likely to lose from a credit card breach or.
Invoice fraud, or, you know, all your medical records ending [00:29:00] up on the black market. How likely, how much it's going to cost you, and then how can you, what's the easiest thing you can do to eliminate that? And it's usually not a technical answer.
Hey.
So, yeah. So, so that's the kind of thing we provide. We usually focus on high trust professional services because.
Honestly, a lot of people are fine with an insurance policy, like a cyber policy. Now, I would say in my own self centeredness that everybody needs me. The folks who especially need to avoid crime are those who are going to lose, lose solid revenue if they experience crime. Mm hmm. People whose primary.
Value proposition is trust and once you, once your customer is blackmailed, [00:30:00] information that was stolen out of your control, that person is probably going to be very angry with you and you might lose other customers. That's who we help because no insurance policy is going to help recover that trust and that lost revenue.
Yeah, that makes sense. And I'm, I have to ask this just because I'm really curious. Where did the name Simple Salt come from?
I have a four page jibber jabber with my marketing team on that. The silly answer is, I'm a salty guy. I'm just very opinionated. And we want to make it easy for people, because it should be easy,
right?
Yeah.
That's most of it.
Okay. Cool. And I, I asked my Instagram community if they had any questions about cybersecurity that they would like answered. [00:31:00] And I had one come in from Lizzie and she asks, how can I protect info running my own server?
Don't run your own server. See, this is the sort of strategic thing.
IT is going to say, I guess we're locked into this system and it runs on your own server. So I guess we need to do the server. No, this is why Amazon is making so much money. It's not because of their, like, sending out, selling cheap Chinese crap with weird brand names. That's not the moneymaker. The moneymaker is their outsourced IT.
Okay. IT is a business, is a, is a practice of a million details done right. The most successful businesses focus on what they're good at and, and outsource the rest, right? To a competent and, and price competitive partner. Amazon Web Services, AWS, the [00:32:00] outsourced IT of the world. Mm hmm. Mm hmm. Is better at getting those million, billion details correct than you will ever be, even if you had the biggest budget.
Okay. I'll, I'll stick with it. They are better. They are better at it even if you threw a billion dollars at your, uh, IT department. Wow. And it's so cheap. I mean, you get, you get what you pay for, right? Because you want to do as little IT as possible. Can you move? I would, I would ask what system is running on the server, but in every case, it's better to have someone else do those details for you.
Good to know. Good. And now I have some rapid fire questions for you, if you're game for that.
Hit it.
Okay. Favorite book. What's your favorite book?
I don't have, man, I'm going to be a disappointment if all these are favorite things. I don't have favorites. I changed too much, [00:33:00] but the book that is making the most difference in our company right now is Working Backward.
Oh, nice.
Have you heard of it?
No.
It is, ah, man, there's a lot to it, but it's one of these tech books, like how to be a tech giant, and it describes how Amazon Amazon'd, at least in the early days. It's mostly like modernized process design. Cool. So, like how to write good metrics for team performance,
how
to structure meetings, how to think about incentives.
Cool. Yeah. It sounds really good. I'm gonna have to check it out. Okay. Another favorite question. It's the last favorite, I promise, is a favorite food.
Habbage.
Habbage.
I know. Rapid fire. Do you want the [00:34:00] rationale or not? I want,
yeah, I do. I need to know.
I have three children and one of, I see one of my success metrics as a parent to be a Helping them build good habits that will make them productive and helpful, helpful for their overall success and health is definitely one of them, right?
Like we're, we're figuring out it's all one body. It's all one system. You've got microbiomes and affect mental capacity and depression and stuff. And everybody says like vegetables, you, you cannot, you physically cannot have enough vegetables. And in particular. I think this is, this is less firm, but it seems like the less processed the vegetables, the better.
Mm hmm. [00:35:00] Yeah.
My kids are never tired of cabbage. I can cut it into little thin strips and put it on tacos. I can cut it into big old chunks and roast it. They, they like cabbage. And so it's not my taste. I mean, it's, I like cabbage too. It is a consistent winner, a consistent, solid performer. In my goal to give my kids healthy eating habits.
Great answer. You're the first one to say cabbage, I'll say that. What's your biggest pet peeve?
Legalism. And in part Simple Salt was founded, like that's part of the culture. We fight legalism, and by legalism I mean following the shape of success instead of its substance.
Okay.
I think there's a temptation for legalism in every part of life, right?
Just [00:36:00] going through the motions. Sometimes it's easier. But how many of us have been part of a project that just went through the motions and it felt so demoralizing, like, I am forced to pretend like I think this thing's gonna work and it's a cluster. Yeah. Right? And the cyber industry is, is especially full of it.
It's, it's not trying for results. It's trying for seeming, right? It's
prying. Trying
for sounding effective, not being effective.
Mm hmm.
Good. So we provide an alternative.
Perfect. And what's your go to karaoke song?
I am bad at karaoke. I, I sing a lot in my house. There's, there's like almost no overlap between the songs I want to sing.
And what people want to sing in karaoke bars or listen to.
Okay.
If I were to magically populate a karaoke bar with, with other me's, I would probably say, [00:37:00] Wish You Were Here, uh, the, the album by Pink Floyd.
Cool.
That is a fantastically uplifting album. Yeah. Nice.
Thanks. Good choice. And Darci Lange, who was on last week.
Cast along the question for you, who is the kindest person in your life?
I don't have, I don't think I have the wisdom to answer that. Really? I don't think, no, this is what I've noticed about myself. I do not know what I want. I think I know what I want, but like I go, I go get it and inevitably it's, I end up unsatisfied.
I am not a good judge of what is good for me.
Okay.
In that sense. I think I am also a bad judge of the competence and [00:38:00] blessings and effort of the people around me. And I suspect that's fairly universal. And so there's probably a lot of kindness and love and graciousness being poured into me that I have no conception of.
Wow.
Sorry.
No, no. That's a great answer, I think.
It was kind of a, I don't want to answer.
Fair enough. That's fair. That's fair. And, uh, what's a question you would like to pass on to the next guest without knowing anything about them? What would you like me to ask them?
What habit would be most helpful for you to change?
That's a great one. I love that question. Well, thank you so much for coming on today, Dylan. Do you have any final thoughts you'd like to share with the audience before we finish?
Nah. You can do it, guys. Perfect.
Perfect. Nice and simple. I love it. Thank you so much for being here. I really appreciate it.
Thanks, Teri. It's been fun.
I hope you enjoyed this episode [00:39:00] today. If you did, you know what to do. Leave that five star review, a written review if you are listening on Apple, and make sure that other people know about the show. Like, maybe share it with one of your friends who's a small business owner who would benefit from listening to this.
Thank you so much for being here. I will be back later this week with another episode of Success In Mind. Until then, bye for now, my friends.
