Hire a Scale Architect | Grow Your Coaching Business | Log In

Scale Architects

Powered by Predictable Success

In this unshakable episode, Dylan Evans, Founder of Simple Salt, shares how he approaches most challenges through continuous improvement, well-chosen metrics, and doing simple things well.

You will discover:

– why the cyber security industry doesn’t really care about preventing internet crime
– why cyber thieves don’t care about how small you are
– simple, actionable, and virtually free steps you can take to protect your business

Episode Transcript

Scott Ritzheimer

Hello, hello and welcome. Welcome once again to the secrets of the high demand coach podcast. And I am here with yet another high demand coach who looks a little different than your average coach, but is every bit as impactful. And you’ll see what I mean by that in just a moment. We’ve got with us today, the one and only Dylan Evans who set who founded simple assault to protect businesses from internet crime providing practical and clear guidance that works. Today, he helps companies to prevent internet crime more efficiently, better, faster and stronger than conventional approaches. And he’s led teams and built capabilities in traditional cybersecurity for over 10 years covering manufacturing, retail, and financial services. Ladies, gentlemen, this is someone who knows what he is talking about, where it changed things up on you just a little bit at the start of the show here. Right out of the gate, we’re gonna ask what I think is one of your favorite questions. And that is this. So Dell Dillon, welcome to the show, we’re throwing you right into the fire here where we’re going the full enchilada. So I want to start off with this question I asked of all my guests, and it is what is the biggest secret that you wish wasn’t a secret at all? What’s that one thing you wish everybody watching you listening today knew.

Dylan Evans

The biggest secret of the cyber industry is that it’s not designed to stop crime. Everybody, like if you want to, if you want to stop crime for your business, if you are hoping to avoid getting nailed, maybe you’re hoping to avoid fraud, maybe you’re hoping to avoid sensitive customer secrets, getting out maybe all your pricing getting out. What you would normally do is go to the cyber industry, you would go to some sort of technical, maybe your IT shop is going to help you out. But it’s an open secret in the industry, that 99% of our effort is not aimed at that problem. It’s aimed at making people defensible, being able to say, don’t fire me, I did what a reasonable person would do. And in a fast growing fast moving industry like cyber this cat and mouse game. What stops crime and what is defensible, don’t have a lot of overlap.

Scott Ritzheimer

So I want to focus in on a specific verse or a specific grouping, that is a better way of doing it and talk about this world of small business and maybe even to medium sized businesses, because a lot of folks here cybersecurity. And that’s that’s just not, we don’t have to worry about that. All right. Let’s for like Google, and you know, target and whoever is on the news last week of getting hacked. So how real is the threat to your small mom and pop or your to your you know, kind of medium sized local manufacturing company?

Dylan Evans

Pretty big. There is a perception among these businesses that no one’s going to target them. And to a degree, that’s correct. No one is going to spend 150 200k Putting together a white glove attack for I don’t know, like, like a copper pipe fitting business. Right? You’re right, but you are going to get attacked. It’s just not specific to you. Right. Think, think of it like a boat trawler. It’s just trying by doing what it can get. And the question is not Is anyone out to get you? The question is, as people as these these are, these are businesses that are call centers as they go and attack businesses and try to defraud businesses like yours. Are you going to be the one that gets nailed this week?

Scott Ritzheimer

Wow. So I’ve actually heard you talk about this before as I was researching the episode, but this is helpful to for us, especially we’re looking at protecting ourselves to be more specific about what we’re protecting or or even understanding why they’re really attacking us. I mean, I get emails, like, why would you even send that? I don’t understand. So why is it that folks attack us? And how does that help us to shape the way that we protect ourselves?

Dylan Evans

Yeah, that is really the key to success here. If you are going for defensibility, what you want to do is you want to get a lot of boxes checked, because an auditor is going to come along and they’re gonna say, did you do this and you need to show them evidence that you did that thing. And you’re going to need to do that for 100 200 pages of checkboxes. That’s what compliance is. If you want to avoid crime, that’s fine. specific to your business. What is threatening to like a reseller, who, you know, buys a big shipment and resells it on 6% margin, and you know, they’re waiting on the cheque clearing, before before the other one gets cashed. That’s a very different risk than a lawyer, like a divorce lawyer. If someone drains your bank account in the wrong week, and you’re a borrower, you’re a reseller, that couldn’t be millions, that you’d be out. And, and your bank only gives you 24 hours to report fraud, right for ACH transactions. Whereas, like, if you’re a divorce lawyer, you lose your clients file. Man, that guy is gonna come after you. That’s his life at his worst moment. And maybe you own a retail establishment. And none of those things apply to you and you don’t care at all. It really comes down to what is really going to hurt your business.

Scott Ritzheimer

Yeah. Yeah. So with that, there’s, there’s kind of three approaches to it. Describe a little bit about what the three different approaches are to security and which, if they’re better, or if they come in sequence, how do we start to approach that?

Dylan Evans

Sure. The default perspective, this defensibility first, this compliance first, this is the dominant method. And so think, if you are the security leader for a fortune 500, you’re there maybe two, three years, you’re not hoping to solve the problems, you’re just there to defend against the lawsuit, should should the breach happen on your watch. And so you, you get down some list of right things to do you do everything, you get lots of evidence. And this doesn’t have to work, because your goal isn’t to stop crime, it’s to keep your job. And so this actually works, it works at helping C suites keep their jobs, but the same approach is packaged. And that’s what you find, if you like, How do I stop internet crime from ending my business on Google, you’ll see the same top 10 listicles that are driving the how do I keep my job just thoughtlessly regurgitated, you know for you. And that’s not not maybe not your same goal. But a lot of businesses that do have like a really thoughtful approach to risk and crime. It happens within the finance department. But businesses that are too small to have really effective and trade routes, like a plus finance departments may not realize how how scary things are. And they’re hearing on the news, they’re seeing big examples of very scary things. But they might not have a good idea of how that might overlap with their actual business risk.

Scott Ritzheimer

Right. So I’ve also heard you talk about this idea of Process Engineering from a standpoint of protecting ourselves. And I think that that’s kind of a missing piece for a lot of folks and maybe even feels more accessible once you actually understand what it is. So, talk to us a little about what that is, and, and how folks can start to apply that in their businesses.

Dylan Evans

This is usually where most businesses have the easiest wins. If you think about how much you could spend on tech, or maybe you are spending on tech boxes, that $20,000 boxes that sit in your closet and blink. If you think about your true threats, what is really going to nail you, you’re probably gonna have a lot better success by tightening the way you do accounts payable. We’re tightening the way you’d send trusted communications to your customers send them invoices, right or or exchange sensitive data with them. Maybe you want to just get out of the IT game entirely because you know a SaaS provider, you know, internet service is going to do a better job than you at all this it stuff anyway. In so you don’t have to worry about all these vulnerable Ladies and technical jibber jabber it process is often the easiest way, whether it is making sure you’re doing one thing and tightening it up, or just getting out of the business entirely. And a lot of businesses don’t realize those are options.

Scott Ritzheimer

Yeah. Yeah. And so give us an example of that. Because I think this is really helpful for folks. Let’s try to drill into this accounts payable, right? I think everyone’s gotten the email, like, Hey, can you send me? You know, send me $100, you know, and slide it under the doors and says new, it feels like the most random stuff, but what is an attack look like in that space? Right? And how can we protect ourselves against it?

Dylan Evans

Sure. There are, there are so many variations. And one of the ones that you mentioned, very popular, they just send an invoice and, and they hope you pay it, they hope you just like you’re not organized, and you just trust that this invoice is legit. Google got scammed out of like 50, 100 million, about five years ago, through exactly this thing. They just paid all the invoices that were sent to them. And this is easy to fix. You just I mean, we’ve had the technology for doing this since the 60s. reweigh matches a pretty standard thing. You can you can get a commodity, you issue a Pio. And that’s kind of like this internal authorization to pay a vendor works great. It’s it’s boring. It’s more. There are other possibilities, though. For instance, I mean, think about how many times you or a friend has gotten your email broken into, imagine what would happen if one of your vendors email was broken into, and they send you an invoice with a different payment mechanism, a different deposit information, a different link to it, pay their invoice, and you trust them. And you just click that thing. You see, ah, it’s from Debbie, I’m going to pay it. And then some criminal runs off with a lot of money that you and Debbie aren’t going to be able to recover. That’s also very common. There, you might get called by someone pretending to be Debbie, trying to just trying to trick you. There are so many variations. And usually they’re just trying to slip through the cracks. Because if you’re just paying everybody willy nilly, they’re gonna have more success. And if there’s a really specific way, you you pay your vendors and that’s it, that you’re gonna be a lot more resistant to attacks of this sort.

Scott Ritzheimer

Yeah, that’s so true. So I’m wondering if you could just kind of tie this all in together for us, give us a couple either steps or things that we should think about? What are some actionable? What are some actionable steps that we can take coming out of this interview to help better secure our small, medium sized businesses?

Dylan Evans

Yeah. It’s easier than you think. If if you have a perception that the cyber industry is incomprehensible, and its technical, and it seems to cost a lot, and you’re not sure if it’s even working. You’re right, like, crime is exploding 40% growth year over year over the last 10 years. You’re right. It’s easier to fix than you think. And there’s no magic techno wizard stuff. You can solve this through mostly common sense. Think about what you are at risk for what’s going to truly nail you what’s going to end you and then say, what’s the easiest way I can solve that problem? If you need help, we have plenty of content available on our website. And you know, we’re always available for for talking but don’t be don’t be afraid. This is not a difficult thing. And you don’t need to spend a lot to get some really great results.

Scott Ritzheimer

Yeah. And it’s great. So that actually brings me right to my next slide. There’s some folks thinking like a couple of things one I don’t want to do this by myself, right? It just It does. It feels overwhelming. And and also, hey, this is the first time someone in this world has spoken my language and they want to be able to connect with you. They Wanna learn more? How can they find out more about you and Simple Salt?

Dylan Evans

We’re on LinkedIn, we’re on Google, we’re slowly building up that that marketing machine. Marketing is harder than it looks, guys, as you probably all well know. We have a lot of free content, like I mentioned, there’s practical guides to using a password manager effectively, the right way to outsource it and finance. You don’t want to just get a part time bookkeeper to do it all for you. She’s gonna get nailed. Just like just like if you did it in house. We are also available to just talk we have an easy service called we call it a checkup, which provides a basic assessment of how scared you should be, and the easiest things you can do about it, and how hard they are. We also offer services for larger businesses, maybe a couple 100 million those those folks who have a lot to lose, and really can’t afford anything like that. If you have questions about security, that’s our main message and our priority here. We just want to make security accessible and demystify these hidden secrets that we wish were better understood in the world at large.

Scott Ritzheimer

Well done, I know that that this has been just the right thing for the right time for some folks, and those of you watching listening, I highly encourage you, though the website’s phenomenal. There’s so much content on there, we’ll put it in the show notes. You don’t really have you felt it already in this great way of making this really seemingly complex world very simple, understandable, and actionable. So head on over there. Check out the work that they do and reach out for help. You don’t have to do it alone. Dylan, thanks for being on the show. Just an honor and privilege to have you here. Fantastic conversation. And for those of you watching and listening today, you know your time and attention mean the world to us. I hope you got as much out of this conversation as I know I did. And I cannot wait to see you next time. Take care.

Contact Dylan Evans

Dylan Evans founded Simple Salt to protect businesses from internet crime, providing practical and clear guidance that works. He started Simple Salt to help companies prevent internet crime more efficiently, better, faster, and stronger than conventional approaches. He has led teams and built capabilities in traditional cybersecurity for over ten years, covering manufacturing, retail, and financial services. ​ He persuades the people around him that they are valuable, worth loving, and capable of good. He is here to improve things, identify and execute his next right step, and help others do the same.

Want to learn more about Dylan Evans’s work at Simple Salt? Check out his website at https://www.simple-salt.com/.

Podcast Booking Status: Open

We are looking for podcast guests, and we want to share your story.

Are you a coach, consultant, or advisor for entrepreneurial organizations? If so, let’s do a great show together – and we can promote you to our audience on all our social media channels, website, and email list.

Guest requirements:

  • As a coach, you should be experiencing some very good momentum AND be grossing $100K or more annually. We’ll be talking about how you help your clients achieve extraordinary results.
  • Consider yourself as equally people and results-oriented in your mission.
  • High-authority expert management and independent coaches who work with founder-led entrepreneurial organizations of 40 or more employees. We also encourage guests that are operations/strategy and culture consultants, advisors, and leadership coaches to be guests (no specialties in marketing, branding, sales, or IT, please
  • Please, no new coaches (under 3 years), published authors, non-independent coaches, or non-business coaches/consultants.
APPLY NOW!