1850 – Stop Internet Crime with Dylan Evans of Simple Salt

Josh (00:00:04) - Hey there, thoughtful listener. Would you like consistent and predictable sales activity with no spam and no ads? I'll teach you step by step how to do this, particularly if you're an agency owner, consultant, coach, or B2B service provider. What I teach has worked for me for more than 15 years and has helped me create more than $10 million in revenue. Just head to up my influence. Com and watch my free class on how to create endless high ticket sales appointments. You can even chat with me live and I'll see and reply to your messages. Also, don't forget the thoughtful entrepreneur is always looking for guests. Go to up my influence. Com and click on podcast. We'd love to have you. With us right now. Dylan Evans. Dylan, you are the founder of Simple Salt. You're found on the web at Simple salt.com. I am so grateful to have you here because this is a pretty hot topic. Dylan, thank you so much for joining us.

Dylan (00:01:15) - Thank you very much. It's great to chat with you.

Josh (00:01:17) - All right. What is this hot topic that we're talking about today? Your area of expertise, the work that you do.

Dylan (00:01:24) - Sure. The FBI has been noticing and I'm sure you have it all our listeners have as well. Internet crime is increasing. Like, if they if Vanguard sold a mutual fund of like, Bulgarian crime rings, I would buy it. They've been getting big bucks 40% year over year growth., it's they're winning and. A lot of firms don't know what to do, and they're especially going to high cost solutions. And I would say it's clear the current approaches are not working very well.

Josh (00:02:02) - Yeah. Well where do we go from here. Like thinking about this audience. So this audience probably deals with some sensitive information. I'd say most of us, you know, we have customer information. We've got certainly. You know, obviously if we think about most, say agency owner or consultancy or a, you know, a SaaS company, I think all of us deal with some sense of information.

Josh (00:02:28) - Certainly we have data and systems and things that are very valuable to us, that if those were compromised in some way, it could really be potentially devastating, not just for our livelihoods. You know, our business is but, you know, it could affect the people's lives for sure.

Dylan (00:02:52) - Yeah. I think there's some misconceptions that like, this is scary and big and people don't know how scared they should be because they'll read about, like, what? Masks for billion dollar settlement because they were out of commission for like 4 or 5 months. And they think, could that happen to me? And usually the answers are pretty simple. But you're right, it's highly contextual for the business. If you run a tire shop, you probably don't have a lot to lose. Like, worst case, someone defrauding you for maybe a month's worth of revenue if that's what you got lying around in the bank. On the other hand, if I'm getting a terrible divorce and my divorce lawyer loses my file to Facebook, right, it goes beyond financial for me.

Dylan (00:03:35) - That's my whole life.

Josh (00:03:38) - Yeah. All right. I'm hoping, Dylan, that you could pick out of a hat. Maybe 2 to 3 things. Thinking about,, you know, the persona of a,, of an SMB founder, which is a pretty common type of person that listens to this show., what are a few things that you say? Listen, when it comes to best practices for security today, here are probably a few things that some vulnerabilities that you have that I'm going to give you an assignment this week. Right. You're going to work on this. All right. What are those 2 to 3 things that immediately come to mind.

Dylan (00:04:14) - I got two. Great. One is a password manager. People have been telling you for 30, 40 years not to write your passwords down. They were wrong. Sorry. Sorry about that. The one I recommend. There are two. If you've got a mac, get password. Something I don't know. It's like the Lexus of password managers escapes me for the moment.

Josh (00:04:36) - I hear LastPass talked about a lot. One password I think is another one.

Dylan (00:04:40) - One password is like the Cadillac. Yes. Thank you. One. That was the the part I missed. The other one is Bitwarden. Bitwarden is coming up fast. They're like the Honda of password managers. They make sense for a lot of people that maybe don't want to spend on a Cadillac. But you're going to be putting your life into this thing. Your goal is to never type a password again, because honestly, it's not worth your time to remember all this junk. There's easier ways. Yeah, there's a lot more here.

Josh (00:05:08) - Before we can get kind of to some other topics, let's talk about passwords just a little bit more. So there's obviously this password is kind of, you know pretty typical that's you know, very, very common. You know, way that we've secured access to our valuable information. Then there's kind of next layers I think that we're seeing a lot. So two factor authentication I'd love to get your take on that.

Josh (00:05:30) - And then we're also seeing a lot more companies moving toward Authenticators, right where and this would look like you've got an authenticator software that you use. It's going to give you a revolving pin code that every 30s it changes. So you have to log in using that. I'd love your take on these.

Dylan (00:05:51) - This is moving fast. Like the advice on this has changed radically in the last three years and especially in the last five years. And I would say at this point. Multifactor is great, but if you've got a really strong password that only is in your password manager and it's 63 characters of random gibberish, yeah, that's pretty good. Like an extra token on on your phone isn't going to help a lot more than that. It'll help a bit. If you are going to go MFA and you're going to say like, yes, I trust my life to this thing, go big, go buy a YubiKey. They're like 40 bucks and they will give you better protection than anything on your phone ever can or will.

Dylan (00:06:36) - It's well, at least until Google comes out with the next best thing, right?

Josh (00:06:40) - What did you say? You said YubiKey.

Dylan (00:06:42) - Yeah. Why? You buy key? It's a little dongle you plug into your laptop or whatever. Yeah. And through the magic of very complicated math, it does better than any code or any push to your SMS or something ever could.

Josh (00:07:03) - Yeah. Okay. So you have literally a physical key I'm looking at this right now., just doing a search is I see like Yubico offers one to do you really care about the.

Dylan (00:07:15) - Yubico is the one that sells YubiKey and it's like Kleenex, right? They're the leaders. Google tried to come up with one because, you know, when they got blown open by the Chinese government,, they said, you know, we got to get on this. And they rolled them out to everywhere. Well, they're big enough. They were able to just enforce the manufacture, so they sell theirs as well. But YubiKey is is the Kleenex.

Dylan (00:07:39) - Yeah. Works with everything.

Josh (00:07:41) - Yeah. I'm on their website right now. It's 50 bucks, you know, all the way up to I think the most expensive one is 65 for 75 for individuals. So 5050 bucks looks like the gold standard here. So this is.

Dylan (00:07:53) - The gold standard. Yeah. And now note they make a mistake on their website. They'll sell you one at a time. This is a terrible idea because you always need to.

Josh (00:08:05) - Yes. Like having for your car right. You always need a spare key.

Dylan (00:08:09) - Right. Because through the magic of math, you cannot call a locksmith on this thing, right? If you lose it, it's all gone. You're going to have to call every dang org whose access is tied into this thing. It protects you, but it also protects you from yourself if you lose it. So yeah, you provision two and you put one immediately into the safe deposit box at your bank.

Josh (00:08:35) - That's it. Yep.

Dylan (00:08:36) - And you never take it out if you lose yours.

Dylan (00:08:39) - Yeah. And you need to provision a new one.

Josh (00:08:41) - Yeah. Brilliant. This is cool. This is exciting., aside from Pat. So passwords alone, I mean, Dylan, if you could influence the world to get smarter about passwords, you think about how much cumulative damage could be prevented. This is huge for every business owner. You know, especially when you're thinking about,, you know, multiple employees that have access and you're sharing passwords. That's not a good way to do that because Password.

Dylan (00:09:09) - Manager has you handled here too. Yeah. Because,, for like six bucks a month, you can or like, maybe if you go to the Cadillac version, you can provision six bucks a month per employee. You can put all the passwords like you got a corporate account for buying you just like click the button, you say. Now, Deb, the account manager has access to log in to the procurement website and buy the piping supplies or something. And then she leaves next week and you just say, oh, and it's gone, right? She doesn't have access anymore.

Dylan (00:09:42) - And she never knew it in the first place because it was impossible to remember. Right? Because you did a good job and use a truly random string of gibberish. Right? Right.

Josh (00:09:51) - Yeah, this is really exciting and I didn't even know I'm learning already. So many things aside from passwords before. I want to talk about, you know, what simple salt is and who you work with. Any other like things that you would recommend to business leaders?, certainly founders look into to improve the security. Maybe it's a best practice or something that you would recommend that they really, seriously take seriously, well, what you recommend they take seriously, starting immediately.

Dylan (00:10:17) - Yeah, this one's a bit philosophical. It's a little less concrete. Stop doing so much. This one comes straight out of E-myth, right? Yeah. You are probably doing too much. And this is this is a natural tension and friction. When you grow, as you grow, you have to let go of stuff. And it makes sense that the highest risk things you let go of are kind of the last.

Dylan (00:10:43) - You lag on those. So like finance and it these are really important things to get right. Can't double bill your clients, but that's where the risk of crime comes from. And so there are some excellent companies out there right now that will allow you to just step away. And through automation, through there's some fintech companies out there that will just like kind of do the whole thing. And then all you need is like maybe a ten, 20 hour, a quarter or fractional CFO to ride herd on the whole thing. And you have just eliminated so much, not only security risk but operational risk, right? You don't have people clicking in and you don't have their credit cards anymore. They put it into their portal. You don't have to collect the evidence. PCI Council's not going to come down on you like a, like a ton of bricks and upcharge you for for losing everybody's card number. Stop doing it all.

Josh (00:11:45) - Yeah. All right. Your website is simple. Salt. Com sure a little bit about what your services are, who you work with and what you do.

Dylan (00:11:55) - Yeah. We focus on high trust professional services firms. That is companies with a lot to lose. Like the lawyer I mentioned earlier, hire shops are not our specialty. They're probably going to be fine. Most businesses are probably going to be fine with that cyber writer. But if you are going to have if you sell trust, if your most important stock and trade is trust, insurance policy is not going to help you, right? You're going to lose 4,060% of your revenue overnight. If something bad happens with crime and the insurance policy is not going to cover that kind of damage, they're going to help you recover. They're going to hire someone to get things clean again, but they're not going to be able to recover those customers. We help leaders of kind of mid-market midsize businesses with a lot to lose. Evaluate alternate strategies, alternate approaches to the traditional, high expense, high tech solutions that you usually find in, like the big lists that you find on the internet, how to be secure. And then like, it's just like, here are $400,000 later, this is what you need.

Dylan (00:13:10) - We offer some creativity and some very data driven, forward looking decision support.

Josh (00:13:18) - So what does in terms of like your engagement? Like do people hire you for a monthly basis or what is that generally? Because like I'm looking at your services and this is really interesting. Like you go through compliance readiness virtual risk officer were coach checkup phishing. I'm curious you know kind of what how these offers look or what they look like.

Dylan (00:13:39) - Almost everything is recurring month to month. Do not give any discounts for the, you know, for buying a year at a time, because we really are sure of the value of what we offer. You know, we don't lose clients. And I would say we are there to help you not worry about something. We are there to easily explain. I mean, you could be for beers in and operating on one hour of sleep, and we specialize in helping you understand how worried you should be and what you can do about it, and like how worried you should be to the actual things that matter to you.

Dylan (00:14:20) - Right? Not just some long list of things wrong with your company that that some nerd put together.

Josh (00:14:27) - Now when somebody goes Dillon to simple-salt.com, what would you recommend that they do.

Dylan (00:14:34) - It's designed to be scalable. Every service that you hit. You say, I'm interested. And it's a meeting. You say, I want to talk at this time. And we talk about what you need. So you get sent. Sometimes it's me. I'm doing the risk officer services right now for high profile clients, but it's we're not going to waste your time. We don't have time to waste your time. We've got you got stuff to do. We got stuff to do. We're. You do not have to wait for some suited up sales reps. Do a discovery call. I'm going to get this thing going.

Josh (00:15:10) - All right. Again the website simple dash salt. Dylan Evans, you are the founder. I really appreciate your conversation. Thank you so much for the tips. Great insights. It's been great having you on the show.

Dylan (00:15:22) - Awesome. Thanks, Josh. It's been a pleasure.

Josh (00:15:30) - Thanks for listening to the Thoughtful Entrepreneur show. If you are a thoughtful business owner or professional who would like to be on this daily program, please visit up my influence. Comments. Guest. If you're a listener, I'd love to shout out your business to our whole audience for free. You can do that by leaving a review on Apple Podcasts or join our Listener Facebook group. Just search for the Thoughtful Entrepreneur and Facebook. I'd love, even if you just stop by to say hi, I'd love to meet you. We believe that every person has a message that can positively impact the world. We love our community who listens and shares our program every day. Together, we are empowering one another as thoughtful entrepreneurs. Hit subscribe so that tomorrow morning. That's right. Seven days a week you are going to be inspired and motivated to succeed. I promise to bring positivity and inspiration to you for around 15 minutes each day. Thanks for listening and thank you for being a part of the Thoughtful Entrepreneur movement.