DP Solutions Newsletter

November 2018 Newsletter

 

Printer Friendly PDF


What's New

 

Gina-EddyWe are thrilled to introduce Gina Eddy as our new Project Manager! With over 25 years of experience in IT and project management, Gina brings her understanding of IT, project management and her customer service focus to DP Solutions.

 

“I am delighted to welcome Gina Eddy as DP Solutions Project Manager,” said Karyn Schell, President at DP Solutions. “Gina brings the energy, enthusiasm and experience that our fast growing company needs to continue to align our service deliverables with our clients’ goals and initiatives.”

 

Learn more about Gina

 


Welcome New Clients!

DP Solutions welcomes the following organizations that joined our family of clients this month:   

 

Azzad-Web MERC-Logo

 


 

Build Your Human Firewall with Phishing Testing

  

Phishing is a major threat for organizations all around the world.  Phishing is the exercise of sending illegitimate emails designed to elicit a response from the end user. Intended responses can vary from clicking on a link that infects them with malware, or tricking the user into volunteering information that they normally would not provide, like a password.  Frighteningly, phishing attacks are becoming more prevalent by the day.  According to Webroot, nearly 1.5 million new phishing landing pages are being created monthly.

 

So why is phishing so popular?  First, it’s relatively inexpensive.  Sending an email is practically free, aside from the time it takes to set it up.  Not just that, but email accounts are ubiquitous.  People often have two or three email accounts at minimum.  For example, I have a personal email account, a corporate account, social media accounts, etc.  And these accounts are accessed on multiple devices, like smartphones, tablets, and other personal and corporate devices.  So if you are the bad guy trying to start a phishing attack, one specific email could go to several devices. Then, if you send the same person the phishing attempt to multiple email accounts they control, you are expanding your reach of the attack even further.  All it takes to have a significant cyber security incident is one wrong click.

 

Phishing Testing Can Be Your Best Defense!

 

Phishing testing is perhaps one of the most effective measures a company can take to protect their business. So what is it? A Phishing Test is an exercise where a fake Phishing email is created and sent to a defined group of users.  When the user receives the email, they can interact with it similar to how they would interact with a normal email.  But when they click through the email and engage with it, they are brought to some kind of landing page. 

 

Depending on the goals of the test, the landing page can be a regular “404 error” style page (if you don’t want the users to know they are being tested), or it can be an educational page where the user is educated on the nature of Phishing and other security threats in order to create greater awareness in the long term.  Data on the emails sent, such as who got the emails, who clicked through, and so on is then logged for analysis.  Typically, management will then review the results with their IT advisor and talk about how to improve awareness and/or develop a more robust security posture if needed.

 

I recommend performing multiple tests per year, where different types of emails are sent to users on a regular basis.  The content of these emails should be varied and personalized to the audience.  You want to make these tests tricky in order to create a hardened level of awareness.  If you can teach users to identify less easily recognized fake phishing emails, the more likely they will avoid the real attacks. 

I also recommend sorting users who are having a difficult time with recognizing phishing emails into their own group to receive additional, custom training.  Some users who get Phishing Tests are quick learners, and we see these users have a major drop off in click rates after the initial tests, but other users will inevitably have a harder time.  This kind of managed approach to dealing with users who are having difficulty will result in lower risks and better awareness in the future. 

 

Do I need to do a Phishing Test?

Most likely, yes.  Not only do certain compliance standards require security awareness training and sometimes even specifically prescribe a Phishing Test, but it is immediately obvious that this is an external threat that most employees are not prepared to deal with and recognize. 

 

Phishing scams target the ignorance of the end user, and due to the volume of attacks it is really just a numbers game before someone with little awareness falls for a trap resulting in a major impact. 

 


AC-502


Guest Article  

Set The Right Priorities

With This Formula You Learned In Econ 101 

Geoff Smart

 

Most leaders struggle with prioritization. In the research we did for my book Power Score, we discovered that only 24% of leaders are rated as “good” at prioritizing. It’s no wonder, then, that employees are often so confused as to what they should be doing! And it’s certainly no mystery why so many leaders are tearing their hair out with stress.

 

But prioritization doesn’t have to be complicated. In fact, you can boil the entire process down to a simple formula you learned way back in Econ 101: expected value.

 

Expected value is a number that does exactly what it sounds like. It helps you determine the value you think you are going to receive from doing something given the probability it will happen and the value if it happens. The formula looks like this:

 

EV = P x V

 

For example, if I tell you that you can keep a quarter if you flip it and it comes up heads, the expected value of that transaction is
50% x $0.25 = $0.125.

 

Let’s say your team comes up with this list of possible priorities for next year:

 

Your next step is to say, “Let’s rate the probability we could achieve those priorities.”

  • Redo website
  • Create SMB product
  • Open a London office
  • Free sushi lunches
  • Digital Intellectual Property
  • Try to clone Elena
  • Launch candy bar product

The team ratings come in like this: London 10/10; sushi 10/10; website 9/10; digitize 8/10; candy 3/10; SMB 3/10; clone 1/10.

 

After that, you say, “Let’s now rate the value of each priority if we achieved it.” The team ratings come in like this: digitize 10/10; clone 10/10; London 9/10; SMB 3/10; candy 3/10; website 2/10; sushi 1/10.

 

Then you multiply the numbers together, rank them from highest to lowest and voila! You’ve got your priorities. In this case, the London office would come out on top at 90, followed closely by digitizing your intellectual property at 80. At the bottom would be the option to create a product for SMBs, though all the other options are pretty low as well, so your team would likely want to skip them.

 

The bottom line is this: You will be more powerful as a leader if you allocate time to the priorities that have a high probability of success, high value and high urgency and that also fit your Skill Will Bullseye. Rate and rank ’em. Then just do the top ones. Don’t do the lower priorities. At the very least, delegate or delay them. That’s it! 


Geoff Smart (105x140)

Geoff Smart is chairman and founder of ghSMART. Geoff is co-author, with his colleague Randy Street, of the New York Times best-selling book, Who: A Method for Hiring, and the author of the No. 1 Wall Street Journal best seller Leadocracy: Hiring More Great Leaders (Like You) into Government. Geoff co-created the Topgrading brand of talent management. He is the founder of two 501(c)(3) not-for-profit organizations. SMARTKids Leadership Program™ provides 10 years of leadership tutoring, and the Leaders Initiative™ seeks to deploy society’s greatest leaders into government. Geoff earned a BA in Economics with honors from Northwestern University, and an MA and PhD in Psychology from Claremont Graduate University.

 

Free Report:

Ransomware Hostage Rescue Manual:

What you need to know to prepare and recover from a ransomware attack




In this manual, we want you to know what to expect BEFORE an attack happens. This report covers:

  • How to know if you're infected.

  • What to do if you become infected.

  • How to protect yourself in the future.

  • Ransomware Attack Response Checklist.

    Get Instant Access to the Report!

  • anti-spam Important! We hate spam as much (or more!) than you and promise to NEVER rent, share, or abuse your e-mail address and contact information in any way.

    Client Spotlight:

     

    Financial-Consulate-LOGO

     

    The Financial Consulate was founded by Drew Tignanelli in 1984. The organization maintains a staff whose primary goal is to help clients lessen the worry and burden of money management so they have more time to spend building relationships.

     

    The Financial Consulate has over 1000 clients in over 25 states and multiple countries and are a Fee-Only financial planning firm, registered with the National Association of Personal Financial Advisors (NAPFA). As a NAPFA Registered firm, all of their advisors have signed a fiduciary oath pledging to act in client’s best interest at all times and do not accept sales commissions.  The firm’s strict fee-only commitment has driven its devotion to skill, knowledge, and education so your organization doesn’t have to worry about biased information or a hard product sale. 

     

    The Financial Consulate became a DP Solutions Managed Services client this past summer. "In most situations the on boarding process is difficult and painful,” said Michael McCarthy, Chief Compliance Officer at The Financial Consulate. “With DP Solutions, we were reassured of our choice of vendor during this process by the dedication demonstrated by the employees. They have a very engaged team that demonstrates great ownership of the work they do."

     

    To learn more, visit

    www.financialconsulate.com