From the Desk of Paul Meadows:

“Our employees never click on the links or attachments in an email.” What would make a business owner compelled to make such an incorrect statement? Let’s start with the assumption, that I know with a great degree of certainty that such a statement is wrong nearly every time it is made. I will qualify that assumption shortly, but for now, if I am correct, why would a business owner make such a statement? Read my post this month to not only get the answer to that question but also, hear my explanation as to why I am certain that such claims are wrong the vast majority of the time. Finally, read on for the free challenge that will give you incredible insight as to just how educated your employees are about phishing!

So why make such a statement? There are only a few reasons and most likely the answer is one or more of the following:

  1. Ignorance. I don’t mean that in an insulting way, I just mean that sometimes business owners and even managers are completely disconnected from the truth about their employees. They are often too busy to really know what their employees’ level of competency on such topics and they often are not training or testing to get better insight. Instead they give the benefit of the doubt and assume.
  2. Protection of negotiating power. In more descriptive terms, a prospective customer will often minimize the problem, because if the problem is seen in all of its full magnitude, then the solution for the issue may seem very expensive. Firewalls, endpoint protection, wireless protection, email security, training, testing….it all sounds very expensive! So, sometimes a customer will minimize the issue in order to avoid being sold a solution altogether or to avoid what is perceived as an expensive solution.

Neither of these are good reasons to minimize a problem that I know exists. How do I know? I see it every day! Phishing attempts are relentless and more and more sophisticated. There are more each day and they are more difficult to detect each day. Why? Because systems are not sophisticated enough yet to eliminate phishing attempts. Some are certainly squashed before they reach your users inbox, but those are typically the really poorly written phishing emails designed to penetrate the weakest of security solutions and the least informed individuals. The ones that get through decent systems appear to be much more legitimate and they are often specifically targeting individuals based on their roles and responsibilities (i.e. a phishing attempt that appears to be an invoice attached by a vendor sent to the accounts payable person in the company). They are also sent with very specific timing to take advantage of events that are taking place in order to provide a deeper disguise.
Still not convinced? Take my challenge! Contact me at and ask for a trial Phish training campaign. I will coordinate a one-time test for your employees at absolutely no charge. If you are willing to allow the test to occur without mentioning it to anyone else in your organization, you will be shocked when we show you the reports indicating which users opened a phishing email, which ones clicked on a link or an attachment and which users actually submitted information upon request by the phishing email. Here is your chance to see just how educated your users are at no cost to you!

How To Avoid Getting Hacked By Cybercriminals And Protect Everything You’ve Worked So Hard To Achieve

Cybercriminals are always looking for new ways to steal data and make a buck at the expense of someone they’ve never met. They don’t care if they ruin someone’s life or destroy a business in the process. This is why it’s so important to stay up-to-date with the latest technology.

Cyber security threats are constantly evolving. If you let your software or hardware – or both – fall behind the times, then you put your business at serious risk. Five years ago, your malware protection might have been the best on the market. If you haven’t updated since then, you need to change that. Here’s what you can do right now to protect everything you’ve worked so hard to achieve.

Stay updated. After a while, developers and manufacturers stop supporting their old hardware and software. Many of them simply don’t have the resources to keep updating older products. They need to make sure their current products are supported and secure. After five years, they may stop sending out security patches for their software. Or they might not offer help-desk support for a seven-year-old router.

If you run into this situation, you may need to invest in new equipment or software. It can be a tough pill to swallow, but it doesn’t compare to the cost of dealing with a hack or data loss. Data loss can be devastating for a business. Some never recover and have to close their doors because the cost is so high – and customers don’t want to give their money to a business that isn’t going to keep their data secure.

At the same time, you need to update your existing equipment and software. Make sure everything has the latest security patches. Most hardware and software come with an option for automatic updates. If you’re concerned that you’ll miss an update, then keep this option on. It is a good idea, however, to check everything periodically to make sure the updates are being applied, just in case.

Say yes to proactive monitoring. Proactive network monitoring can be your best friend in the fight against cyber-attacks. Many IT security firms now offer proactive services. Basically, they watch your network 24/7. If a threat is found, they can stop it before it does any damage. They act immediately to stop those threats.

You can sign up for real-time reports or just get updates once a week to stay informed so you know what’s going on with your network. Proactive monitoring can also make sure your systems are up-to-date (coming back to our first point). If they detect a vulnerability, then they can work to patch it. This means you have so much less to worry about so you can focus on what really matters: growing your business and taking care of customers!

Back up everything. If you don’t have data backups for your business, it’s time to change that. Setting up a data backup system – whether it’s local or cloud-based – can sound like a lot of work. You might have a ton of data, especially if you’ve been in operation for long. But not having a backup system can tear your business apart.

If a piece of hardware fails or a hacker gets into your data, you may have to dig deep into your pocket to recover it or you may just lose it all. There are a lot of scenarios where data can be lost.

Investing in a backup system, like a secure cloud backup, solves this. You can set up a secure system that backs up data daily (or nightly), weekly or whenever you need it. It’s good to keep backups off-site just in case anything happens on-site (electrical surges, flood, fire, theft, etc.). If data is lost or your network falls victim to ransomware, then you can restore your data and continue operations!

These tips can seem like a lot, but when you partner with a dedicated IT services company, you can overcome a lot of hurdles. Working with IT specialists is how to keep your business safe in a world where cybercriminals are actively trying to break in. You want someone with the expertise to secure your network watching over your shoulders.

Do You Have A ‘Ninja’ Executive Assistant?

One of the best-kept secrets in business is the importance of having skilled executive assistants on your team. The role of an EA is often the first point of contact that a prospective client or colleague has with your company. Talk about brand impact! You might talk with this person more than anybody on your team. Poor performers make your customers angry, your team frustrated and your family lose touch with you. Great performers amplify your positive impact on the world as a leader, make the cash register ring and help you have more time with your family.

How can I hire a ninja EA?

All great EAs are organized administrators, but beyond just organization, what “extras” do you value for this position? The ability to support your business development efforts by managing a pipeline of client opportunities? Great writing or editing skills if you write a lot? Social media and public relations skills if you are on a marketing push? Human resources or legal skills related to contracts or training seminars? Event management? Find an EA who can offer you what your company needs.

Select the right candidate by doing the same in-depth Who interview you would do for any other key role. Talk through all of their jobs, what they were hired to do, accomplishments, low points, what feedback they received from bosses and peers about their strengths and development areas and why they left their jobs. Do at least three reference check calls to verify what you heard.

But beware! Merely hiring a great EA does not mean your working relationship will achieve ninja status. The rest is up to how you work with a ninja EA.

How should I work with a ninja EA?

When your new EA asks you questions, take a moment to provide context, review the bigger picture goals and ask what they would recommend you do. This onboarding exercise gives your EA a sense of your operating style and how you strategize and make decisions – whether you make risk-averse decisions, swift decisions or well-researched decisions.

Once your EA has been successfully “recommending” actions for a month that fit your preferences, consider moving your working relationship to the ninja level.

What is my EA doing at the ninja level?

At the ninja level, your EA is anticipating your needs, conducting proactive research, generating opportunities, deciding (where appropriate) which opportunities to accept and which ones to decline, solving problems rather than coming to you with problems and concisely summarizing what you need to know.

If you support your EA and express gratitude about the great job they are doing, then they will stay loyal and perform at the ninja level for years and years, and you will enjoy more success in your career and in your life.

Geoff Smart is chairman and founder of ghSMART. Geoff is co-author, with his colleague Randy Street, of the New York Times best-selling book Who: A Method For Hiring and the author of the #1 Wall Street Journal best seller Leadocracy: Hiring More Great Leaders (Like You) Into Government. Geoff co-created the Topgrading brand of talent management. He is the founder of two 501(c)(3) not-for-profit organizations. SMARTKids Leadership Program™ provides 10 years of leadership tutoring, and the Leaders Initiative™ seeks to deploy society’s greatest leaders into government. Geoff earned a B.A. in economics with honors from Northwestern University and a master’s and doctorate in psychology from Claremont Graduate University.

3 Ways To Improve Productivity In Your Business

Are you located in the right spot?

Sometimes good businesses go under because they’re in the wrong spot. They can’t keep or even hire the right employees because those people don’t want to live or work in the area the business operates. It’s just not ideal for their career or interests. If you find yourself in this position, then it may pay to figure out a more optimal location or determine how you can entice the ideal people to come to you.

Are you as organized as you should be?

Are you relying on memory to track down the location of paper files? These days, there are exceptional software solutions that keep businesses organized and able to work from virtually everywhere in the world. Boost your productivity with digital, cloud-based filing. In fact, a copy of everything should be on the cloud.

Are you using automated systems?

If you or your employees find themselves having to do the same tasks every day or every week, then look into automating those repetitive tasks. DocuSign is a good example. It allows you to automate the signing process so you don’t have to gather the relevant people in one room to take care of it. Smallbiz Technology, Nov. 26, 2019


How can you be a better leader for your team? A lot of it comes down to how you manage relationships. But in managing your professional relationships, there is one thing you need to excel at: being empathetic.

Research shows that those who are empathetic can better recognize the emotions of those around them. In a workplace setting, this can be invaluable. Something might be wrong, but it might not be communicated.

Practicing empathy and understanding others’ emotions can help you identify when something needs to be addressed. Addressing it can be as simple as asking, “How are you feeling?”

Leaders who show they are empathetic can also build more resilient teams. Empathy shows you care, and people respond to that. Care builds trust, and trust builds stronger, more cohesive teams. Inc., April 29, 2020


  1. Take inventory of the data you collect. Data is useless if you don’t know what data you’re collecting and why. Collect data with intention, review it, categorize it and make sure you understand it.
  2. Focus on data that makes the most sense. In theory, you can track everything. The more you track, the more overwhelming it becomes. What data is most relevant to your business goals? What data can you really act on?
  3.  Share the data with your team. As data comes in and is analyzed, share it with your team. They should also have an understanding of the data you collect and why. If you need to, then have some training to read that data. This way, you can discuss the data together, bounce ideas around and collaborate on how to get the most out of that data. Small Business Trends, April 17, 202