[Offer Grid] 📬 | Human Firewall 101: Train Your Staff to Swat Phish and Stack Cash Like Pros | Issue No. 18

Last week we unboxed the NIST CSF, peeked at two starter controls, and talked about PCI DSS to cover some of the payment card standards. 

This week I want to nod to email marketing (outgoing can be so much safer!) and email safety practices against (incoming) phishing emails.

The big takeaway? Frameworks, like NIST, are great tools but humans still click links. 

So let’s talk about how you and your staff can keep your business safe, while still using email for daily marketing to grow your business.

In fact, nearly three-quarters of CISOs (Chief Information Security Officers) name human error as their #1 cyber vulnerability.

You can actually hard-wire good security habits into your business faster than any Fortune 500 could schedule a kickoff meeting.

By the way, for those who don’t know computer networks: a firewall is a computer network security device that either blocks unwanted traffic, or lets in wanted traffic.

Well, we’re going to create a human firewall today.

We’ll build your basic Human Firewall in two simple layers:

1. Micro-Training Cadence. These are bite-size lessons that stick. Fun and fast.
   
   

2. Culture Hacks & Cheap Tech. Make safety fun, build momentum, metrics, and morale.
   

Plus: links to cool tools, like the Google Phishing Quiz and the NIST Phish Scale so you can start testing the troops right away.

Along the way I will make some comments about your outgoing email program. 

Because email should be the backbone of your business’s success.

This means you and your staff will be spending more time in your inbox.

I want the time you spend in email to be efficient. And this means new and better email habits.

The short answer is, “Don’t click that.” But there’s more. So. Much. More.

We’re pros around here, right? Let’s put together a program that enables you to do outgoing and incoming emails with confidence.

So have a seat, flick your phone to “Do Not Disturb,” and let’s spend the next few minutes together turning your crew into click-proof champions.

Micro-Training: Small Sips, Not Firehoses

Rule of thumb: 5 minutes a week is way better than 1 hour a quarter.

🗓️ Cadence Blueprint

It’s true. The humans you employ will do far better defending the empire with just a few minutes a week in training.

They surely don’t need (or want) an hour-long presentation where they have to try to stay awake through some droning display of technical drivel.

Besides, I’ve had employees at various points in my 20+ years in business. I know you don’t want your team spending a ton of time in training. You want them working and making money for the biz.

There are resources to help you. Here’s a one-month example that produces weekly training, and takes less than a half hour across the whole month:

Repetition cements reflexes.

🧪 Instant Practice

Are you in to extra credit and you want to get a PhD in phishing? Then this is for you:

NIST Phish Scale. A 47-page document that goes into incredible depth, to rate how tricky phishing email is. This is NOT light reading. But if you want to master phishing analysis, this doc is your go-to.

Staff should share any phishing emails found.

I love the expression, “Daylight is a great disinfectant”. Every phishing message shared is an opportunity to train everyone. Shining light on the evil really knocks the boogers right out of it.

Pro tip: After each simulation, ask two questions, not one:

1. Did you click? (binary)

2. How confident were you? (1–5 scale)
   
   The second question exposes “lucky guesses” and guides future lessons.
   

How About Outbound Emails?

Now we’re talking. I love selling and building business relationships by email.

When you own your email list you’re in charge.

From a safety perspective, having an email list means you have great power.

But just ask Spiderman. He knows. “With great power comes great responsibility.”

You’ll need to keep your list in a secure fashion.

You’ll need to assure your list members of privacy.

Privacy measures continue to proliferate. 

GDPR dictates privacy in the European Union. If you sell to people in Europe, that means you.

HIPAA dictates health information privacy in the U.S. If you manage personal health information (PHI) of individuals in the U.S., that means you.

California’s CCPA was the first state in the U.S. to enact privacy legislation.

North Carolina is currently working on its own privacy legislation. U.S. states continue to roll out their own differentiations to privacy legislation.

We have to comply to be able to do business in these states.

The short and easy answer is that we have to keep our customer lists secure, and if someone says “let me out” we can’t joke around. Out means out.

From a business perspective, you don’t want to waste resources (email bandwidth, good will, or any other resources) emailing people who don’t want to hear from you anyway.

Email inboxes are generally self-cleansing. Use this to your advantage in practicing excellent email best practices.

Want to make sure your email marketing program is going to make you money, and that your staff is always trained in the fundamentals of cybersecurity so you never have to worry about losing money, data, or have hackers take over your business in 2025?

Well, that’s kind of a big promise. 

But my clients have been targets of over 200 business email compromise attacks over the past few years. Working with me, they’ve had ZERO breaches.

I’m proud of this stat, and even more proud of their safety and what they’ve learned.

In addition to their email safety records, we also worked on some pretty cool email marketing campaigns.

These turned into pretty big paydays, too.

Want some of this for your business?

I’m opening up some time slots on my calendar to do consulting calls. I’ll work with you on your customized blueprint around your email marketing and email security outcomes that will keep you strong and safe for the next 12 months.

Ask yourself two questions:

1. What would happen to my business if an attacker got into my business via email? (I’ll give you a hint: the stats show that attackers on average get over $120,000 per small business phishing attack. Can you afford that kind of hit?)

2. What would happen to my business if I could increase revenues, without increasing marketing costs? What would, for example, a 30% increase in revenues do for your bottom line?

I want to create a completely custom program for you. So here are just a few of the topics we can touch on:

• We’ll uncover list management best practices.

• We’ll create a custom anti-phishing program no matter how many employees you have (or don’t have).

• We’ll map out an email content plan, which includes what to say, don’t say, and how to get the most mileage out of your images.

As I said, this is a completely custom program. It’s just me and you (or me, you, and a team member).

We’ll meet for at least one hour, but leave yourself extra time. My consults always run long.

To get this completely customized program, it’s $1500 USD.

Why is this a good deal?

Because look at how much you’re making using email right now.

What if your email list earned you 33% more dollars, and cost you nothing in phishing attacks?

Go ahead and book in here.

And here is a sweet bonus.

The same $1500 counts toward all future courses I create. The money you spend in getting this custom email program gives you the exact same amount in credits on future courses.

That’s like getting a free VIP ticket into the club. No waiting. No shakedowns by bouncers at the door. It’s a coupon code that makes the next $1500 in courses that I offer absolutely free to you.

Not shabby.

I like it when my money works for me twice. Don’t you?

So go ahead and book in here.

Spots are limited. I can only keep my calendar open this wide for the next three weeks. After that, my time will be quite limited.

If you’re reading this issue in the future you will have missed out.

Use this publication date as a reference. Cart closes Jun 13, 2025. I’ll take down the link and I won’t open this offer again until some other time I haven’t decided on yet. It’s so far in the future I can’t see it from here.

Hey. Are you still reading?

OK, I get it. I can give you more.

How about a guarantee?

You book in. We meet. We go through the details, the minutiae, the gold and the dross. You have a complete road map and plan to master outgoing email and manage your inbox in safety. And… you don’t like it. You don’t like me. You got GERD from the whole thing.

Then, my friend, you get a refund.

Just email me and tell me you didn’t like it. You have 48 hours to exercise this option.

But I can do even better.

If you do all we come up with on our meeting and you still don’t think the call was worth it… just show me what you did. Show me what steps you took in 2025 to work on our plan. Compare it to our plan we came up with on the call. No bueno? You get your money back. You can use this option until December 31, 2025.

That’s it. That’s my offer. It’s big. It’s crazy big.

I am so committed to building safety and making big cash with email, that I’m creating this offer to make sure you get there ASAP.

I can’t stress enough that this offer is limited. After midnight PDT, June 13, 2025, the offer comes down and doesn’t reappear again for a very long time. If ever.

You can book your time here.

So that’s it for this week. I’m excited to keep going on this making money safely tear that we’re on.

The interwebz should be a safe space for all.

So let’s be careful out there! (Any Hill Street Blues fans here?)

Talk soon,

Amy