Ransomware as a Service and Risk Training

RaaS, Ransomware, and Training June 2020

Ransomware as a Service – RaaS …yes, you read correctly! Attacks are growing. Hackers are more blatant. So brazen that they need help and are hiring! The dark web is now the recruiting tool. Hackers need help collecting the money while they move onto setting up the next attack. Think of it as admin help or the accounting function.

This quote from the NY TIMES February 2020 shows that Small and Medium Size Businesses (SMB) are vulnerable and need to be vigilant.

“Ransomware attacks have also caused a number of small and medium businesses to shut altogether, like Colorado Timberline, a printing company with a few hundred employees near Denver, and Brookside ENT and Hearing Services in Battle Creek, Mich., a 10-person medical office.

“I was suddenly retired and I didn’t want to be,” said Dr. William Scalf, one of two doctors at Brookside, which closed in April after failing to recover its medical files from hackers who demanded $6,500.”

$6500 was all it took to close down a medical office.

   So how do you stay vigilant?

Osama Tahir’s recent blog quotes several thought-leaders and cyber security experts including Al Marcella, CISA, CISM in the need for employee training and what to include in an effective training program. Tahir sites this statistic, which shows that organizations are not protecting themselves from today’s largest threat to business.

According to a report published by Chubb, only 31% of the employees surveyed reported to have received company-wide cyber security education and training.

Read Tahir’s BLOG.

ABOUT Madeline Parisi & Associates LLC

We help organizations stay in business given today’s world of cyber threat opportunities by understanding risk, and knowing how to manage and mitigate risks. We guide organizations with training and comprehensive written training materials to identify threat actors and malicious activities like ransomware, and how be alert to scams that have impacted many businesses large and small. A key component to accomplishing internally is leadership and communication. Being vigilant is a top-down process. Training includes face-to-face when available. Content includes:

  • Cyber Security
  • Risk Management and Risk Mitigation
  • Managing (or Starting) a Compliant Commercial UAS (drones) Program
  • Leadership
  • Interest-based Leadership (Communication)
  • Audit and Security Study Materials

Visit the SHOP to see what white papers and guidance is available.

Commercial UAS (drone) Program – Risk Management and Mitigation

UAS Commercial Program Risk Management

June 2020 – Mesa, AZ

Commercial UAS Program – Risk Management and Mitigation

Businesses large and small see the benefit to UAS/UAV technology. But is the business thinking about associated risk in establishing and maintaining a Commercial UAS Program as a strategic business tool?

As growth in this area continues, managing and mitigating risk to an organization becomes essential, and organizations must be ahead of the potential problems.  So, noncompliance is costly.

In developing and managing a Commercial UAS Program, questions regarding the type of data collected and data storage need to be discussed along with privacy questions about the specific data collected. To manage and mitigate the risk of a UAS/UAV cyber attach and associated risk management, a 40+ page White Paper and other guidance documents for a Commercial UAS Program has been developed for 2020. An entire section in the whitepaper is dedicated to “Access without Authorization” and Global Navigation Satellite System (GNSS) spoofing.

An organization’s UAS Operations Manual is directed to the organization’s management and UAS flight team members. And, enable them to safely, legally, effectively and efficiently operate and manage, day-to-day UAS activities associated with accomplishing the organization’s strategic use of a UAV platform.

Have you started or are considering a commercial Unmanned Aircraft Systems (UAS) program?

Have you considered how to manage your UAS program? This template provides guidance and is an example of areas that should be considered in operating an UAS platform. The template, which is not intended to be all-inclusive, offers you a basis to customize an internal Operations Manual (OM). Additional resources, such as but, not limited to, Federal Aviation Administration regulations, pre-flight safety checklists, aircraft manufacturers’ approved flight manual, other organization policies, procedures, guidelines, forms, documents, etc. should be used to customize and develop an organization’s own, internal UAS operations manual.

The author of the white paper and additional guidance is Dr. Al Marcella, President, Business Automation Consultants, (BAC) LLC. The whitepaper, “Unmanned Aircraft Systems (UAS): Assessing Business, Operational and Security Risks,” addresses the changing market for UAS technologies, operational security and risk issues along with compliance and audit procedures. Organizations must consider this when operating a UAS program, in a commercial environment.  To assist organizations in developing a more efficient and better controlled UAS program, Dr. Marcella has developed a UAS Operations Manual (OM) Template. This document provides an example of the content areas and associated details that an organization should develop and have in place, when maintaining a UAS program.  Dr. Marcella’s 270+ question UAS audit checklist will assist organizations in assessing security, risk and compliance issues related to operation of their UAS program.

Get a free download

of an extensive list of UAS Terms & Definitions is also available. Excerpts of all documents are also available. Titles may be purchased individually or as a bundle, and in quantities for corporate, school, or industry meeting use. Licensing and private label options are also available by contacting

Blockchain …Block What?

Some changes are subtle. Some changes are disruptors. Blockchain is a subtle disruptor.

I have been working recently to understand  blockchain, despite the fact that it has been around since 2008. At first dismissing it because it seemed only relevant to Cryptocurrency, I realize this has the potential to change many industries, even eliminating several professions.

At a recent dinner with friends, as the bill came and everyone pulled out credit cards, I made the comment that as cash has gone, so too will credit cards (A real tragedy for me as I am one of those travelers who pays for entire trips with miles and points!). I started talking about blockchain, and not one person knew the term or concept. So here is my Blockchain for Unaware i.e. an overview in lay terms.

Although some of the terms are very familiar in an accounting and finance environment, they are used here in different ways. Blockchain is a decentralized, shared, digital ledger structure. Essentially a group or groups of information that is connected to a specific matter. The blockchain system provides a means for information to be shared among multiple parties, but the information may not be altered. Each transaction is digitally stamped and attached to a block of existing data, which becomes a chain (of data). The authentication is between the parties, or a group, involved in the transaction. Once all parties verify and agree on the transaction, the data is stored on each user’s device. The transaction is transparent and easily reviewed, and creates an audit trail.

This process eliminates external third parties and the third-party authentication process. It becomes a faster and less expensive way to transact business, and some may argue a safer way. Although we have learned that nothing is impenetrable, and that anything may be hacked, a hacker must bypass the encryption, not just on one system or device but, on the devices of all the participants in the transaction. In addition, information must be authenticated by multiple parties – no single person or entity operates alone. Because of this, it is more difficult to penetrate and any breach or intrusion may even be spotted earlier in the process and thwarted.

How will some of the industries we know so well change or possibly be eliminated with the explosion of blockchain? Here are a few to consider:

Audit/Auditing – Not going away, but certainly changing! As noted, blockchain still creates an data/information trail and transaction compliance will continue to be required. The need for auditors with more IT knowledge and experience will rise. It may lead to a more synergistic relationship and support between the business operations, systems, and audit, and may even lead to auditors as part of the development team, a role not often seen.

Credit Card Processing – Why a separate service? Transfer funds between users directly from your smartphone or other device. Each user has both a public key and a private key. The public key is given out for the transfer of funds or data from one user to another. Only an individuals’ private key may release funds, with all authenticated, in real-time, and at no cost. With much of the credit card processing happening through banks and providing a large revenue stream, the move to blockchain makes this a financial risk for financial institutions and credit card processing services.

Financial Institutions – Transactions including documents and currency may be transferred to another connected user without a financial institution facilitating the transmission. Property rights? Mortgages? All that paperwork to verify. With all the functionality in the blockchain process and significantly less transactional time, the transactions will occur without the need of multiple hands in the process. Remember the late 90’s when any Conference worth its weight had to include a session on “The Paperless Office” and, then we realized it’s really “The Less Paper Office”? Blockchain may help us get to that paperless office.

Home Mortgage – Each mortgage becomes its own block. The parties involved (and there are many) all share the same chain of information with everyone who is a part of that block. Rather than multiple sources generating independent files and documents and on separate systems, all information involved in the transaction is stored in one place. Only the participants involved in the transaction have access, and must sign-off i.e. validate the transaction. This will expedite processing time, create a common documentation trail and audit trail, and is more secure than information on multiple networks where security levels are uncertain.  The impact on real estate transactions is anticipated to be one of the largest changes.

Legal – This may be one of the professions seeing the greatest impact. Think contracts and legal documents, and recording them in the proper location, secure storage and destruction, the time and cost. Now think about a rising and a soon-to-be rising demographic that lives in the NOW! and grew up in front of screens learning how to do everything themselves. Law firms will experience the change for many of the same reasons in Home Mortgages – number of partieso the proc involved in a single matter, data and documentation created, and most importantly is the time the current process takes.  Next question is how does this impact billables? Law firms and legal processes will need to adapt. The questions is “Are they even thinking about it?”

Notary Publics – Most useful when a signature or a document must be validated. Blockchain provides an internal validation process as well as a time and date-stamped transfer plus storage for transaction.

Will there be emerging industries for blockchain?

Disaster Aid/Relief – Often relief aid does not make it to the needed geo-location and once at the location, those in need have no documentation to release the funds and/or supplies. Mismanagement and theft also keep needed relief from the intended recipient. Blockchain verification will eliminate the distribution backlog, and because of the authentication amongst the parties in the transaction, it will eliminate the misappropriation of funds or supplies. More participants in the aid process will be held accountable for the funds or supplies. (It was reading a Fast Company story about this particular use that peaked my interest in finally understanding the blockchain concept.

Intellectual Property – Part of the Legal changes, but also becoming its own market. The digital age has made sharing commonplace. Record and share; download and post. Companies brazen enough to stream without royalties and no one seems to be concerned – unless, of course, you are the author or artist. My crystal ball says that the entire patent and trademark system, as we know it today, is in for a massive restructuring, and blockchain is well-positioned to accommodate the need.

Miners – The term for authenticators in the blockchain transaction, which may create a new cottage industry! And then the cycle begins again, with a new platform and new terminology, until the next biggest disruptor comes along.

Madeline Parisi & Associates (MPA), is a registered Women Owned Business (WBE) located in Barrington, Illinois. The primary goal for Madeline Parisi & Associates is to match your training and consulting needs to the proper provider to ensure we exceed your required goals and outcomes. Contact Madeline Parisi at

Manage YOUR Social Media Accounts Before You are Unable

It’s not something most people think about when setting up social media accounts or when estate planning activities begin. However, like all of your other assets, you do have an opportunity to control your social media presence after you stop being social. Some sites provide a process for you to designate someone to manage your accounts after you are incapacitated or upon your death. Others have a process for reporting, but without your ability to establish your designee. Here is information on some of the more popular sites.

Google makes it easy via your Inactive Account Manager settings. View or change your settings at Google already has a process to notify your designee when an account is not active for a specified period of time – you pick 3, 6 or 9 months. First Google will notify you 1 month prior to the inactive period deadline.

On this page with a few easy clicks, you can instruct Google to notify your trusted contact/s and allow them to access the data you identify. Just enter the person’s email and contact phone. You can list up to 10 people. Google will not share log-in information or passwords, but this is a way to ensure your data – those treasured pictures or family emails or business items, and more – are saved. Google will work with family members or a representative to remove your account, if requested.

Facebook also has a legacy option, which you will find under the Settings option. Again, this is a person you choose to manage your account upon incapacitation or death. They can pin a post on your Timeline, respond to new friend requests, and update your profile picture (Hmm). They cannot post as you or see your private messages. Select Manage Account and then add the contact information for your legacy rep. You are also able to select if they receive a notification that they are now your designee.

Twitter has a request process and a form to deactivate an account upon incapacitation or death of the account owner. This is obtained at

Instagram provides another option, which is a bit different – it will memorialize the owner’s account upon notification. There is also a process to remove an account. Visit

Pinterest also has a process to deactivate an account. Visit

Note that in cases where you do not identify the designee, proof of death and proof of your relationship to the account owner is required.

There are many more social media sites. Search settings for more information for other social media sites that you may use. More importantly, think about this as part of your assets, so you can manage this in your will and estate plan, and identify your legacy representative.

Madeline Parisi is Principal and Founder of Madeline Parisi & Associates LLC (MPA), located in Barrington, Illinois.  MPA specializes in business training and professional development, training material and content development, and meeting facilitation that will get you to deliver products and services faster. Madeline brings extensive knowledge and skills from experience in various industries including financial and credit management, law firm management, and IT audit, security, risk and governance.


Recommending and Using IT Audits in Your Managed Services Program?

If not, from an advisory-services perspective including an IT audit as part of a managed services client package is an often-missed opportunity to add value to your clients.

These audit needs to be conducted independently of any managed service provider or web hosting provider. The audit may be annually or as frequently as the client requires, making this a great discussion to have with your clients. Your clients may have governance and compliance requirements, but more importantly their clients may require all vendors perform specific audits. While talking with clients about their managed service’s or web hosting needs, be sure to ask about audit needs.

Although there are many types of audits available, here are seven to consider as part of a managed services or web hosting package.

Client/Server, Intranets, and Extranets Audit

An audit to verify that telecommunications controls are in place on the client (computer receiving services), server, and on the network connecting the clients and servers.

General Controls Audit

An audit to review the generally accepted controls across all information systems implementation. This might involve systems development, systems operation, maintenance of systems and application security. It might also include a general control review of operating systems, a security software tool, data center security review and policies and procedures compliance.

Information Security Audit

An audit to assess how the organization’s security policy is employed. It is part of the on-going process of defining and maintaining effective security policies. Security audits provide a fair and measurable way to examine how secure a site really is.

Systems and Applications Audit

An audit to verify that systems and applications are appropriate, are efficient, and are adequately controlled to ensure valid, reliable, timely, and secure input, processing, and output at all levels of a system’s activity.

Information Processing Audit

An audit to verify that the processing facility is controlled to ensure timely, accurate, and efficient processing of applications under normal and potentially disruptive conditions.

Systems Development Audit

An audit to verify that the systems under development meet the objectives of the organization, and to ensure that the systems are developed in accordance with generally accepted standards for systems development.

Disaster Recovery/Business Continuity Audit

An audit to evaluate documented processes and procedures for information systems’ disaster preparedness, resilience and compliance and to evaluate the continuance of key business functions in the event of a disruption. Assessment of controls in place to verify that a disaster recovery plan exists and is properly filed.

Contact Madeline Parisi for more information.

Madeline Parisi & Associates LLC (MPA), is a Women Owned Business (WBE) located in Barrington, Illinois. Our Mission Statement is simple – To help organizations identify and recognize missed opportunities or pain points, and to provide business training solutions that help the organizations’ individuals and teams improve performance, and ultimately increase ROI. 



How to Get Clients & Build Your List from Every Talk You Give

You’ve heard it many times… Give talks and you’ll get clients.

And it’s true that speaking is one of the fastest (and cheapest) ways to build your list and get amazing clients that you’ll love working with.

But the sad truth most coaches experience when they give talks is… they give a talk and don’t get the results they want.

Not many people sign up on their list.  And even less become clients.

There’s a reason for this.  And it’s not what you think.

It has nothing to do with you, the presenter.

It has nothing to do with your outfit.

Or your shoes…

It has EVERYTHING to do with your talk structure!

So today Alysa Rushton, international presentation skills coach and creator of the Get Clients With Speaking System is sharing some key tips to structure your talk so you can BUILD your list and GET clients – with every talk you give.

Tip 1:  Start with your offer

Having an offer is the basis for your talk.  Without an offer, your talk will fall flat.  People are coming to your talk to solve a problem so your offer should solve a main problem for your audience and your talk should be structured around your offer.

There are a few types of offers you can try, in order from easiest to hardest…

Free Gift Offer:  The free gift offer solves a main pain point for your audience and is typically a piece of digital content; a pdf, mp3 or video.  I recommend giving this gift an actual price and let people know what the price is. Then give it away. That way people see and feel the value.

Strategy Session Offer:  This is where you invite people into a strategy session and then upsell them to a program of some sort.  You can offer a paid or a free strategy session. This is great for beginners but is also such a wonderful technique that master-level coaches still use it.

Easy Yes Offer:  The easy yes offer is a lower priced offer (usually under $297.00) that you make when you’re in front of a live group or on a webinar.  It’s called an easy yes because it’s priced in such a way that people find it easy to say yes to.

Pro Tip: Over at Get Clients With Speaking HQ, we recommend having two offers on your order form at all times, one free and one paid. The free offer will build your list and the paid offer will get you clients and make you some money!

Tip 2:  Follow the 7 Step Signature Talk Formula

Having a structure for your talk is crucial because it will help you lead your audience somewhere – to your offer.   Most talks fail to convert into clients because the presenter is overwhelming their audience with way too much information.   And that leaves the audience overwhelmed and unable to move forward with you.  You can solve that feeling for your audience by following this super simple talk formula.   

The 7 Step Signature Talk Formula:

  1. Meet and greet
  2. Powerful opening
  3. Your story
  4. The content
  5. The gift
  6. The offer
  7. The wrap-up

To see exactly what to do at each step, download the full 7 Step Signature Talk Formula here.

Tip 3: Set your energy to be of service

When you have a great offer and follow the 7 step signature talk formula the only thing left to do is make sure you set your energy to be in service.  You do this by intending to come from the heart and deliver value to your audience.  The audience will feel your energy!  You’ll get more clients, more leads, more invitations to speak, more partnering & JV opportunities when you set your intention to show up and serve from the heart.

My travels along the way …Millennials, take the Initiative!

So much has changed …good? Bad? Neither, just different? I was talking with a neighbor the other day who mentioned planning a trip to Hilton Head, SC. I always smile and chuckle when I think of my trip to Hilton Head. My one and only trip there and although I loved it, there has just been no time or opportunity to go back.

It was my first business meeting. I was maybe 24 or 25 (ah, yes!) and living in Chicago. Getting to Hilton Head is not that easy – then or now. Fly into Charleston and then decide if it’s a puddle jumper to the island, rent a car and drive the bridge, or sign up for a (dreaded) shuttle service. Remember, this is pre-Uber.

My company trusted me to go to this meeting and represent them with all the other BIG players in our industry. I wasn’t going to whine about transportation, or ask for someone to layout a plan for me. It was part of my responsibility to figure it out. Actually, it never occurred to me to have someone else figure it out. Decide …puddle jumper? Car rental? Or, the shuttle? Done.

On the plane I noticed the man next to me and another across the aisle reading the agenda and material for the very same meeting. With that, I introduced myself and we all began talking about the meeting, who we knew, the value of the meeting, and next thing I knew, I was invited to drive with them to the Island. Although I had a plan, I cancelled it (pre-cell phone), and took this one as it allowed two people to get to know me before walking into the meeting. The meeting started that night with a social reception, and now I had people with whom I could talk when I arrived, and they could introduce me to others in the group.

The second reason I smile when thinking of this meeting is that I was the ONLY woman at the meeting – the only woman representing a member company, and it remained that way for several years. I am pleased to say that I cut my chops on my own initiative and wish that was instilled in more people today. There’s a real sense of satisfaction on reflecting back and saying I figured it out and it was all good. And even when it wasn’t all good, I still figured it out.

I read a lot of stories about millennial in the workplace and their wants and expectations. There is very little talk of individual initiative. Teams are great in problem solving. They create an environment for group-thought, especially when they are diverse and everyone brings a different problem-solving skillset and style to the table. Yet, the reward and self-satisfaction of a job completed using your own initiative can’t be beat.

“Oh No!!! They just made me a project manager!” Here’s what to do…

A lot of very successful project managers started their careers by being thrown into the role just as everything falls apart on the project.  Usually, projects falling apart is the first observable sign, to the casual observer, that a project manager is needed to lead a project. It means your first foray into project management begins with project recovery.  Oh… how nice it would be to have been to be there at the beginning.  Too bad, so sad, maybe next time.  Let’s wipe that look of being a deer in the headlights off your face.  Here are some first steps for taking on this new role.

Educate Yourself: 

Find at least three project management books that are short or very easy to flip through to find guidance on Work Breakdown Structures (WBS), creating plans, and risk management.  There are hundreds of project management books, the mother of all of them is the PMI’s PMBOK® (A Guide to the Project Management Body of Knowledge).  It won’t be much help at this very moment but if you’re going to be doing this for a while it’s a must have reference book.  Join online project management groups and ask questions.

Define the Basics:

The Team: There will be a team of some sort identified. Establish who is either doing, or directly managing those who are doing, the work. This is your core team. The others are there for status updates; they are a kind of extended team for now. Immediately split this group up or you may never get anything done. Nothing personal, just two different objectives. My first team on one large scale project recovery had 27 members. NIGHTMARE!!!! Publish a schedule of the core team meetings and if necessary the extended team updates. With luck you can eliminate the second team with a reliable status report.

The Problem: This is a bit trickier. The problem sometimes appears to be that the project is late, because it’s not meeting milestones. This is a symptom, not the problem. Find the document outlining the plan, if there isn’t one, that’s a problem. Determine if the right resources are accountable for what needs to be done, it’s a part of the plan, again, if there isn’t a link to the resources needed, that’s a problem. Ok, you get it, most often the problem is that there isn’t an integrated plan outlining what the product of the project is, the work that has to be done, and the resources (the team members, the budget, and any facilities) needed to get the project done.

The Constraints and Requirements: What has to be done and by when. Now, as a PM you must ask “Why?” You have to understand the purpose of the project and its alignment to the final product (or service or process). Sometimes deadlines exist for very important reasons, sometimes they are targets. Understand what is negotiable, and what absolutely is not – know why.

Work with an expert:

Find a PM mentor in your company, one that will facilitate some initial meetings for you so that you can hit the ground running. If there isn’t a real expert in project management, go find one. Here is a quick test.  Ask them what is in a project plan.  If the answer describes a schedule, they’re not an expert.  It is part of it, but it certainly isn’t all of it. You will need to have planning sessions to understand the work to be done by the people who do that work. This is a larger group than your core team. You will identify and create response strategies to the risks they identify and differentiate them from the issues you are currently dealing with. Know the difference. For a small project these meeting might take around three to four hours.  For larger programs it could be up to four days.  There’s no time to develop the expertise – get an experienced project manager to facilitate, then learn as you go for next time… Yes, I’m afraid there will be a next time… and another…

There are a lot more things to be done of course, this is just a start – good luck.