Cash in the Cyber Sheets: Making Money From Being Secure & Compliant

#77: The Digital Defense Playbook for Parents: How to Keep Kids Safe Online

In this episode of Cash in the Cyber Sheets, we’re trading ransomware for real parenting — because the biggest threat some families face isn’t just phishing emails, it’s predators hiding behind screens. This week, we’re talking about keeping your kids safe online without turning your home into a surveillance state or making every digital moment a standoff. You’ll get a practical, parent-tested playbook to reduce risk, build trust, and keep communication open. Here’s what we cover: * How to set clear rules and smart tech boundaries that grow with your child. * Why knowing your kids’ passwords could be the lifeline that saves them in an emergency — and how to balance that with privacy using the “family envelope” method. * Why family contracts aren’t lame — they’re structure, clarity, and accountability rolled into one. * The surprisingly effective “no devices in bedrooms” rule and why it might be your new favorite bedtime policy. * How to help kids spot predators, fake profiles, and bad actors before they get in too deep. * Creating an environment where your kids actually talk to you about what they see and experience online. We’ll also dig into the awkward but critical topics: body boundaries, consent, and how to talk about them without turning your kid’s face beet red. As always, this episode is packed with real advice, relatable stories, and security smarts with a side of dry humor. 💡 Download the free eBook: Protecting Children Online  [https://www.inputoutput.com/protecting-children-online] — your full guide to raising safer, savvier digital citizens. This is our last episode of the year, and we’re taking a short break to retool, refresh, and relaunch Cash in the Cyber Sheets in 2026 with a sharper, more interactive format. Stay tuned for what’s next — and in the meantime, stay safe, stay curious, and keep your kids’ devices out of the bedroom.

#76: Read The Fine Print: 3 Traps That Kill Cyber Insurance Claims

In this episode of Cash In The Cyber Sheets, we unpack three clauses that quietly decide whether your cyber insurance pays when it counts. No scare tactics, just the fine print you actually need to verify before a breach becomes a bill. First, waivers of subrogation. Your vendors love them. Your contracts team signs them. Your insurer may not. We explain what a waiver of subrogation does, why it can block your carrier’s right to recover from at-fault third parties, and how that can boomerang into reduced coverage or conflict with your policy conditions. We also walk through the practical fix: coordinating language between your vendor agreements and your policy so a well-intended waiver does not accidentally undermine the very coverage you bought. Think alignment, not after-the-fact apologies. Second, acts of terrorism and acts of war. Two phrases that look similar on paper but can be treated very differently in your policy. We break down how carriers distinguish terrorism from war, why some policies reference government determinations, and how that impacts cyber events that have geopolitical fingerprints. The point is not to debate headlines. The point is to understand what your form says, so you know when you are covered, when you are excluded, and when you should push for clarifying endorsements before renewal. Third, definitions. This is where companies get surprised, and where one organization recently saw a claim denied. Definitions drive everything from what counts as an “occurrence” to what qualifies as a “security failure.” If your loss lives outside those defined terms, coverage can evaporate. We outline a simple reading plan: print the definitions section, highlight any term that appears in insuring agreements or exclusions, and compare those meanings to how your team uses the same words in incident response plans and contracts. If the policy says “computer system” but carves out certain hosted environments, you need to know that now, not mid-investigation. If you have a renewal coming up or a vendor insisting on broad waivers, this episode is your quiet nudge to pause, read, and confirm. Your future self, accountant, and caffeine budget will thank you.

#75: The Two Email DNS Gotchas Costing You Deliverability

This shorter episode gets right to the point. We cover two high-impact issues we keep finding when helping clients clean up email deliverability. First, DKIM selectors. Too many teams set up one selector for one sending platform and forget the rest. Then messages from a marketing tool, ticketing system, billing platform, or CRM either fail to authenticate or limp by with soft fails that chip away at the domain’s reputation. Second, explicit subdomain records. For years many providers accepted a single set of records at the apex and quietly inherited them across subdomains. That is no longer a safe assumption. More vendors now expect explicit SPF, DKIM, and DMARC at the exact subdomain that sends, which means domains like mail.example.com, marketing.example.com, or help.example.com each need their own entries. We explain how to verify all required DKIM selectors, how to name and rotate them safely, and how to map each sender to the right selector. You will hear practical tips for 2048-bit keys, long TXT handling, and what to do when you have multiple senders behind the same envelope. We also outline why DMARC alignment depends on the right selector and how a missing record can make your alignment look wrong even when the signature is technically present. On subdomains, we walk through the common inheritance myths, when to set an explicit SPF with proper includes, when to publish subdomain DKIM keys and how to avoid copy and paste mistakes, and how to deploy a subdomain specific DMARC policy that respects your global policy while giving you the data you need. We share telltale signs that a subdomain needs its own records, such as vendor error messages, mixed alignment in DMARC reports, or inconsistent pass rates between platforms. Before you send the next campaign, run a quick audit using our free tool: https://www.inputoutput.com/email-deliverability-tool  [https://www.inputoutput.com/email-deliverability-tool]. It checks the basics and gives you a clear path to fixes you can implement in minutes. If you are a business owner, MSP, or the unofficial email firefighter on your team, this episode helps you prevent false spam flags, reduce bounces, and protect brand reputation. Fewer surprises in the DNS layer means more messages in the inbox, fewer headaches, and a friendlier relationship with your marketing calendar. Short, sharp, and very fixable.

#74: No Breach, Big Trouble: FCA Risks in Healthcare

Cybersecurity headlines love a good hack story. This week, we talk about something far sneakier that can cost you plenty even when nothing gets “hacked.” On Cash in the Cyber Sheets, we unpack how the False Claims Act can bite health care organizations and vendors when their compliance story does not match reality. Translation: you can be on the hook for big dollars without a single compromised record if your security attestations, certifications, or program claims are inaccurate. That is not a typo. No breach. Still massive exposure. We walk through real enforcement patterns where the government alleged false attestations tied to federal health program dollars. Think Meaningful Use incentive attestations about doing a proper security risk analysis, or software certification claims about logging and controls, or contract compliance certifications around cybersecurity safeguards. In each theme, the common thread is simple. Money flows only when specific conditions are met. If you certify that boxes are checked when they are not, the False Claims Act turns into a very expensive compliance teacher. For medical practices, this is especially relevant. Many assume HIPAA risk equals “what happens if we have a breach.” Important, yes, but incomplete. The bigger blind spot is whether your documentation and certifications accurately reflect the controls you say you run. Do you actually conduct and review your risk analysis at the depth required, or is it a quick once over with a template? Are your technical controls implemented as described in policies and vendor attestations, or are there gaps that would make those statements misleading? Are you relying on your EHR and other vendors to carry the compliance water without verifying their claims and your obligations as a program participant or contractor? We break this into practical takeaways you can act on. How to scope and document your risk analysis so it is more than a checkbox. What to ask vendors about certifications and test conditions before you trust their marketing. How to align policy words with operational reality so your attestations are truthful, specific, and defensible. We also cover how to prepare for auditors and investigators who will request evidence, not adjectives. No scare tactics, just straight talk, clear steps, and our usual professionally playful commentary to keep the compliance caffeine flowing. Bottom line for this episode. False Claims Act exposure can arise even when no breach occurs. Your best defense is disciplined documentation, controls that actually run, and attestations grounded in verifiable evidence. Bring your compliance team, your practice manager, and yes, your EHR rep. Everyone has homework after this one.

#73: Cyber Insurance Review For Real Life

Think your cyber insurance has you covered? This episode pokes at the fine print that turns big promises into small payouts. We spotlight the exclusions that quietly gut claims, the sublimits that disappear faster than you can say “forensic invoice,” and the vendor clauses that spread your limits across more parties than you bargained for. What we tease out: * The exclusions that look routine but erase coverage when it counts. * How “shared” limits get sliced among you, vendors, and associates. * A quick, practical way to ballpark how much coverage you may actually need. * What subrogation can do to your vendor relationships after a payout. You will hear plain-English takeaways you can act on during your next renewal. Expect clear examples, simple checks you can run in under an hour, and a few dry laughs at the expense of legalese. The goal is simple. Stop paying for coverage that vanishes at claim time. Start asking the questions that turn your policy into a real financial backstop. Listen if you sign renewals, answer to a CFO, support clients as an MSP, or just prefer not to discover gaps during an incident. Bring your policy schedule and a highlighter. Leave with a sharper view of what you actually have and what to fix before someone says, “We thought that was covered.”