41. High-Stakes Divorces and Cybersecurity - with Jonathan Steele
Welcome everybody to episode 41 of UnHacked, where we empower busy and overwhelmed business owners, the outsmart Russian hackers. Guys, we talk about it all the time, the basics, the best practices. This is where it starts. Here's a sad truth. Ninety seven percent of the breaches that we read about in the news were preventable.
Justin:Basic security measures is what it takes. Once you get hit, you never truly can't get unhacked. So, that's what we're here for. We are going to well, today, we're gonna kinda demonstrate the fact that you can't get unhacked because we've got a special guest I can't wait to introduce. Before I bring him up, we'll bring up the regulars.
Justin:I'm Justin Shelley, CEO of Phoenix IT Advisors, and I work with businesses in Texas, Nevada, and Utah helping them to prevent financial loss from cybercrime, government fines, and, you know, class action lawsuits. Got an attorney today, so I'll be careful about that one. But that's the new trend. Right? We're getting sued.
Justin:On top of getting breached, we're getting sued after that. And, maybe, Jonathan, you'll share some wisdom there as well. Anyways, that's what I do. Brian is not here today. He's AWOL.
Justin:Hopefully, he'll be with us next week. But Mario, our regular, as always, here with that smiling face. Mario, tell everybody who you are, what you do, and who you do it for.
Mario:What's up, guys? Mario Zaki, CEO of Mastech IT. We service, small to medium sized businesses in the New Jersey and New York area. We've been in business for almost twenty one years now, and we try, you know, same as, like, what Justin said. We try to keep small businesses, protected, and, you know, we specialize in having CEOs sleep better at night.
Justin:I love that. We need it. We need that sleep. I don't get a lot of it. Anyways, alright.
Justin:That's, that's me. That's Mario. And now, guys, thrilled to introduce Jonathan Steele. So this is, this one kinda threw me a little bit. Family law attorney specializing in high stakes divorces.
Justin:And and, Jonathan, while I'm doing this introduction, do you have any examples, like, whether it probably can't name names, but types of people that you represent in high stakes divorces? What are we talking about?
Jonathan:Sure. First of all, thanks for having me on your show. When I say high stakes, I'm referring to usually either big dollar amounts or custody disputes with children. There's no stakes higher than the kids, but some of the, dollar amounts that we come across are objectively large.
Justin:Okay. So we're talking, like, famous people? Are we talking about rock stars, movie stars, athletes? That is is that what kind of the caliber of people you're working with?
Jonathan:Yes to all of those.
Justin:Jesus. Okay. Did you by chance represent Jeff Bezos? Bezos. I'm sorry to say.
Jonathan:I did not.
Justin:Oh, talk about a high stakes divorce. Right? Ouch. Anyways, shouldn't name names on here. So not only okay.
Justin:You you you're dealing with high stakes cases. You've been recognized by the Illinois Super Lawyers magazine. Is that the that's the right title of it. Right? As a rising star, only the top 2.5 or less than 2.5% get that recognition.
Justin:An emerging lawyer, designated by the leading lawyers magazine, less than 2% make that one. I mean, it sounds like you probably know your stuff. Right? Very, very well versed in, in the world of law. And then I come across this one, CompTIA Security Plus.
Justin:And I I wish I had the record scratch sound I could put on here. But, Jonathan, tell me tell me why a family law attorney is, studying CompTIA Security plus. And real quick before you answer that, Mario, have you ever taken that test or or done that course of study?
Mario:Many, many, many moons ago that I I took it, it wasn't, you know, the most thrilling thing I've done in my life. You know?
Justin:It's not fun. It's not exciting. And listen. This is kind of a, I don't wanna say basic or entry level, but it is one of the first places you start for security certifications. You know, it's not anything like a CISSP, but I got about three quarters way through the book before my brain caught on fire.
Justin:Not a fan. I do, you know, I I do still have to study this stuff, but, that's tough. So, Jonathan, tell me why you went from family law to security or included it or whatever, and tell me how in the hell you got through that course of study, please.
Jonathan:Okay. There's a the multipart question there. Yes. I I, I've always been interested in security, privacy in general, and then COVID hits and courts shut down, and everybody sort of left to figure out how do we move forward with court. And it like everything in the law, it took a little bit for the court system to to adapt and to get on Zoom and to do that efficiently.
Jonathan:And so lawyers were twiddling their thumbs. They were they were learning to bake bread. They were watching Tiger King and reading books and things like that. My rabbit hole was different. It was pretty security focused, pretty privacy focused, and comp TIA or TIA.
Jonathan:That's right. No.
Justin:I probably say it wrong.
Jonathan:I would guess you're right. It was just it seemed like low hanging fruit in the sense that it is one of those sort of entry level, certifications that lend some credibility to you know, you know something about something to get, certified by them. And there is some intersection that I've come across or if there wasn't, I've forged that intersection, forcefully. But there there is some, I think, overlap with family law because we do a lot of restraining orders. And so there's, like, spouses tracking spouses and, you know, using each other's devices in ways they shouldn't be.
Jonathan:So just sort of knowing how to navigate that has proven to be beneficial in my law practice as well.
Justin:Okay.
Mario:Now if I can interrupt for a second, just for our listeners that don't know, the CompTIA, this is, you know, a company that, has sent out, you know, or has set up, like, a study for basic, you know, IT. But when we say basic, it it doesn't mean that it's like, how do you plug in a computer. It's the foundation of getting started in the IT support field. So it is a very, involved certification and study, but it's usually, you know, the one that, you know, builds up from there.
Justin:And not for the faint of heart. So, Jonathan, tell me your experience going through that. Did you find it to be harder than you expected? Was it, you're just this is your natural habitat. You blew through it, pass a test with flying colors.
Justin:How how was that for you taking that test?
Jonathan:Probably unique.
Justin:Okay. You
Jonathan:know, my experience with the bar is similar. But in in terms of this exam, I bought the materials as, like, a pack with the the exam entrance fee. And like you, I started bright eyed and bushy tailed. I started reading, and it's dense reading
Justin:material.
Jonathan:So then I said, okay. You know, I don't have time right now to read 1,200 page PDF. Let me skip to the quiz and see, do I do well enough? And so I took the first, like, 20 or 30 questions, checked them, got most of them right, and said, I'm probably good. I later realized that those first twenty or 30 questions are all on the first chapter, so I didn't really give myself a good, sample of what the full exam was gonna be like.
Jonathan:And I walked into it, of course, not knowing what I had gotten myself into. They took it very seriously. It's like, you know, you can't bring anything into the exam. They made me roll up my sleeves to show I didn't have notes. That was sort of the point where I realized, wow.
Jonathan:What did I get myself into? And I guess it's because it's sort of like an entry level to Department of Defense too, so they wanna make sure that everybody's, you know, doing the right thing. And the very first question that I sat down to answer, I almost left the exam. It it you know how sometimes there's a control question where it's not actually part of the scoring, and it's like they're using you as a guinea pig? My guess is this was one of those.
Jonathan:It was a very confusing or complex simulation, and it wasn't, like, a multiple choice question. It was a, here's a network. One of the computers is infected with a virus, peruse the logs, trace down the source of the infection, and which machines have been infected, and, you know, just using a ton of terminology that, made me think, okay. I got myself in over my head. I wasted money on this exam.
Jonathan:I might as well leave, but I passed. So wasn't surprised. Yep.
Justin:Without reading the course material?
Jonathan:I I read some of it.
Justin:Okay. Well, I write legal terms here. I I no. Listen. I'm impressed.
Justin:I'm just gonna say I'm impressed. I did not try to take the test. And I I will say, like and the reason I'm spending so much time on this is because I've been through the other CompTIA, beginners courses, and I'm putting that in quotes because, like, the network plus, the what's the first one, Mario?
Mario:A plus.
Justin:A plus. Yeah. A plus network plus. Those I consider to be pretty basic. So I grabbed the security plus one, thought, no problem.
Justin:This will be a breeze. Not so much. Anyways, I find my, I do my study in other ways. But that was, like I said, I I I saw that about you. That's definitely what caught my attention, why I wanted you on here.
Justin:And and I I'd like to ask, do you have is it do you do two things? Are you an attorney practicing and also do cybersecurity consulting, or have you transitioned from one to the other?
Jonathan:I do both.
Justin:Okay. Simultaneously. And I'm gonna go ahead and just plug your other company real quick. I pulled this straight off of your website or somewhere. At Steel Fortress, Jonathan leverages his unique blend of legal and cybersecurity expertise to provide comprehensive cybersecurity and privacy consulting services.
Justin:This is like you couldn't write a better fit for what we wanna talk about here, so I love it. His deep understanding of both the legal and technical aspects of cybersecurity and privacy make him a valuable asset to any organization looking to bolster their security posture and navigate the complex landscape of cybersecurity laws and regulations. Now, the reason this caught my attention, Jonathan, is because I got into the business that I'm in because I like to plug modems into motherboards on my Apple two e, my dad's Apple two e back in the day. And that, do you know, evolved into a love of technology and and tech. Then one day, on a fateful Friday afternoon, I got a call from a client, and I'm fast forwarding to after I'd started my business, computer repair, and I was facing a full blown ransomware attack.
Justin:But I thought I was adequately prepared for, and I did learn that I had a lot to learn. So I didn't go into this on purpose, but here we are. It is now what I do all day every day, which is study and protect against cybersecurity. But not only did I accidentally evolve from technology to fighting Russian crime rings, but now I'm into, I'm obviously not an attorney, but we have to fight against lawsuits. That's that's the next evolution of this.
Justin:So perfect fit is what I'm saying. I I love your background and and can't wait to talk more about it. So with that, guys, we're gonna kinda jump into what I really wanted to talk about is because we like to quantify the damage done in an in an attack. Always there is financial loss, no matter what. I'm not gonna get into there's, like, a hundred different ways we can lose money financially.
Justin:What we don't always talk about though is the emotional impact or the reputation impact. So, Jonathan, you have a competitor, and I I just wanna punt this to you and let you do what you will with it. But tell me a little bit about this other firm that was breached and, you know, maybe what they could have done to prevent it if you wanna talk about that. Or at a minimum, what was, like, the the impact to this organization post breach?
Jonathan:Yeah. So, there's give or take three big, family law firms in the city of Chicago. We're one of them. And we tend to spar against each other just in terms of clientele. We we attract the same kinds of, cases.
Jonathan:And one of those competitors a number of years ago, was the victim of, I believe it was ransomware. And so they were shut down, for it was a a short time, but when you've got fifty, sixty lawyers that bill by the hour, a short time becomes an expensive time.
Justin:Yeah.
Jonathan:And also to your point, the reputational impact far exceeds whatever they ended up paying, to get their files back. Because, again, if you are one of three large family law firms that's attracting politicians and celebrities and, you know, athletes and things like that, and your firm has just been in the news for leaking all of their data, you're probably gonna go to one of the other three, because as divorce lawyers, we have every kind of data about clients that you could imagine. We have their kids' medical records. We have their medical records. We have their tax returns, their bank statements, their wills, you name it.
Jonathan:If there if there's something that's, classified as PII, we have all of it. So if we're leaking data as a family law firm, those effects are are devastating to the people whose data we've leaked. And so from a reputational perspective, it's a tough one to bounce back from.
Justin:Yeah. Dealing
Mario:with people that by not like, by nature are trying to stay under the radar as much as possible. So when something like this is leaked, it's far from being under the radar. Now you're center of attention. Now, you know, this athlete or so and so is now you know, everybody knows not only they're getting a divorce, but, you know, what other, things that they probably were trying to hide. So that it it's a very bad, situation to be
Jonathan:in. You're you're absolutely right. A lot of the reason people come to us is because we, we exercise discretion. We know we're representing public figures, and so we keep as little personally identifiable information in the public record as possible. You know, normally, if we're a lot of, run of the mill divorces, you'll just enter your your judgment for divorce, and it's public record.
Jonathan:And anybody can go online and read it. We will normally do, like, a one page judgment that goes in the public record when the longer agreement is sort of incorporated by reference and it's not in the public record. And that's just something we do to keep, you know, parenting schedules out of the record, to keep how an estate is divided out of the record what people earn. And so if we go to all that effort to to keep their information private and then just leak everything, their tax returns, their Social Security numbers, and everything. We've undone all the effort we put into keeping them private.
Mario:That's that's,
Justin:it's like going have no. Go ahead, Mario.
Mario:I was it it's just like, I it seems like, you know, you're you you know, when you go to somebody and say, hey. Could you keep a secret? And they just turn around and tell the whole world, like, you know, like, that's exactly what's happening there. You know, I think it
Jonathan:it's to their defense, maybe it's more like writing down the secret and then just leaving it in the, you know, the village square or something. I didn't tell everybody. I just wrote it down and made it available to everybody.
Mario:Exactly.
Justin:Do you happen to know any any numbers of as far as financial impact of of that particular breach?
Jonathan:I don't know the the the exact numbers. I can do rough math and say that firm has 40 lawyers that are probably averaging 4 or $500 an hour. So every hour is a a large amount of money that they're losing, and I think they were offline almost entirely for over a week, because they had no access to their client files. I do think they ended up paying the ransom, and that's that's how they got their files back. But being offline for a week, it it may sound like a small amount of time, but when you have hundreds and hundreds of clients with active cases and you're in and out of court and, you know, you're getting motions from firms that aren't offline, you're at a distinct disadvantage before you even start to calculate that sort of reputational impact.
Mario:So okay. This is millions of dollars just in a week.
Justin:Yeah.
Mario:Millions is Yeah. Just per week.
Justin:In the initial. Right? And and not counting, like, we're talking about the the ongoing reputational damage, lost cases moving forward. This is a burning question I've gotta ask because it's something that I'm seeing more and more. I'm talking about more and more is the the lawsuits that come on the heels of an attack like this, showing my ignorance, do law firms get sued in cases like this?
Justin:Do you have any idea if they were sued for for that breach?
Jonathan:You know, I think it depends on how the the breach happened. If you were employing sort of best practices and all your data was encrypted and you did everything you were supposed to do, is there a lawyer out there that will find a way to sue you anyway? Yeah. There are some unscrupulous lawyers that, you know, you dangle a couple dollars in front of them, and they're gonna come running whether there's a valid claim or not. But if they were doing something negligent, if they, you know, were storing all of this stuff unencrypted or if they left open, like, an SSH port on their firewall or, you know, just did something, imprudent.
Jonathan:I'll say that. And you're definitely giving rise to litigation because you were negligent. You were not employing the best practices. So I don't know whether that this particular law firm ended up, on the receiving end of a lawsuit.
Justin:Okay. And I
Jonathan:again, I just think I think it would hinge on how it happened.
Justin:Do you and here's just a a thought or a question. Do you see yourself moving into, defending in cases like this with your background in both cybersecurity and law? It seems like that'd be a great fit.
Jonathan:I I could see myself more so being on the prosecuting side of that than the defending side. You know, there are certain things that are accepted as quote, unquote best practices
Justin:Right.
Jonathan:In what we do specifically. And I would challenge that. I would challenge whether or not using Outlook, using Gmail is best practices because those emails are encrypted in transit, and they're encrypted on Outlook's server. But that means it's private between you, your client, and Microsoft. Right.
Jonathan:So if if we have, an ethical obligation to protect privilege, I would say you're not doing the right thing if you're not using an end to end encrypted email provider. And that's that's just one example. And I think, you know, emails and attachments to emails that are sent during the course of litigation are very often not intercepted in the sense that somebody hops in the middle and takes the data. But very often, one spouse has the other spouse's, credentials, and so they sign into their email. And then all of a sudden, it's just a treasure trove of information because it's all the attachments from the lawyer.
Jonathan:So I would, you know, I push people towards end to end encryption for email, but also file sharing as opposed to attachments to emails. I would say that's not best practices. So I would like to, at some point in my life, be on the prosecuting end of that because I do think it would sort of incentivize law firms to step it up in terms of what is a best practice.
Justin:Right.
Mario:I I have one question. That that other firm, are are they still one of the top three? Are they still in business? Yep.
Jonathan:Yes to both. Okay.
Justin:Alright. As far as the email encryption goes, it it no. It's it kinda reminds me of the misconception people have about moving to the cloud. You know, they're they're, they don't need to worry about security because all of their stuff's in the cloud. It's, it's somebody else's problem.
Justin:And what I like to remind people is that if you can get to your data, a bad guy can get to your data. All they have to do is access your computer. And if you're not protecting your computer, you know, you're you're opening up yourself, your clients, your patients, your customers, whatever you call them, and and all of their information. So, you know, we we are stewards of this stuff, and it it is something that we need to take very seriously. To your point about best practices, you know, I I think in in a lot of cases, I'm kind of curious about your take on this, but I think published frameworks are are really the best answer in that case.
Justin:We've got a lot of them to choose from, and some of them are forced on us through, you know, regulation. But, also, you know, we just have, like, c e CIS, for example, which is kind of an agreed upon best practices, in the industry. What are your thoughts on that using these frameworks and and proving that you've been at least making progress towards compliance on them. Would would that be a best practice in your mind as far as, you know, when somebody sued or litigate? I don't know the right word for this.
Jonathan:I think it's better than nothing. And I think saying that you're employing best practices, even if I may not view it as a best practice, if you are following what is accepted generally, is gonna be a valid defense. So I think if you're if you're following an established framework, great. My concern is similar to a legal concern is that, some of those best practices, some of those frameworks, some of the regulation that you made reference to is just very slow to adapt. It's resistant to change by its very nature, and stuff is changing.
Jonathan:Attack factors are changing. The threat landscape is changing constantly. And so it's a cat and mouse game. And, you know, if you are following what was best practices yesterday, you may be in trouble today.
Justin:Fair. That's a good point. Alright. Let's, let's move on to security. So we we do a cybersecurity tip on here.
Justin:And, I mean, listen, I got divorced two years ago, so this is intriguing to me. It's over. It's done. You know, luckily, it was it was amicable. There were wasn't a lot of you know, we did it ourselves.
Justin:We didn't have attorneys involved. There wasn't custody battles or anything like that. But what does as business owners, everything we have is already at risk. And where a divorce comes into play in in my understanding is, correct me if I'm wrong, if I own a business and I get divorced, that business is a marital asset, which could be divided in half. Right?
Justin:That's question number one.
Jonathan:The the the answer is sort of it depends.
Justin:Okay.
Jonathan:And you're always gonna get that kind of answer out of a lawyer as opposed to Sure. You know? And the reason I say that is because if the business was started during the marriage, then you're you're gonna have that marital presumption. If it was started before the marriage, you're not. But then even within those two buckets is also where did the money come from.
Jonathan:So you might have started it during the marriage, but, you used money that you had from before. And so you could have an argument that it's still not marital even though it was started during the marriage.
Justin:Okay.
Jonathan:I Where did I
Justin:Oh, yeah. Go ahead, Mario.
Mario:So this is a question, and we we have discussed it in the industry several times. You know, we we we meet on a weekly accountability group, and this is something that comes up all the time. What are and I know every state is different, but in a general, you know, rule of thumb or some we come across a lot of times, we we sit down with a business owner. They're not happy with their existing IT company either because of a breach or because of something, and they're kind of locked into, you know, some sort of contract or there could be not necessarily in a contract. But the existing, IT company or MSP does not wanna relinquish or provide them their passwords or give them access to their stuff.
Mario:You know? To me, that that seems like it's almost a form of ransom, you know, because the you know, they're holding him hostage. They're saying we're not gonna give you this stuff or, you know, you're you're you're this is the stay with us. We're not providing it. You know, from a lawyer, what what is what do you usually say or what do you think about that?
Jonathan:I come across a similar, but different circumstance where sometimes a lawyer will get fired during the pendency of the case, and you come in to replace them. And they say, we're not giving you the client file for whatever reason. Maybe the client owes money, and when they pay, then we'll give you their file. That's not a that's not a thing. That file does not belong to the lawyer.
Jonathan:Those passwords and credentials don't belong to the MSP. Those are the company, the business's, credentials. Those are their passwords. So if they get fired, you know, maybe they have a claim for, you know, unpaid wages at the end of their contract or maybe your, cancellation termination fee. But holding your data, your credentials, your access to your data ransom, I I don't think is appropriate.
Justin:Yeah. It it does. It gets thrown around thrown around a lot. The the question of what's ethical, what what's allowed, what's legal. I don't know.
Mario:But
Justin:yeah. Yeah. It's a battle I'm spending time. Yeah. And then, unfortunately, sometimes you have to engage with somebody, you know, like a
Mario:lawyer, unfortunately, sometimes you have to engage with somebody, you know, like a lawyer, you know, and sometimes it could just be a letter from a lawyer. Like, listen. You know, you are to pass these this information as soon as possible. But, unfortunately, they feel like, you know what? We're not you're, you know, halfway through a three year contract.
Mario:You have you know, we're not giving you anything, you know, and we're not allowing you to go in there and, you know, it has to be through us, and we're not doing it for you until you give us, you know, passwords or sorry. You give us money or whatever. To me, that that's ransom. You know? Like, they're they're they're not providing you with the information that you belongs to you because, you know, of money or whatever reason.
Jonathan:I I see them as, separate. You know, they may very well have a claim to money. They may very well have you know, maybe you didn't have, under the contract, the right to terminate your agreement early. And that's gonna be contract specific, whether or not there's a penalty, whether or not there's a notice requirement, that kind of thing. But it's wholly separate and apart from you having access to your data and your passwords.
Justin:Right.
Mario:Yeah.
Justin:So what should a business owner be concerned about? What should he do he she do to prepare, for, you know, the and again, I don't think anybody most of us don't sit around and plan to get divorced. I certainly didn't think it was coming. But what would be your advice to business owners to be be more prepared? You know, if if a divorce happens, what do they need to worry about?
Jonathan:I mean, just keeping records. You know, sometimes you'll see somebody lose a lot of money because they couldn't trace something to being nonmarital. And had they kept better records, maybe that wouldn't have happened. So, you know, I think keeping records of, you know, your tax filings, distributions that are coming out to your, your partners, keeping a separation of expenses. So a lot of times, you'll see in a divorce case, somebody will tout a, an artificially low salary because their business is picking up all their personal expenses.
Jonathan:The business is paying a lease for a car, paying for gas, paying for restaurants, paying for entertainment and travel. And you're gonna have your own issues with the IRS on some of that stuff, but you're also gonna have some issues in your divorce case because a lot of that is gonna be add backs in terms of what is your actual income. And, you know, divorce judges are they're not strangers to the concept of, I was making a lot of money, and then the divorce came and, my business isn't doing so good anymore. Right. They see you see it every day.
Jonathan:So
Justin:Okay. What about and and, you know, this is probably more general question because it's not just business owners that get divorced, but regarding cybersecurity and and keeping our information private and protected, what do we need to do to prevent divorce from getting ugly?
Mario:You know, I think it it
Jonathan:it's the same sort of cyber hygiene before, during, after a divorce. I think just, you know, all these best practices. I I know I'm overusing that term, but anytime you, like, open your news feed and read what are the top 10 cybersecurity advice, they're they're pretty similar. Right? There's Right.
Jonathan:Use unique passwords, use a password manager, use a VPN on public Wi Fi, although that one's less of a concern nowadays, and things like that, and keep your devices updated. Those are gonna be similar, pre, during, and post divorce. Some of the divorce specific ones is is more around data sharing access, like what you have given access to, knowingly, unknowingly. Maybe you gave, location access to your husband fifteen years ago, and you're just not aware that he still has access. Or maybe you're sharing your photo album and you didn't know, or maybe you're sending photos and they have metadata.
Jonathan:So you you just have to be a little bit more vigilant about what data you're giving to who and, how long that that access is is in place.
Justin:Okay. Alright. We're we're, gonna kinda start wrapping this up, but I wanted to sign off with just general, business advice to, you know, our target audience, we we speak to small and midsize businesses. So, you know, your firm, probably that that size range and down is really where we where we focus. So from a standpoint of cybersecurity, from the standpoint of just business best practices, what would you tell the business community?
Justin:You know, what share some some of your, life experiences with us.
Jonathan:You know, it's I don't look at it as a if question, if we're gonna leak data, if we're gonna get hacked, if we're gonna get ransomware. You gotta look at it as when and have a plan in place beforehand. Because trying to clean that up afterwards, you can go to the best IT departments and professionals in the world, and they can't decrypt encrypted files that have been encrypted with any sort of real encryption. And so you're you've you're behind the eight ball right off the bat. So I think having a plan in place for, you know, if you've leaked data, if you've been the victim of a data breach, you need to have a a notification method in place.
Jonathan:So you're telling your customers, in a timely way and allowing them to do something about it. And then I think just looking at, IT as an investment rather than a cost, rather than an expense, a lot of law firms are like, well, you know, can we afford IT, or can we just pay someone on a, as needed fix my problem basis? And that can end up being more expensive, and I think it's just the wrong mindset. I think you need to look at IT as this could help me grow my business. This could help me make my business more robust.
Jonathan:It could make my business more secure. It can make my website more polished, and so that's the face of my company. And so it it could it be expensive? Maybe. It depends on, you know, what kind of IT managed provider you're looking at, but I think it's better to look at it as an investment.
Justin:Okay. Mario, any thoughts or questions for Jonathan?
Mario:I mean, do you do you usually get into, you know, advice on on on with, you know, customers or, like, businesses that are looking for services or, like, what you know, if they had, like, an issue,
Jonathan:you know, where's the direction that you're usually telling them to look out for? Most of what I've seen personally is somebody coming in and just being sure that they have spyware. I'm certain of it. Somehow, he my husband knows where I am. Somehow, he knows what I'm doing, what what I'm spending, what you know, that kind of thing.
Jonathan:And so I I I could spend a lot of time helping people, divorce their spouses digitally as much as I spend divorcing them physically, financially, emotionally. So that seems to be the focus for me at this time. And, of course, there's there's sort of like a business. It it it carries over because a lot of my clients in law are they have businesses. So they apply the same sort of knowledge and practices and, procedures to their business that they're employing in their personal life.
Justin:Alright. I've got one more question. I think we're gonna maybe we'll make this the last one, but you said something and I I hope I heard you right. So clarify if I didn't, but I wanna talk about, cybersecurity can help grow my business. Did you say that?
Justin:Did I hear that correctly?
Jonathan:I'm speaking more in terms of IT in general. I think IT does more than cybersecurity. It encompasses more, and I think it can help to to grow a business.
Justin:Okay. And I I'm it caught my attention because when we're looking at your competitor, the lack of cybersecurity and I'm making assumptions, obviously. I wasn't there. I don't know anything about their cybersecurity posture. But, if we assume that that was something that they, could have prevented, certainly the lack of the cybersecurity measures help them not grow their business or help them shrink their business.
Justin:And maybe a firm like yours could come in and really demonstrate your cybersecurity posture, and maybe you could grow your business. Is that, what are your thoughts on that?
Jonathan:I think if if a good IT solution helps you grow it, the converse has gotta be true. A bad IT policy or bad IT department or a lack thereof entirely has the potential to, ruin your business at work at bottom or certainly affect your, customer, what kind of clients you attract, how many. And, you know, candidly, some of my clients are inconvenienced by some of the security measures that I use.
Justin:Oh, yeah.
Jonathan:I don't wanna have to click a link to download this attachment. I don't wanna have to type in a password. I don't wanna have to get a a two factor code. Why can't I just just attach it to the email, please? And they can go somewhere else.
Jonathan:You know, I don't wanna be sued because I was convinced to use something that I don't think is the right thing to do.
Justin:Yeah. I mean, I've I've said before that if cybersecurity isn't a giant pain in your ass, you're doing it wrong. I I hate that statement. I don't know that I completely agree with it, but I certainly don't disagree with it. And then from, you know, I I do think that there is a business benefit because we always look at this as a cost.
Justin:Right? IT, cybersecurity, it's a cost. It's almost insurance. Right? We're we're preventing loss.
Justin:We're preventing a what if. But I do believe that there is a way to demonstrate a strong cybersecurity posture and use that to build trust, and we know businesses do or people do businesses Jesus. People do business with those they know, like, and trust. Right? And so if we can use this as a way to, gain trust and demonstrate trust, demonstrate that that, you know, people are giving away their information to us, whether we're a law firm or a health, you know, a hospital or a medical practice or, you know, whatever.
Justin:We're we're holding we're stewards of this information and where we can demonstrate and prove that we are taking it serious. I do believe that that could be used as a way to to grow your business or to at least, you know, build that trust factor. So, guys, let's go ahead and and move to, key takeaways and final thoughts. And, you know, we kinda do this at the end. What if if nothing else, if somebody just came and and heard only this one point, what would you want them to take away from today's episode?
Justin:And, Mario, we're gonna start with you. And then, Jonathan, if you've got some thoughts, and then I'll I'll take it home. Mario, go ahead.
Mario:Yeah. I mean, for me, it it's really it it confirms a lot of the things that we have been talking about on on this podcast for for a long time. It's it's that you have to do your due diligence, and, you know, we have it, you know, directly from a lawyer that you, you know, if you're, neglecting something, you're not doing, you know, some things that you're supposed to be doing, that it it's going to open the door to not only an attack, but, you know, possibly kick you while you're down and get, you know, sued after the fact. So, you know, yes, it it it it it it it it happens and, you know, you have to do what you can to avoid it.
Justin:Right. Perfect. Alright, Mario. As always, thanks for being here. Sharing your thoughts.
Justin:Mhmm. Jonathan, your turn. Key takeaway. What if if somebody could only remember one thing from today's episode, what would you want that to be?
Jonathan:You know, I think you can only leak what you have. And so maybe you don't wanna collect information from your customers that you don't need. Maybe sit down and figure out maybe I don't need, a home address for Netflix. Maybe I don't need a cell phone number for Domino's. And so if you're just collecting more data than is necessary, you have more to spill if you are a victim of a a leak or breach.
Jonathan:And so collect what you actually need to collect, and then encryption is your friend on what you actually do need to, collect.
Justin:I love that. Those are those are both very, I mean, brilliant. Well, key concepts. Right? This is this is really where it starts and it I'll I'll be honest.
Justin:It's not one we talk about a lot. I love that line. You could only leak what you have. I think sometimes we get sloppy with what we collect, but also what we archive, what we keep. And and I might just add to it.
Justin:Purge that shit. If you don't need it, get rid of it. So, Jonathan, thank you so much for being here. I really do appreciate it.
Mario:Justin, I I believe John Jonathan was telling us he's opening up his own practice. Right?
Justin:Yep. Yep. You've got if if somebody were to reach you for legal, first of all, they're gonna go to steel fam law, s t e l e f a m l a w dot com. Correct?
Jonathan:Yep.
Justin:And then do you have a separate website for your security firm that you're working in now?
Jonathan:SteelFortress.com. You can reach me there and get your cybersecurity and privacy, consultation.
Justin:Steel Fort and again, steelefortress.com. Appreciate it. And, you know, I I've said before, I'll say it again. I learn more on these podcasts of, like, I I'm here for very selfish reasons, and I I love being able to tap into to your wisdom to the other guests we've had on the show. So thank you so much again for being here.
Jonathan:Thanks for having me.
Justin:My my key takeaway, you actually stole it because I was gonna use I was gonna steal yours, and then you stole it right back. The, you can only leak what you have. So I'm just gonna use my my generic one. Guys, best practices are your friend. Make sure that those are in place.
Justin:Have a plan of action. Have milestones. You show that, you know, to, prove that you're you're doing what you're told to do, what you're supposed to do. What are the best practices? Have them written out.
Justin:Real quick, Jonathan. We I like to pick on a guy I saw on Reddit, an MSP owner that had been in the business for thirty years, and a prospect asked him, what are these best practices? And he's like, I don't know. You you gotta know what they are if you're gonna be rolling them out. So, identify them, write them down, measure against them, and make constant progress.
Justin:I wish Brian was here today because he would say cybersecurity is a journey, not a destination. Make small improvements every day, and that's what we like to, to teach people. So, guys, if you have any other thoughts, questions, if you wanna contact any of us, our information is available on unhacked.live. Also, our links to social media, and a free assessment if you'd like like to go that route. Any of us and, Jonathan, I'm a throw you out there.
Justin:Maybe maybe you'll do it, maybe you won't, but we do free assessments to people that listen to the show and and wanna come just get a basic understanding of what their cybersecurity posture is. So, join us at unhack.live. And, other than that, we'll see you guys next week. Take care.
Mario:Bye, guys. Thank you.
Justin:Bye.
Creators and Guests
