February 25, 2025 • 42 mins
This week we talk with Jonathan Steele, a prominent high-stakes divorce attorney who doubles as a cybersecurity expert.
At Steele Fortress, Jonathan leverages his unique blend of legal and cybersecurity expertise to provide comprehensive cybersecurity and privacy consulting services. His deep understanding of both the legal and technical aspects of cybersecurity and privacy makes him a valuable asset to any organization looking to bolster their security posture and navigate the complex landscape of cybersecurity laws and regulations.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Justin (00:16):
Welcome everybody to episode 41 of UnHacked, where we
empower busy and overwhelmedbusiness owners, the outsmart
Russian hackers. Guys, we talkabout it all the time, the
basics, the best practices. Thisis where it starts. Here's a sad
truth. Ninety seven percent ofthe breaches that we read about
in the news were preventable.
Basic security measures is whatit takes. Once you get hit, you
(00:37):
never truly can't get unhacked.So, that's what we're here for.
We are going to well, today,we're gonna kinda demonstrate
the fact that you can't getunhacked because we've got a
special guest I can't wait tointroduce. Before I bring him
up, we'll bring up the regulars.
I'm Justin Shelley, CEO ofPhoenix IT Advisors, and I work
with businesses in Texas,Nevada, and Utah helping them to
(00:59):
prevent financial loss fromcybercrime, government fines,
and, you know, class actionlawsuits. Got an attorney today,
so I'll be careful about thatone. But that's the new trend.
Right? We're getting sued.
On top of getting breached,we're getting sued after that.
And, maybe, Jonathan, you'llshare some wisdom there as well.
Anyways, that's what I do. Brianis not here today. He's AWOL.
Hopefully, he'll be with us nextweek. But Mario, our regular, as
(01:22):
always, here with that smilingface. Mario, tell everybody who
you are, what you do, and whoyou do it for.
Mario (01:29):
What's up, guys? Mario Zaki, CEO of Mastech IT. We
service, small to medium sizedbusinesses in the New Jersey and
New York area. We've been inbusiness for almost twenty one
years now, and we try, you know,same as, like, what Justin said.
We try to keep small businesses,protected, and, you know, we
(01:51):
specialize in having CEOs sleepbetter at night.
Justin (01:55):
I love that. We need it. We need that sleep. I don't get
a lot of it. Anyways, alright.
That's, that's me. That's Mario.And now, guys, thrilled to
introduce Jonathan Steele. Sothis is, this one kinda threw me
a little bit. Family lawattorney specializing in high
stakes divorces.
(02:17):
And and, Jonathan, while I'mdoing this introduction, do you
have any examples, like, whetherit probably can't name names,
but types of people that yourepresent in high stakes
divorces? What are we talkingabout?
Jonathan (02:28):
Sure. First of all, thanks for having me on your
show. When I say high stakes,I'm referring to usually either
big dollar amounts or custodydisputes with children. There's
no stakes higher than the kids,but some of the, dollar amounts
that we come across areobjectively large.
Justin (02:45):
Okay. So we're talking, like, famous people? Are we
talking about rock stars, moviestars, athletes? That is is that
what kind of the caliber ofpeople you're working with?
Jonathan (02:55):
Yes to all of those.
Justin (02:56):
Jesus. Okay. Did you by chance represent Jeff Bezos?
Bezos. I'm sorry to say.
Jonathan (03:02):
I did not.
Justin (03:03):
Oh, talk about a high stakes divorce. Right? Ouch.
Anyways, shouldn't name names onhere. So not only okay.
You you you're dealing with highstakes cases. You've been
recognized by the Illinois SuperLawyers magazine. Is that the
that's the right title of it.Right? As a rising star, only
the top 2.5 or less than 2.5%get that recognition.
(03:26):
An emerging lawyer, designatedby the leading lawyers magazine,
less than 2% make that one. Imean, it sounds like you
probably know your stuff. Right?Very, very well versed in, in
the world of law. And then Icome across this one, CompTIA
Security Plus.
And I I wish I had the recordscratch sound I could put on
(03:46):
here. But, Jonathan, tell metell me why a family law
attorney is, studying CompTIASecurity plus. And real quick
before you answer that, Mario,have you ever taken that test or
or done that course of study?
Mario (04:01):
Many, many, many moons ago that I I took it, it wasn't,
you know, the most thrillingthing I've done in my life. You
know?
Justin (04:11):
It's not fun. It's not exciting. And listen. This is
kind of a, I don't wanna saybasic or entry level, but it is
one of the first places youstart for security
certifications. You know, it'snot anything like a CISSP, but I
got about three quarters waythrough the book before my brain
caught on fire.
Not a fan. I do, you know, I Ido still have to study this
(04:32):
stuff, but, that's tough. So,Jonathan, tell me why you went
from family law to security orincluded it or whatever, and
tell me how in the hell you gotthrough that course of study,
please.
Jonathan (04:45):
Okay. There's a the multipart question there. Yes. I
I, I've always been interestedin security, privacy in general,
and then COVID hits and courtsshut down, and everybody sort of
left to figure out how do wemove forward with court. And it
like everything in the law, ittook a little bit for the court
system to to adapt and to get onZoom and to do that efficiently.
(05:09):
And so lawyers were twiddlingtheir thumbs. They were they
were learning to bake bread.They were watching Tiger King
and reading books and thingslike that. My rabbit hole was
different. It was prettysecurity focused, pretty privacy
focused, and comp TIA or TIA.
That's right. No.
Justin (05:29):
I probably say it wrong.
Jonathan (05:30):
I would guess you're right. It was just it seemed
like low hanging fruit in thesense that it is one of those
sort of entry level,certifications that lend some
credibility to you know, youknow something about something
to get, certified by them. Andthere is some intersection that
I've come across or if therewasn't, I've forged that
intersection, forcefully. Butthere there is some, I think,
(05:55):
overlap with family law becausewe do a lot of restraining
orders. And so there's, like,spouses tracking spouses and,
you know, using each other'sdevices in ways they shouldn't
be.
So just sort of knowing how tonavigate that has proven to be
beneficial in my law practice aswell.
Justin (06:12):
Okay.
Mario (06:12):
Now if I can interrupt for a second, just for our
listeners that don't know, theCompTIA, this is, you know, a
company that, has sent out, youknow, or has set up, like, a
study for basic, you know, IT.But when we say basic, it it
doesn't mean that it's like, howdo you plug in a computer. It's
the foundation of gettingstarted in the IT support field.
(06:37):
So it is a very, involvedcertification and study, but
it's usually, you know, the onethat, you know, builds up from
there.
Justin (06:46):
And not for the faint of heart. So, Jonathan, tell me
your experience going throughthat. Did you find it to be
harder than you expected? Wasit, you're just this is your
natural habitat. You blewthrough it, pass a test with
flying colors.
How how was that for you takingthat test?
Jonathan (07:02):
Probably unique.
Justin (07:03):
Okay. You
Jonathan (07:04):
know, my experience with the bar is similar. But in
in terms of this exam, I boughtthe materials as, like, a pack
with the the exam entrance fee.And like you, I started bright
eyed and bushy tailed. I startedreading, and it's dense reading
Justin (07:21):
material.
Jonathan (07:21):
So then I said, okay. You know, I don't have time
right now to read 1,200 pagePDF. Let me skip to the quiz and
see, do I do well enough? And soI took the first, like, 20 or 30
questions, checked them, gotmost of them right, and said,
I'm probably good. I laterrealized that those first twenty
or 30 questions are all on thefirst chapter, so I didn't
(07:44):
really give myself a good,sample of what the full exam was
gonna be like.
And I walked into it, of course,not knowing what I had gotten
myself into. They took it veryseriously. It's like, you know,
you can't bring anything intothe exam. They made me roll up
my sleeves to show I didn't havenotes. That was sort of the
point where I realized, wow.
What did I get myself into? AndI guess it's because it's sort
(08:05):
of like an entry level toDepartment of Defense too, so
they wanna make sure thateverybody's, you know, doing the
right thing. And the very firstquestion that I sat down to
answer, I almost left the exam.It it you know how sometimes
there's a control question whereit's not actually part of the
scoring, and it's like they'reusing you as a guinea pig? My
guess is this was one of those.
(08:26):
It was a very confusing orcomplex simulation, and it
wasn't, like, a multiple choicequestion. It was a, here's a
network. One of the computers isinfected with a virus, peruse
the logs, trace down the sourceof the infection, and which
machines have been infected,and, you know, just using a ton
(08:47):
of terminology that, made methink, okay. I got myself in
over my head. I wasted money onthis exam.
I might as well leave, but Ipassed. So wasn't surprised.
Yep.
Justin (08:58):
Without reading the course material?
Jonathan (09:01):
I I read some of it.
Justin (09:02):
Okay. Well, I write legal terms here. I I no.
Listen. I'm impressed.
I'm just gonna say I'mimpressed. I did not try to take
the test. And I I will say, likeand the reason I'm spending so
much time on this is becauseI've been through the other
CompTIA, beginners courses, andI'm putting that in quotes
because, like, the network plus,the what's the first one, Mario?
Mario (09:25):
A plus.
Justin (09:26):
A plus. Yeah. A plus network plus. Those I consider
to be pretty basic. So I grabbedthe security plus one, thought,
no problem.
This will be a breeze. Not somuch. Anyways, I find my, I do
my study in other ways. But thatwas, like I said, I I I saw that
about you. That's definitelywhat caught my attention, why I
wanted you on here.
(09:46):
And and I I'd like to ask, doyou have is it do you do two
things? Are you an attorneypracticing and also do
cybersecurity consulting, orhave you transitioned from one
to the other?
Jonathan (09:58):
I do both.
Justin (10:00):
Okay. Simultaneously. And I'm gonna go ahead and just
plug your other company realquick. I pulled this straight
off of your website orsomewhere. At Steel Fortress,
Jonathan leverages his uniqueblend of legal and cybersecurity
expertise to providecomprehensive cybersecurity and
privacy consulting services.
This is like you couldn't writea better fit for what we wanna
talk about here, so I love it.His deep understanding of both
(10:22):
the legal and technical aspectsof cybersecurity and privacy
make him a valuable asset to anyorganization looking to bolster
their security posture andnavigate the complex landscape
of cybersecurity laws andregulations. Now, the reason
this caught my attention,Jonathan, is because I got into
the business that I'm in becauseI like to plug modems into
(10:43):
motherboards on my Apple two e,my dad's Apple two e back in the
day. And that, do you know,evolved into a love of
technology and and tech. Thenone day, on a fateful Friday
afternoon, I got a call from aclient, and I'm fast forwarding
to after I'd started mybusiness, computer repair, and I
(11:03):
was facing a full blownransomware attack.
But I thought I was adequatelyprepared for, and I did learn
that I had a lot to learn. So Ididn't go into this on purpose,
but here we are. It is now whatI do all day every day, which is
study and protect againstcybersecurity. But not only did
I accidentally evolve fromtechnology to fighting Russian
(11:24):
crime rings, but now I'm into,I'm obviously not an attorney,
but we have to fight againstlawsuits. That's that's the next
evolution of this.
So perfect fit is what I'msaying. I I love your background
and and can't wait to talk moreabout it. So with that, guys,
we're gonna kinda jump into whatI really wanted to talk about is
(11:45):
because we like to quantify thedamage done in an in an attack.
Always there is financial loss,no matter what. I'm not gonna
get into there's, like, ahundred different ways we can
lose money financially.
What we don't always talk aboutthough is the emotional impact
or the reputation impact. So,Jonathan, you have a competitor,
(12:07):
and I I just wanna punt this toyou and let you do what you will
with it. But tell me a littlebit about this other firm that
was breached and, you know,maybe what they could have done
to prevent it if you wanna talkabout that. Or at a minimum,
what was, like, the the impactto this organization post
breach?
Jonathan (12:25):
Yeah. So, there's give or take three big, family law
firms in the city of Chicago.We're one of them. And we tend
to spar against each other justin terms of clientele. We we
attract the same kinds of,cases.
And one of those competitors anumber of years ago, was the
victim of, I believe it wasransomware. And so they were
(12:49):
shut down, for it was a a shorttime, but when you've got fifty,
sixty lawyers that bill by thehour, a short time becomes an
expensive time.
Justin (12:59):
Yeah.
Jonathan (12:59):
And also to your point, the reputational impact
far exceeds whatever they endedup paying, to get their files
back. Because, again, if you areone of three large family law
firms that's attractingpoliticians and celebrities and,
you know, athletes and thingslike that, and your firm has
(13:23):
just been in the news forleaking all of their data,
you're probably gonna go to oneof the other three, because as
divorce lawyers, we have everykind of data about clients that
you could imagine. We have theirkids' medical records. We have
their medical records. We havetheir tax returns, their bank
statements, their wills, youname it.
If there if there's somethingthat's, classified as PII, we
(13:47):
have all of it. So if we'releaking data as a family law
firm, those effects are aredevastating to the people whose
data we've leaked. And so from areputational perspective, it's a
tough one to bounce back from.
Justin (14:01):
Yeah. Dealing
Mario (14:02):
with people that by not like, by nature are trying to
stay under the radar as much aspossible. So when something like
this is leaked, it's far frombeing under the radar. Now
you're center of attention. Now,you know, this athlete or so and
so is now you know, everybodyknows not only they're getting a
(14:22):
divorce, but, you know, whatother, things that they probably
were trying to hide. So that itit's a very bad, situation to be
Jonathan (14:33):
in. You're you're absolutely right. A lot of the
reason people come to us isbecause we, we exercise
discretion. We know we'rerepresenting public figures, and
so we keep as little personallyidentifiable information in the
public record as possible. Youknow, normally, if we're a lot
of, run of the mill divorces,you'll just enter your your
(14:55):
judgment for divorce, and it'spublic record.
And anybody can go online andread it. We will normally do,
like, a one page judgment thatgoes in the public record when
the longer agreement is sort ofincorporated by reference and
it's not in the public record.And that's just something we do
to keep, you know, parentingschedules out of the record, to
keep how an estate is dividedout of the record what people
(15:17):
earn. And so if we go to allthat effort to to keep their
information private and thenjust leak everything, their tax
returns, their Social Securitynumbers, and everything. We've
undone all the effort we putinto keeping them private.
Mario (15:34):
That's that's,
Justin (15:35):
it's like going have no. Go ahead, Mario.
Mario (15:38):
I was it it's just like, I it seems like, you know,
you're you you know, when you goto somebody and say, hey. Could
you keep a secret? And they justturn around and tell the whole
world, like, you know, like,that's exactly what's happening
there. You know, I think it
Jonathan (15:52):
it's to their defense, maybe it's more like writing
down the secret and then justleaving it in the, you know, the
village square or something. Ididn't tell everybody. I just
wrote it down and made itavailable to everybody.
Mario (16:05):
Exactly.
Justin (16:07):
Do you happen to know any any numbers of as far as
financial impact of of thatparticular breach?
Jonathan (16:14):
I don't know the the the exact numbers. I can do
rough math and say that firm has40 lawyers that are probably
averaging 4 or $500 an hour. Soevery hour is a a large amount
of money that they're losing,and I think they were offline
almost entirely for over a week,because they had no access to
(16:37):
their client files. I do thinkthey ended up paying the ransom,
and that's that's how they gottheir files back. But being
offline for a week, it it maysound like a small amount of
time, but when you have hundredsand hundreds of clients with
active cases and you're in andout of court and, you know,
you're getting motions fromfirms that aren't offline,
(16:59):
you're at a distinctdisadvantage before you even
start to calculate that sort ofreputational impact.
Mario (17:06):
So okay. This is millions of dollars just in a week.
Justin (17:10):
Yeah.
Mario (17:11):
Millions is Yeah. Just per week.
Justin (17:14):
In the initial. Right? And and not counting, like,
we're talking about the theongoing reputational damage,
lost cases moving forward. Thisis a burning question I've gotta
ask because it's something thatI'm seeing more and more. I'm
talking about more and more isthe the lawsuits that come on
the heels of an attack likethis, showing my ignorance, do
(17:34):
law firms get sued in cases likethis?
Do you have any idea if theywere sued for for that breach?
Jonathan (17:41):
You know, I think it depends on how the the breach
happened. If you were employingsort of best practices and all
your data was encrypted and youdid everything you were supposed
to do, is there a lawyer outthere that will find a way to
sue you anyway? Yeah. There aresome unscrupulous lawyers that,
you know, you dangle a coupledollars in front of them, and
(18:02):
they're gonna come runningwhether there's a valid claim or
not. But if they were doingsomething negligent, if they,
you know, were storing all ofthis stuff unencrypted or if
they left open, like, an SSHport on their firewall or, you
know, just did something,imprudent.
I'll say that. And you'redefinitely giving rise to
(18:25):
litigation because you werenegligent. You were not
employing the best practices. SoI don't know whether that this
particular law firm ended up, onthe receiving end of a lawsuit.
Justin (18:36):
Okay. And I
Jonathan (18:36):
again, I just think I think it would hinge on how it
happened.
Justin (18:40):
Do you and here's just a a thought or a question. Do you
see yourself moving into,defending in cases like this
with your background in bothcybersecurity and law? It seems
like that'd be a great fit.
Jonathan (18:54):
I I could see myself more so being on the prosecuting
side of that than the defendingside. You know, there are
certain things that are acceptedas quote, unquote best practices
Justin (19:04):
Right.
Jonathan (19:04):
In what we do specifically. And I would
challenge that. I wouldchallenge whether or not using
Outlook, using Gmail is bestpractices because those emails
are encrypted in transit, andthey're encrypted on Outlook's
server. But that means it'sprivate between you, your
client, and Microsoft. Right.
So if if we have, an ethicalobligation to protect privilege,
(19:29):
I would say you're not doing theright thing if you're not using
an end to end encrypted emailprovider. And that's that's just
one example. And I think, youknow, emails and attachments to
emails that are sent during thecourse of litigation are very
often not intercepted in thesense that somebody hops in the
middle and takes the data. Butvery often, one spouse has the
(19:52):
other spouse's, credentials, andso they sign into their email.
And then all of a sudden, it'sjust a treasure trove of
information because it's all theattachments from the lawyer.
So I would, you know, I pushpeople towards end to end
encryption for email, but alsofile sharing as opposed to
attachments to emails. I wouldsay that's not best practices.
So I would like to, at somepoint in my life, be on the
(20:15):
prosecuting end of that becauseI do think it would sort of
incentivize law firms to step itup in terms of what is a best
practice.
Justin (20:22):
Right.
Mario (20:23):
I I have one question. That that other firm, are are
they still one of the top three?Are they still in business? Yep.
Jonathan (20:32):
Yes to both. Okay.
Justin (20:37):
Alright. As far as the email encryption goes, it it no.
It's it kinda reminds me of themisconception people have about
moving to the cloud. You know,they're they're, they don't need
to worry about security becauseall of their stuff's in the
cloud. It's, it's somebodyelse's problem.
And what I like to remind peopleis that if you can get to your
data, a bad guy can get to yourdata. All they have to do is
(20:59):
access your computer. And ifyou're not protecting your
computer, you know, you'reyou're opening up yourself, your
clients, your patients, yourcustomers, whatever you call
them, and and all of theirinformation. So, you know, we we
are stewards of this stuff, andit it is something that we need
to take very seriously. To yourpoint about best practices, you
know, I I think in in a lot ofcases, I'm kind of curious about
(21:21):
your take on this, but I thinkpublished frameworks are are
really the best answer in thatcase.
We've got a lot of them tochoose from, and some of them
are forced on us through, youknow, regulation. But, also, you
know, we just have, like, c eCIS, for example, which is kind
of an agreed upon bestpractices, in the industry. What
are your thoughts on that usingthese frameworks and and proving
(21:44):
that you've been at least makingprogress towards compliance on
them. Would would that be a bestpractice in your mind as far as,
you know, when somebody sued orlitigate? I don't know the right
word for this.
Jonathan (21:54):
I think it's better than nothing. And I think saying
that you're employing bestpractices, even if I may not
view it as a best practice, ifyou are following what is
accepted generally, is gonna bea valid defense. So I think if
you're if you're following anestablished framework, great. My
concern is similar to a legalconcern is that, some of those
(22:16):
best practices, some of thoseframeworks, some of the
regulation that you madereference to is just very slow
to adapt. It's resistant tochange by its very nature, and
stuff is changing.
Attack factors are changing. Thethreat landscape is changing
constantly. And so it's a catand mouse game. And, you know,
if you are following what wasbest practices yesterday, you
(22:40):
may be in trouble today.
Justin (22:43):
Fair. That's a good point. Alright. Let's, let's
move on to security. So we we doa cybersecurity tip on here.
And, I mean, listen, I gotdivorced two years ago, so this
is intriguing to me. It's over.It's done. You know, luckily, it
was it was amicable. There werewasn't a lot of you know, we did
(23:05):
it ourselves.
We didn't have attorneysinvolved. There wasn't custody
battles or anything like that.But what does as business
owners, everything we have isalready at risk. And where a
divorce comes into play in in myunderstanding is, correct me if
I'm wrong, if I own a businessand I get divorced, that
business is a marital asset,which could be divided in half.
(23:28):
Right?
That's question number one.
Jonathan (23:30):
The the the answer is sort of it depends.
Justin (23:33):
Okay.
Jonathan (23:34):
And you're always gonna get that kind of answer
out of a lawyer as opposed toSure. You know? And the reason I
say that is because if thebusiness was started during the
marriage, then you're you'regonna have that marital
presumption. If it was startedbefore the marriage, you're not.
But then even within those twobuckets is also where did the
money come from.
So you might have started itduring the marriage, but, you
(23:55):
used money that you had frombefore. And so you could have an
argument that it's still notmarital even though it was
started during the marriage.
Justin (24:03):
Okay.
Jonathan (24:06):
I Where did I
Justin (24:07):
Oh, yeah. Go ahead, Mario.
Mario (24:09):
So this is a question, and we we have discussed it in
the industry several times. Youknow, we we we meet on a weekly
accountability group, and thisis something that comes up all
the time. What are and I knowevery state is different, but in
a general, you know, rule ofthumb or some we come across a
(24:32):
lot of times, we we sit downwith a business owner. They're
not happy with their existing ITcompany either because of a
breach or because of something,and they're kind of locked into,
you know, some sort of contractor there could be not
necessarily in a contract. Butthe existing, IT company or MSP
does not wanna relinquish orprovide them their passwords or
(24:55):
give them access to their stuff.
You know? To me, that that seemslike it's almost a form of
ransom, you know, because theyou know, they're holding him
hostage. They're saying we'renot gonna give you this stuff
or, you know, you're you'reyou're this is the stay with us.
We're not providing it. Youknow, from a lawyer, what what
(25:15):
is what do you usually say orwhat do you think about that?
Jonathan (25:20):
I come across a similar, but different
circumstance where sometimes alawyer will get fired during the
pendency of the case, and youcome in to replace them. And
they say, we're not giving youthe client file for whatever
reason. Maybe the client owesmoney, and when they pay, then
we'll give you their file.That's not a that's not a thing.
(25:42):
That file does not belong to thelawyer.
Those passwords and credentialsdon't belong to the MSP. Those
are the company, the business's,credentials. Those are their
passwords. So if they get fired,you know, maybe they have a
claim for, you know, unpaidwages at the end of their
contract or maybe your,cancellation termination fee.
(26:04):
But holding your data, yourcredentials, your access to your
data ransom, I I don't think isappropriate.
Justin (26:15):
Yeah. It it does. It gets thrown around thrown around
a lot. The the question ofwhat's ethical, what what's
allowed, what's legal. I don'tknow.
Mario (26:24):
But
Justin (26:25):
yeah. Yeah. It's a battle I'm spending time. Yeah.
And then, unfortunately,sometimes you have to engage
with somebody, you know, like a
Mario (26:27):
lawyer, unfortunately, sometimes you have to engage
with somebody, you know, like alawyer, you know, and sometimes
it could just be a letter from alawyer. Like, listen. You know,
you are to pass these thisinformation as soon as possible.
But, unfortunately, they feellike, you know what? We're not
you're, you know, halfwaythrough a three year contract.
(26:49):
You have you know, we're notgiving you anything, you know,
and we're not allowing you to goin there and, you know, it has
to be through us, and we're notdoing it for you until you give
us, you know, passwords orsorry. You give us money or
whatever. To me, that that'sransom. You know? Like, they're
they're they're not providingyou with the information that
you belongs to you because, youknow, of money or whatever
(27:12):
reason.
Jonathan (27:14):
I I see them as, separate. You know, they may
very well have a claim to money.They may very well have you
know, maybe you didn't have,under the contract, the right to
terminate your agreement early.And that's gonna be contract
specific, whether or not there'sa penalty, whether or not
there's a notice requirement,that kind of thing. But it's
(27:34):
wholly separate and apart fromyou having access to your data
and your passwords.
Justin (27:40):
Right.
Mario (27:42):
Yeah.
Justin (27:43):
So what should a business owner be concerned
about? What should he do he shedo to prepare, for, you know,
the and again, I don't thinkanybody most of us don't sit
around and plan to get divorced.I certainly didn't think it was
coming. But what would be youradvice to business owners to be
be more prepared? You know, ifif a divorce happens, what do
(28:07):
they need to worry about?
Jonathan (28:09):
I mean, just keeping records. You know, sometimes
you'll see somebody lose a lotof money because they couldn't
trace something to beingnonmarital. And had they kept
better records, maybe thatwouldn't have happened. So, you
know, I think keeping recordsof, you know, your tax filings,
(28:29):
distributions that are comingout to your, your partners,
keeping a separation ofexpenses. So a lot of times,
you'll see in a divorce case,somebody will tout a, an
artificially low salary becausetheir business is picking up all
their personal expenses.
The business is paying a leasefor a car, paying for gas,
(28:50):
paying for restaurants, payingfor entertainment and travel.
And you're gonna have your ownissues with the IRS on some of
that stuff, but you're alsogonna have some issues in your
divorce case because a lot ofthat is gonna be add backs in
terms of what is your actualincome. And, you know, divorce
judges are they're not strangersto the concept of, I was making
(29:11):
a lot of money, and then thedivorce came and, my business
isn't doing so good anymore.Right. They see you see it every
day.
So
Justin (29:19):
Okay. What about and and, you know, this is probably
more general question becauseit's not just business owners
that get divorced, but regardingcybersecurity and and keeping
our information private andprotected, what do we need to do
to prevent divorce from gettingugly?
Mario (29:38):
You know, I think it it
Jonathan (29:40):
it's the same sort of cyber hygiene before, during,
after a divorce. I think just,you know, all these best
practices. I I know I'moverusing that term, but anytime
you, like, open your news feedand read what are the top 10
cybersecurity advice, they'rethey're pretty similar. Right?
There's Right.
Use unique passwords, use apassword manager, use a VPN on
(30:03):
public Wi Fi, although thatone's less of a concern
nowadays, and things like that,and keep your devices updated.
Those are gonna be similar, pre,during, and post divorce. Some
of the divorce specific ones isis more around data sharing
access, like what you have givenaccess to, knowingly,
(30:24):
unknowingly. Maybe you gave,location access to your husband
fifteen years ago, and you'rejust not aware that he still has
access. Or maybe you're sharingyour photo album and you didn't
know, or maybe you're sendingphotos and they have metadata.
So you you just have to be alittle bit more vigilant about
what data you're giving to whoand, how long that that access
(30:48):
is is in place.
Justin (30:51):
Okay. Alright. We're we're, gonna kinda start
wrapping this up, but I wantedto sign off with just general,
business advice to, you know,our target audience, we we speak
to small and midsize businesses.So, you know, your firm,
probably that that size rangeand down is really where we
(31:12):
where we focus. So from astandpoint of cybersecurity,
from the standpoint of justbusiness best practices, what
would you tell the businesscommunity?
You know, what share some someof your, life experiences with
us.
Jonathan (31:29):
You know, it's I don't look at it as a if question, if
we're gonna leak data, if we'regonna get hacked, if we're gonna
get ransomware. You gotta lookat it as when and have a plan in
place beforehand. Because tryingto clean that up afterwards, you
can go to the best ITdepartments and professionals in
(31:49):
the world, and they can'tdecrypt encrypted files that
have been encrypted with anysort of real encryption. And so
you're you've you're behind theeight ball right off the bat. So
I think having a plan in placefor, you know, if you've leaked
data, if you've been the victimof a data breach, you need to
have a a notification method inplace.
(32:11):
So you're telling yourcustomers, in a timely way and
allowing them to do somethingabout it. And then I think just
looking at, IT as an investmentrather than a cost, rather than
an expense, a lot of law firmsare like, well, you know, can we
afford IT, or can we just paysomeone on a, as needed fix my
(32:34):
problem basis? And that can endup being more expensive, and I
think it's just the wrongmindset. I think you need to
look at IT as this could help megrow my business. This could
help me make my business morerobust.
It could make my business moresecure. It can make my website
more polished, and so that's theface of my company. And so it it
(32:56):
could it be expensive? Maybe. Itdepends on, you know, what kind
of IT managed provider you'relooking at, but I think it's
better to look at it as aninvestment.
Justin (33:07):
Okay. Mario, any thoughts or questions for
Jonathan?
Mario (33:12):
I mean, do you do you usually get into, you know,
advice on on on with, you know,customers or, like, businesses
that are looking for servicesor, like, what you know, if they
had, like, an issue,
Jonathan (33:29):
you know, where's the direction that you're usually
telling them to look out for?Most of what I've seen
personally is somebody coming inand just being sure that they
have spyware. I'm certain of it.Somehow, he my husband knows
where I am. Somehow, he knowswhat I'm doing, what what I'm
spending, what you know, thatkind of thing.
(33:50):
And so I I I could spend a lotof time helping people, divorce
their spouses digitally as muchas I spend divorcing them
physically, financially,emotionally. So that seems to be
the focus for me at this time.And, of course, there's there's
sort of like a business. It itit carries over because a lot of
(34:12):
my clients in law are they havebusinesses. So they apply the
same sort of knowledge andpractices and, procedures to
their business that they'reemploying in their personal
life.
Justin (34:27):
Alright. I've got one more question. I think we're
gonna maybe we'll make this thelast one, but you said something
and I I hope I heard you right.So clarify if I didn't, but I
wanna talk about, cybersecuritycan help grow my business. Did
you say that?
Did I hear that correctly?
Jonathan (34:42):
I'm speaking more in terms of IT in general. I think
IT does more than cybersecurity.It encompasses more, and I think
it can help to to grow abusiness.
Justin (34:51):
Okay. And I I'm it caught my attention because when
we're looking at yourcompetitor, the lack of
cybersecurity and I'm makingassumptions, obviously. I wasn't
there. I don't know anythingabout their cybersecurity
posture. But, if we assume thatthat was something that they,
could have prevented, certainlythe lack of the cybersecurity
(35:12):
measures help them not growtheir business or help them
shrink their business.
And maybe a firm like yourscould come in and really
demonstrate your cybersecurityposture, and maybe you could
grow your business. Is that,what are your thoughts on that?
Jonathan (35:27):
I think if if a good IT solution helps you grow it,
the converse has gotta be true.A bad IT policy or bad IT
department or a lack thereofentirely has the potential to,
ruin your business at work atbottom or certainly affect your,
customer, what kind of clientsyou attract, how many. And, you
(35:51):
know, candidly, some of myclients are inconvenienced by
some of the security measuresthat I use.
Justin (35:59):
Oh, yeah.
Jonathan (35:59):
I don't wanna have to click a link to download this
attachment. I don't wanna haveto type in a password. I don't
wanna have to get a a two factorcode. Why can't I just just
attach it to the email, please?And they can go somewhere else.
You know, I don't wanna be suedbecause I was convinced to use
something that I don't think isthe right thing to do.
Justin (36:18):
Yeah. I mean, I've I've said before that if
cybersecurity isn't a giant painin your ass, you're doing it
wrong. I I hate that statement.I don't know that I completely
agree with it, but I certainlydon't disagree with it. And then
from, you know, I I do thinkthat there is a business benefit
because we always look at thisas a cost.
Right? IT, cybersecurity, it's acost. It's almost insurance.
(36:39):
Right? We're we're preventingloss.
We're preventing a what if. ButI do believe that there is a way
to demonstrate a strongcybersecurity posture and use
that to build trust, and we knowbusinesses do or people do
businesses Jesus. People dobusiness with those they know,
like, and trust. Right? And soif we can use this as a way to,
(37:00):
gain trust and demonstratetrust, demonstrate that that,
you know, people are giving awaytheir information to us, whether
we're a law firm or a health,you know, a hospital or a
medical practice or, you know,whatever.
We're we're holding we'restewards of this information and
where we can demonstrate andprove that we are taking it
serious. I do believe that thatcould be used as a way to to
(37:21):
grow your business or to atleast, you know, build that
trust factor. So, guys, let's goahead and and move to, key
takeaways and final thoughts.And, you know, we kinda do this
at the end. What if if nothingelse, if somebody just came and
and heard only this one point,what would you want them to take
(37:41):
away from today's episode?
And, Mario, we're gonna startwith you. And then, Jonathan, if
you've got some thoughts, andthen I'll I'll take it home.
Mario, go ahead.
Mario (37:50):
Yeah. I mean, for me, it it's really it it confirms a lot
of the things that we have beentalking about on on this podcast
for for a long time. It's it'sthat you have to do your due
diligence, and, you know, wehave it, you know, directly from
a lawyer that you, you know, ifyou're, neglecting something,
(38:10):
you're not doing, you know, somethings that you're supposed to
be doing, that it it's going toopen the door to not only an
attack, but, you know, possiblykick you while you're down and
get, you know, sued after thefact. So, you know, yes, it it
it it it it it it happens and,you know, you have to do what
(38:33):
you can to avoid it.
Justin (38:35):
Right. Perfect. Alright, Mario. As always, thanks for
being here. Sharing yourthoughts.
Mhmm. Jonathan, your turn. Keytakeaway. What if if somebody
could only remember one thingfrom today's episode, what would
you want that to be?
Jonathan (38:48):
You know, I think you can only leak what you have. And
so maybe you don't wanna collectinformation from your customers
that you don't need. Maybe sitdown and figure out maybe I
don't need, a home address forNetflix. Maybe I don't need a
cell phone number for Domino's.And so if you're just collecting
more data than is necessary, youhave more to spill if you are a
(39:10):
victim of a a leak or breach.
And so collect what you actuallyneed to collect, and then
encryption is your friend onwhat you actually do need to,
collect.
Justin (39:22):
I love that. Those are those are both very, I mean,
brilliant. Well, key concepts.Right? This is this is really
where it starts and it I'll I'llbe honest.
It's not one we talk about alot. I love that line. You could
only leak what you have. I thinksometimes we get sloppy with
what we collect, but also whatwe archive, what we keep. And
and I might just add to it.
(39:43):
Purge that shit. If you don'tneed it, get rid of it. So,
Jonathan, thank you so much forbeing here. I really do
appreciate it.
Mario (39:50):
Justin, I I believe John Jonathan was telling us he's
opening up his own practice.Right?
Justin (39:55):
Yep. Yep. You've got if if somebody were to reach you
for legal, first of all, they'regonna go to steel fam law, s t e
l e f a m l a w dot com.Correct?
Jonathan (40:06):
Yep.
Justin (40:07):
And then do you have a separate website for your
security firm that you'reworking in now?
Jonathan (40:11):
SteelFortress.com. You can reach me there and get your
cybersecurity and privacy,consultation.
Justin (40:18):
Steel Fort and again, steelefortress.com. Appreciate
it. And, you know, I I've saidbefore, I'll say it again. I
learn more on these podcasts of,like, I I'm here for very
selfish reasons, and I I lovebeing able to tap into to your
wisdom to the other guests we'vehad on the show. So thank you so
(40:39):
much again for being here.
Jonathan (40:42):
Thanks for having me.
Justin (40:43):
My my key takeaway, you actually stole it because I was
gonna use I was gonna stealyours, and then you stole it
right back. The, you can onlyleak what you have. So I'm just
gonna use my my generic one.Guys, best practices are your
friend. Make sure that those arein place.
Have a plan of action. Havemilestones. You show that, you
know, to, prove that you'reyou're doing what you're told to
(41:05):
do, what you're supposed to do.What are the best practices?
Have them written out.
Real quick, Jonathan. We I liketo pick on a guy I saw on
Reddit, an MSP owner that hadbeen in the business for thirty
years, and a prospect asked him,what are these best practices?
And he's like, I don't know. Youyou gotta know what they are if
you're gonna be rolling themout. So, identify them, write
(41:26):
them down, measure against them,and make constant progress.
I wish Brian was here todaybecause he would say
cybersecurity is a journey, nota destination. Make small
improvements every day, andthat's what we like to, to teach
people. So, guys, if you haveany other thoughts, questions,
if you wanna contact any of us,our information is available on
unhacked.live. Also, our linksto social media, and a free
(41:48):
assessment if you'd like like togo that route. Any of us and,
Jonathan, I'm a throw you outthere.
Maybe maybe you'll do it, maybeyou won't, but we do free
assessments to people thatlisten to the show and and wanna
come just get a basicunderstanding of what their
cybersecurity posture is. So,join us at unhack.live. And,
other than that, we'll see youguys next week. Take care.
Mario (42:08):
Bye, guys. Thank you.
Justin (42:09):
Bye.
Welcome everybody to episode 41 of UnHacked, where we
empower busy and overwhelmedbusiness owners, the outsmart
Russian hackers. Guys, we talkabout it all the time, the
basics, the best practices. Thisis where it starts. Here's a sad
truth. Ninety seven percent ofthe breaches that we read about
in the news were preventable.
Basic security measures is whatit takes. Once you get hit, you
(00:37):
never truly can't get unhacked.So, that's what we're here for.
We are going to well, today,we're gonna kinda demonstrate
the fact that you can't getunhacked because we've got a
special guest I can't wait tointroduce. Before I bring him
up, we'll bring up the regulars.
I'm Justin Shelley, CEO ofPhoenix IT Advisors, and I work
with businesses in Texas,Nevada, and Utah helping them to
(00:59):
prevent financial loss fromcybercrime, government fines,
and, you know, class actionlawsuits. Got an attorney today,
so I'll be careful about thatone. But that's the new trend.
Right? We're getting sued.
On top of getting breached,we're getting sued after that.
And, maybe, Jonathan, you'llshare some wisdom there as well.
Anyways, that's what I do. Brianis not here today. He's AWOL.
Hopefully, he'll be with us nextweek. But Mario, our regular, as
(01:22):
always, here with that smilingface. Mario, tell everybody who
you are, what you do, and whoyou do it for.
Mario (01:29):
What's up, guys? Mario Zaki, CEO of Mastech IT. We
service, small to medium sizedbusinesses in the New Jersey and
New York area. We've been inbusiness for almost twenty one
years now, and we try, you know,same as, like, what Justin said.
We try to keep small businesses,protected, and, you know, we
(01:51):
specialize in having CEOs sleepbetter at night.
Justin (01:55):
I love that. We need it. We need that sleep. I don't get
a lot of it. Anyways, alright.
That's, that's me. That's Mario.And now, guys, thrilled to
introduce Jonathan Steele. Sothis is, this one kinda threw me
a little bit. Family lawattorney specializing in high
stakes divorces.
(02:17):
And and, Jonathan, while I'mdoing this introduction, do you
have any examples, like, whetherit probably can't name names,
but types of people that yourepresent in high stakes
divorces? What are we talkingabout?
Jonathan (02:28):
Sure. First of all, thanks for having me on your
show. When I say high stakes,I'm referring to usually either
big dollar amounts or custodydisputes with children. There's
no stakes higher than the kids,but some of the, dollar amounts
that we come across areobjectively large.
Justin (02:45):
Okay. So we're talking, like, famous people? Are we
talking about rock stars, moviestars, athletes? That is is that
what kind of the caliber ofpeople you're working with?
Jonathan (02:55):
Yes to all of those.
Justin (02:56):
Jesus. Okay. Did you by chance represent Jeff Bezos?
Bezos. I'm sorry to say.
Jonathan (03:02):
I did not.
Justin (03:03):
Oh, talk about a high stakes divorce. Right? Ouch.
Anyways, shouldn't name names onhere. So not only okay.
You you you're dealing with highstakes cases. You've been
recognized by the Illinois SuperLawyers magazine. Is that the
that's the right title of it.Right? As a rising star, only
the top 2.5 or less than 2.5%get that recognition.
(03:26):
An emerging lawyer, designatedby the leading lawyers magazine,
less than 2% make that one. Imean, it sounds like you
probably know your stuff. Right?Very, very well versed in, in
the world of law. And then Icome across this one, CompTIA
Security Plus.
And I I wish I had the recordscratch sound I could put on
(03:46):
here. But, Jonathan, tell metell me why a family law
attorney is, studying CompTIASecurity plus. And real quick
before you answer that, Mario,have you ever taken that test or
or done that course of study?
Mario (04:01):
Many, many, many moons ago that I I took it, it wasn't,
you know, the most thrillingthing I've done in my life. You
know?
Justin (04:11):
It's not fun. It's not exciting. And listen. This is
kind of a, I don't wanna saybasic or entry level, but it is
one of the first places youstart for security
certifications. You know, it'snot anything like a CISSP, but I
got about three quarters waythrough the book before my brain
caught on fire.
Not a fan. I do, you know, I Ido still have to study this
(04:32):
stuff, but, that's tough. So,Jonathan, tell me why you went
from family law to security orincluded it or whatever, and
tell me how in the hell you gotthrough that course of study,
please.
Jonathan (04:45):
Okay. There's a the multipart question there. Yes. I
I, I've always been interestedin security, privacy in general,
and then COVID hits and courtsshut down, and everybody sort of
left to figure out how do wemove forward with court. And it
like everything in the law, ittook a little bit for the court
system to to adapt and to get onZoom and to do that efficiently.
(05:09):
And so lawyers were twiddlingtheir thumbs. They were they
were learning to bake bread.They were watching Tiger King
and reading books and thingslike that. My rabbit hole was
different. It was prettysecurity focused, pretty privacy
focused, and comp TIA or TIA.
That's right. No.
Justin (05:29):
I probably say it wrong.
Jonathan (05:30):
I would guess you're right. It was just it seemed
like low hanging fruit in thesense that it is one of those
sort of entry level,certifications that lend some
credibility to you know, youknow something about something
to get, certified by them. Andthere is some intersection that
I've come across or if therewasn't, I've forged that
intersection, forcefully. Butthere there is some, I think,
(05:55):
overlap with family law becausewe do a lot of restraining
orders. And so there's, like,spouses tracking spouses and,
you know, using each other'sdevices in ways they shouldn't
be.
So just sort of knowing how tonavigate that has proven to be
beneficial in my law practice aswell.
Justin (06:12):
Okay.
Mario (06:12):
Now if I can interrupt for a second, just for our
listeners that don't know, theCompTIA, this is, you know, a
company that, has sent out, youknow, or has set up, like, a
study for basic, you know, IT.But when we say basic, it it
doesn't mean that it's like, howdo you plug in a computer. It's
the foundation of gettingstarted in the IT support field.
(06:37):
So it is a very, involvedcertification and study, but
it's usually, you know, the onethat, you know, builds up from
there.
Justin (06:46):
And not for the faint of heart. So, Jonathan, tell me
your experience going throughthat. Did you find it to be
harder than you expected? Wasit, you're just this is your
natural habitat. You blewthrough it, pass a test with
flying colors.
How how was that for you takingthat test?
Jonathan (07:02):
Probably unique.
Justin (07:03):
Okay. You
Jonathan (07:04):
know, my experience with the bar is similar. But in
in terms of this exam, I boughtthe materials as, like, a pack
with the the exam entrance fee.And like you, I started bright
eyed and bushy tailed. I startedreading, and it's dense reading
Justin (07:21):
material.
Jonathan (07:21):
So then I said, okay. You know, I don't have time
right now to read 1,200 pagePDF. Let me skip to the quiz and
see, do I do well enough? And soI took the first, like, 20 or 30
questions, checked them, gotmost of them right, and said,
I'm probably good. I laterrealized that those first twenty
or 30 questions are all on thefirst chapter, so I didn't
(07:44):
really give myself a good,sample of what the full exam was
gonna be like.
And I walked into it, of course,not knowing what I had gotten
myself into. They took it veryseriously. It's like, you know,
you can't bring anything intothe exam. They made me roll up
my sleeves to show I didn't havenotes. That was sort of the
point where I realized, wow.
What did I get myself into? AndI guess it's because it's sort
(08:05):
of like an entry level toDepartment of Defense too, so
they wanna make sure thateverybody's, you know, doing the
right thing. And the very firstquestion that I sat down to
answer, I almost left the exam.It it you know how sometimes
there's a control question whereit's not actually part of the
scoring, and it's like they'reusing you as a guinea pig? My
guess is this was one of those.
(08:26):
It was a very confusing orcomplex simulation, and it
wasn't, like, a multiple choicequestion. It was a, here's a
network. One of the computers isinfected with a virus, peruse
the logs, trace down the sourceof the infection, and which
machines have been infected,and, you know, just using a ton
(08:47):
of terminology that, made methink, okay. I got myself in
over my head. I wasted money onthis exam.
I might as well leave, but Ipassed. So wasn't surprised.
Yep.
Justin (08:58):
Without reading the course material?
Jonathan (09:01):
I I read some of it.
Justin (09:02):
Okay. Well, I write legal terms here. I I no.
Listen. I'm impressed.
I'm just gonna say I'mimpressed. I did not try to take
the test. And I I will say, likeand the reason I'm spending so
much time on this is becauseI've been through the other
CompTIA, beginners courses, andI'm putting that in quotes
because, like, the network plus,the what's the first one, Mario?
Mario (09:25):
A plus.
Justin (09:26):
A plus. Yeah. A plus network plus. Those I consider
to be pretty basic. So I grabbedthe security plus one, thought,
no problem.
This will be a breeze. Not somuch. Anyways, I find my, I do
my study in other ways. But thatwas, like I said, I I I saw that
about you. That's definitelywhat caught my attention, why I
wanted you on here.
(09:46):
And and I I'd like to ask, doyou have is it do you do two
things? Are you an attorneypracticing and also do
cybersecurity consulting, orhave you transitioned from one
to the other?
Jonathan (09:58):
I do both.
Justin (10:00):
Okay. Simultaneously. And I'm gonna go ahead and just
plug your other company realquick. I pulled this straight
off of your website orsomewhere. At Steel Fortress,
Jonathan leverages his uniqueblend of legal and cybersecurity
expertise to providecomprehensive cybersecurity and
privacy consulting services.
This is like you couldn't writea better fit for what we wanna
talk about here, so I love it.His deep understanding of both
(10:22):
the legal and technical aspectsof cybersecurity and privacy
make him a valuable asset to anyorganization looking to bolster
their security posture andnavigate the complex landscape
of cybersecurity laws andregulations. Now, the reason
this caught my attention,Jonathan, is because I got into
the business that I'm in becauseI like to plug modems into
(10:43):
motherboards on my Apple two e,my dad's Apple two e back in the
day. And that, do you know,evolved into a love of
technology and and tech. Thenone day, on a fateful Friday
afternoon, I got a call from aclient, and I'm fast forwarding
to after I'd started mybusiness, computer repair, and I
(11:03):
was facing a full blownransomware attack.
But I thought I was adequatelyprepared for, and I did learn
that I had a lot to learn. So Ididn't go into this on purpose,
but here we are. It is now whatI do all day every day, which is
study and protect againstcybersecurity. But not only did
I accidentally evolve fromtechnology to fighting Russian
(11:24):
crime rings, but now I'm into,I'm obviously not an attorney,
but we have to fight againstlawsuits. That's that's the next
evolution of this.
So perfect fit is what I'msaying. I I love your background
and and can't wait to talk moreabout it. So with that, guys,
we're gonna kinda jump into whatI really wanted to talk about is
(11:45):
because we like to quantify thedamage done in an in an attack.
Always there is financial loss,no matter what. I'm not gonna
get into there's, like, ahundred different ways we can
lose money financially.
What we don't always talk aboutthough is the emotional impact
or the reputation impact. So,Jonathan, you have a competitor,
(12:07):
and I I just wanna punt this toyou and let you do what you will
with it. But tell me a littlebit about this other firm that
was breached and, you know,maybe what they could have done
to prevent it if you wanna talkabout that. Or at a minimum,
what was, like, the the impactto this organization post
breach?
Jonathan (12:25):
Yeah. So, there's give or take three big, family law
firms in the city of Chicago.We're one of them. And we tend
to spar against each other justin terms of clientele. We we
attract the same kinds of,cases.
And one of those competitors anumber of years ago, was the
victim of, I believe it wasransomware. And so they were
(12:49):
shut down, for it was a a shorttime, but when you've got fifty,
sixty lawyers that bill by thehour, a short time becomes an
expensive time.
Justin (12:59):
Yeah.
Jonathan (12:59):
And also to your point, the reputational impact
far exceeds whatever they endedup paying, to get their files
back. Because, again, if you areone of three large family law
firms that's attractingpoliticians and celebrities and,
you know, athletes and thingslike that, and your firm has
(13:23):
just been in the news forleaking all of their data,
you're probably gonna go to oneof the other three, because as
divorce lawyers, we have everykind of data about clients that
you could imagine. We have theirkids' medical records. We have
their medical records. We havetheir tax returns, their bank
statements, their wills, youname it.
If there if there's somethingthat's, classified as PII, we
(13:47):
have all of it. So if we'releaking data as a family law
firm, those effects are aredevastating to the people whose
data we've leaked. And so from areputational perspective, it's a
tough one to bounce back from.
Justin (14:01):
Yeah. Dealing
Mario (14:02):
with people that by not like, by nature are trying to
stay under the radar as much aspossible. So when something like
this is leaked, it's far frombeing under the radar. Now
you're center of attention. Now,you know, this athlete or so and
so is now you know, everybodyknows not only they're getting a
(14:22):
divorce, but, you know, whatother, things that they probably
were trying to hide. So that itit's a very bad, situation to be
Jonathan (14:33):
in. You're you're absolutely right. A lot of the
reason people come to us isbecause we, we exercise
discretion. We know we'rerepresenting public figures, and
so we keep as little personallyidentifiable information in the
public record as possible. Youknow, normally, if we're a lot
of, run of the mill divorces,you'll just enter your your
(14:55):
judgment for divorce, and it'spublic record.
And anybody can go online andread it. We will normally do,
like, a one page judgment thatgoes in the public record when
the longer agreement is sort ofincorporated by reference and
it's not in the public record.And that's just something we do
to keep, you know, parentingschedules out of the record, to
keep how an estate is dividedout of the record what people
(15:17):
earn. And so if we go to allthat effort to to keep their
information private and thenjust leak everything, their tax
returns, their Social Securitynumbers, and everything. We've
undone all the effort we putinto keeping them private.
Mario (15:34):
That's that's,
Justin (15:35):
it's like going have no. Go ahead, Mario.
Mario (15:38):
I was it it's just like, I it seems like, you know,
you're you you know, when you goto somebody and say, hey. Could
you keep a secret? And they justturn around and tell the whole
world, like, you know, like,that's exactly what's happening
there. You know, I think it
Jonathan (15:52):
it's to their defense, maybe it's more like writing
down the secret and then justleaving it in the, you know, the
village square or something. Ididn't tell everybody. I just
wrote it down and made itavailable to everybody.
Mario (16:05):
Exactly.
Justin (16:07):
Do you happen to know any any numbers of as far as
financial impact of of thatparticular breach?
Jonathan (16:14):
I don't know the the the exact numbers. I can do
rough math and say that firm has40 lawyers that are probably
averaging 4 or $500 an hour. Soevery hour is a a large amount
of money that they're losing,and I think they were offline
almost entirely for over a week,because they had no access to
(16:37):
their client files. I do thinkthey ended up paying the ransom,
and that's that's how they gottheir files back. But being
offline for a week, it it maysound like a small amount of
time, but when you have hundredsand hundreds of clients with
active cases and you're in andout of court and, you know,
you're getting motions fromfirms that aren't offline,
(16:59):
you're at a distinctdisadvantage before you even
start to calculate that sort ofreputational impact.
Mario (17:06):
So okay. This is millions of dollars just in a week.
Justin (17:10):
Yeah.
Mario (17:11):
Millions is Yeah. Just per week.
Justin (17:14):
In the initial. Right? And and not counting, like,
we're talking about the theongoing reputational damage,
lost cases moving forward. Thisis a burning question I've gotta
ask because it's something thatI'm seeing more and more. I'm
talking about more and more isthe the lawsuits that come on
the heels of an attack likethis, showing my ignorance, do
(17:34):
law firms get sued in cases likethis?
Do you have any idea if theywere sued for for that breach?
Jonathan (17:41):
You know, I think it depends on how the the breach
happened. If you were employingsort of best practices and all
your data was encrypted and youdid everything you were supposed
to do, is there a lawyer outthere that will find a way to
sue you anyway? Yeah. There aresome unscrupulous lawyers that,
you know, you dangle a coupledollars in front of them, and
(18:02):
they're gonna come runningwhether there's a valid claim or
not. But if they were doingsomething negligent, if they,
you know, were storing all ofthis stuff unencrypted or if
they left open, like, an SSHport on their firewall or, you
know, just did something,imprudent.
I'll say that. And you'redefinitely giving rise to
(18:25):
litigation because you werenegligent. You were not
employing the best practices. SoI don't know whether that this
particular law firm ended up, onthe receiving end of a lawsuit.
Justin (18:36):
Okay. And I
Jonathan (18:36):
again, I just think I think it would hinge on how it
happened.
Justin (18:40):
Do you and here's just a a thought or a question. Do you
see yourself moving into,defending in cases like this
with your background in bothcybersecurity and law? It seems
like that'd be a great fit.
Jonathan (18:54):
I I could see myself more so being on the prosecuting
side of that than the defendingside. You know, there are
certain things that are acceptedas quote, unquote best practices
Justin (19:04):
Right.
Jonathan (19:04):
In what we do specifically. And I would
challenge that. I wouldchallenge whether or not using
Outlook, using Gmail is bestpractices because those emails
are encrypted in transit, andthey're encrypted on Outlook's
server. But that means it'sprivate between you, your
client, and Microsoft. Right.
So if if we have, an ethicalobligation to protect privilege,
(19:29):
I would say you're not doing theright thing if you're not using
an end to end encrypted emailprovider. And that's that's just
one example. And I think, youknow, emails and attachments to
emails that are sent during thecourse of litigation are very
often not intercepted in thesense that somebody hops in the
middle and takes the data. Butvery often, one spouse has the
(19:52):
other spouse's, credentials, andso they sign into their email.
And then all of a sudden, it'sjust a treasure trove of
information because it's all theattachments from the lawyer.
So I would, you know, I pushpeople towards end to end
encryption for email, but alsofile sharing as opposed to
attachments to emails. I wouldsay that's not best practices.
So I would like to, at somepoint in my life, be on the
(20:15):
prosecuting end of that becauseI do think it would sort of
incentivize law firms to step itup in terms of what is a best
practice.
Justin (20:22):
Right.
Mario (20:23):
I I have one question. That that other firm, are are
they still one of the top three?Are they still in business? Yep.
Jonathan (20:32):
Yes to both. Okay.
Justin (20:37):
Alright. As far as the email encryption goes, it it no.
It's it kinda reminds me of themisconception people have about
moving to the cloud. You know,they're they're, they don't need
to worry about security becauseall of their stuff's in the
cloud. It's, it's somebodyelse's problem.
And what I like to remind peopleis that if you can get to your
data, a bad guy can get to yourdata. All they have to do is
(20:59):
access your computer. And ifyou're not protecting your
computer, you know, you'reyou're opening up yourself, your
clients, your patients, yourcustomers, whatever you call
them, and and all of theirinformation. So, you know, we we
are stewards of this stuff, andit it is something that we need
to take very seriously. To yourpoint about best practices, you
know, I I think in in a lot ofcases, I'm kind of curious about
(21:21):
your take on this, but I thinkpublished frameworks are are
really the best answer in thatcase.
We've got a lot of them tochoose from, and some of them
are forced on us through, youknow, regulation. But, also, you
know, we just have, like, c eCIS, for example, which is kind
of an agreed upon bestpractices, in the industry. What
are your thoughts on that usingthese frameworks and and proving
(21:44):
that you've been at least makingprogress towards compliance on
them. Would would that be a bestpractice in your mind as far as,
you know, when somebody sued orlitigate? I don't know the right
word for this.
Jonathan (21:54):
I think it's better than nothing. And I think saying
that you're employing bestpractices, even if I may not
view it as a best practice, ifyou are following what is
accepted generally, is gonna bea valid defense. So I think if
you're if you're following anestablished framework, great. My
concern is similar to a legalconcern is that, some of those
(22:16):
best practices, some of thoseframeworks, some of the
regulation that you madereference to is just very slow
to adapt. It's resistant tochange by its very nature, and
stuff is changing.
Attack factors are changing. Thethreat landscape is changing
constantly. And so it's a catand mouse game. And, you know,
if you are following what wasbest practices yesterday, you
(22:40):
may be in trouble today.
Justin (22:43):
Fair. That's a good point. Alright. Let's, let's
move on to security. So we we doa cybersecurity tip on here.
And, I mean, listen, I gotdivorced two years ago, so this
is intriguing to me. It's over.It's done. You know, luckily, it
was it was amicable. There werewasn't a lot of you know, we did
(23:05):
it ourselves.
We didn't have attorneysinvolved. There wasn't custody
battles or anything like that.But what does as business
owners, everything we have isalready at risk. And where a
divorce comes into play in in myunderstanding is, correct me if
I'm wrong, if I own a businessand I get divorced, that
business is a marital asset,which could be divided in half.
(23:28):
Right?
That's question number one.
Jonathan (23:30):
The the the answer is sort of it depends.
Justin (23:33):
Okay.
Jonathan (23:34):
And you're always gonna get that kind of answer
out of a lawyer as opposed toSure. You know? And the reason I
say that is because if thebusiness was started during the
marriage, then you're you'regonna have that marital
presumption. If it was startedbefore the marriage, you're not.
But then even within those twobuckets is also where did the
money come from.
So you might have started itduring the marriage, but, you
(23:55):
used money that you had frombefore. And so you could have an
argument that it's still notmarital even though it was
started during the marriage.
Justin (24:03):
Okay.
Jonathan (24:06):
I Where did I
Justin (24:07):
Oh, yeah. Go ahead, Mario.
Mario (24:09):
So this is a question, and we we have discussed it in
the industry several times. Youknow, we we we meet on a weekly
accountability group, and thisis something that comes up all
the time. What are and I knowevery state is different, but in
a general, you know, rule ofthumb or some we come across a
(24:32):
lot of times, we we sit downwith a business owner. They're
not happy with their existing ITcompany either because of a
breach or because of something,and they're kind of locked into,
you know, some sort of contractor there could be not
necessarily in a contract. Butthe existing, IT company or MSP
does not wanna relinquish orprovide them their passwords or
(24:55):
give them access to their stuff.
You know? To me, that that seemslike it's almost a form of
ransom, you know, because theyou know, they're holding him
hostage. They're saying we'renot gonna give you this stuff
or, you know, you're you'reyou're this is the stay with us.
We're not providing it. Youknow, from a lawyer, what what
(25:15):
is what do you usually say orwhat do you think about that?
Jonathan (25:20):
I come across a similar, but different
circumstance where sometimes alawyer will get fired during the
pendency of the case, and youcome in to replace them. And
they say, we're not giving youthe client file for whatever
reason. Maybe the client owesmoney, and when they pay, then
we'll give you their file.That's not a that's not a thing.
(25:42):
That file does not belong to thelawyer.
Those passwords and credentialsdon't belong to the MSP. Those
are the company, the business's,credentials. Those are their
passwords. So if they get fired,you know, maybe they have a
claim for, you know, unpaidwages at the end of their
contract or maybe your,cancellation termination fee.
(26:04):
But holding your data, yourcredentials, your access to your
data ransom, I I don't think isappropriate.
Justin (26:15):
Yeah. It it does. It gets thrown around thrown around
a lot. The the question ofwhat's ethical, what what's
allowed, what's legal. I don'tknow.
Mario (26:24):
But
Justin (26:25):
yeah. Yeah. It's a battle I'm spending time. Yeah.
And then, unfortunately,sometimes you have to engage
with somebody, you know, like a
Mario (26:27):
lawyer, unfortunately, sometimes you have to engage
with somebody, you know, like alawyer, you know, and sometimes
it could just be a letter from alawyer. Like, listen. You know,
you are to pass these thisinformation as soon as possible.
But, unfortunately, they feellike, you know what? We're not
you're, you know, halfwaythrough a three year contract.
(26:49):
You have you know, we're notgiving you anything, you know,
and we're not allowing you to goin there and, you know, it has
to be through us, and we're notdoing it for you until you give
us, you know, passwords orsorry. You give us money or
whatever. To me, that that'sransom. You know? Like, they're
they're they're not providingyou with the information that
you belongs to you because, youknow, of money or whatever
(27:12):
reason.
Jonathan (27:14):
I I see them as, separate. You know, they may
very well have a claim to money.They may very well have you
know, maybe you didn't have,under the contract, the right to
terminate your agreement early.And that's gonna be contract
specific, whether or not there'sa penalty, whether or not
there's a notice requirement,that kind of thing. But it's
(27:34):
wholly separate and apart fromyou having access to your data
and your passwords.
Justin (27:40):
Right.
Mario (27:42):
Yeah.
Justin (27:43):
So what should a business owner be concerned
about? What should he do he shedo to prepare, for, you know,
the and again, I don't thinkanybody most of us don't sit
around and plan to get divorced.I certainly didn't think it was
coming. But what would be youradvice to business owners to be
be more prepared? You know, ifif a divorce happens, what do
(28:07):
they need to worry about?
Jonathan (28:09):
I mean, just keeping records. You know, sometimes
you'll see somebody lose a lotof money because they couldn't
trace something to beingnonmarital. And had they kept
better records, maybe thatwouldn't have happened. So, you
know, I think keeping recordsof, you know, your tax filings,
(28:29):
distributions that are comingout to your, your partners,
keeping a separation ofexpenses. So a lot of times,
you'll see in a divorce case,somebody will tout a, an
artificially low salary becausetheir business is picking up all
their personal expenses.
The business is paying a leasefor a car, paying for gas,
(28:50):
paying for restaurants, payingfor entertainment and travel.
And you're gonna have your ownissues with the IRS on some of
that stuff, but you're alsogonna have some issues in your
divorce case because a lot ofthat is gonna be add backs in
terms of what is your actualincome. And, you know, divorce
judges are they're not strangersto the concept of, I was making
(29:11):
a lot of money, and then thedivorce came and, my business
isn't doing so good anymore.Right. They see you see it every
day.
So
Justin (29:19):
Okay. What about and and, you know, this is probably
more general question becauseit's not just business owners
that get divorced, but regardingcybersecurity and and keeping
our information private andprotected, what do we need to do
to prevent divorce from gettingugly?
Mario (29:38):
You know, I think it it
Jonathan (29:40):
it's the same sort of cyber hygiene before, during,
after a divorce. I think just,you know, all these best
practices. I I know I'moverusing that term, but anytime
you, like, open your news feedand read what are the top 10
cybersecurity advice, they'rethey're pretty similar. Right?
There's Right.
Use unique passwords, use apassword manager, use a VPN on
(30:03):
public Wi Fi, although thatone's less of a concern
nowadays, and things like that,and keep your devices updated.
Those are gonna be similar, pre,during, and post divorce. Some
of the divorce specific ones isis more around data sharing
access, like what you have givenaccess to, knowingly,
(30:24):
unknowingly. Maybe you gave,location access to your husband
fifteen years ago, and you'rejust not aware that he still has
access. Or maybe you're sharingyour photo album and you didn't
know, or maybe you're sendingphotos and they have metadata.
So you you just have to be alittle bit more vigilant about
what data you're giving to whoand, how long that that access
(30:48):
is is in place.
Justin (30:51):
Okay. Alright. We're we're, gonna kinda start
wrapping this up, but I wantedto sign off with just general,
business advice to, you know,our target audience, we we speak
to small and midsize businesses.So, you know, your firm,
probably that that size rangeand down is really where we
(31:12):
where we focus. So from astandpoint of cybersecurity,
from the standpoint of justbusiness best practices, what
would you tell the businesscommunity?
You know, what share some someof your, life experiences with
us.
Jonathan (31:29):
You know, it's I don't look at it as a if question, if
we're gonna leak data, if we'regonna get hacked, if we're gonna
get ransomware. You gotta lookat it as when and have a plan in
place beforehand. Because tryingto clean that up afterwards, you
can go to the best ITdepartments and professionals in
(31:49):
the world, and they can'tdecrypt encrypted files that
have been encrypted with anysort of real encryption. And so
you're you've you're behind theeight ball right off the bat. So
I think having a plan in placefor, you know, if you've leaked
data, if you've been the victimof a data breach, you need to
have a a notification method inplace.
(32:11):
So you're telling yourcustomers, in a timely way and
allowing them to do somethingabout it. And then I think just
looking at, IT as an investmentrather than a cost, rather than
an expense, a lot of law firmsare like, well, you know, can we
afford IT, or can we just paysomeone on a, as needed fix my
(32:34):
problem basis? And that can endup being more expensive, and I
think it's just the wrongmindset. I think you need to
look at IT as this could help megrow my business. This could
help me make my business morerobust.
It could make my business moresecure. It can make my website
more polished, and so that's theface of my company. And so it it
(32:56):
could it be expensive? Maybe. Itdepends on, you know, what kind
of IT managed provider you'relooking at, but I think it's
better to look at it as aninvestment.
Justin (33:07):
Okay. Mario, any thoughts or questions for
Jonathan?
Mario (33:12):
I mean, do you do you usually get into, you know,
advice on on on with, you know,customers or, like, businesses
that are looking for servicesor, like, what you know, if they
had, like, an issue,
Jonathan (33:29):
you know, where's the direction that you're usually
telling them to look out for?Most of what I've seen
personally is somebody coming inand just being sure that they
have spyware. I'm certain of it.Somehow, he my husband knows
where I am. Somehow, he knowswhat I'm doing, what what I'm
spending, what you know, thatkind of thing.
(33:50):
And so I I I could spend a lotof time helping people, divorce
their spouses digitally as muchas I spend divorcing them
physically, financially,emotionally. So that seems to be
the focus for me at this time.And, of course, there's there's
sort of like a business. It itit carries over because a lot of
(34:12):
my clients in law are they havebusinesses. So they apply the
same sort of knowledge andpractices and, procedures to
their business that they'reemploying in their personal
life.
Justin (34:27):
Alright. I've got one more question. I think we're
gonna maybe we'll make this thelast one, but you said something
and I I hope I heard you right.So clarify if I didn't, but I
wanna talk about, cybersecuritycan help grow my business. Did
you say that?
Did I hear that correctly?
Jonathan (34:42):
I'm speaking more in terms of IT in general. I think
IT does more than cybersecurity.It encompasses more, and I think
it can help to to grow abusiness.
Justin (34:51):
Okay. And I I'm it caught my attention because when
we're looking at yourcompetitor, the lack of
cybersecurity and I'm makingassumptions, obviously. I wasn't
there. I don't know anythingabout their cybersecurity
posture. But, if we assume thatthat was something that they,
could have prevented, certainlythe lack of the cybersecurity
(35:12):
measures help them not growtheir business or help them
shrink their business.
And maybe a firm like yourscould come in and really
demonstrate your cybersecurityposture, and maybe you could
grow your business. Is that,what are your thoughts on that?
Jonathan (35:27):
I think if if a good IT solution helps you grow it,
the converse has gotta be true.A bad IT policy or bad IT
department or a lack thereofentirely has the potential to,
ruin your business at work atbottom or certainly affect your,
customer, what kind of clientsyou attract, how many. And, you
(35:51):
know, candidly, some of myclients are inconvenienced by
some of the security measuresthat I use.
Justin (35:59):
Oh, yeah.
Jonathan (35:59):
I don't wanna have to click a link to download this
attachment. I don't wanna haveto type in a password. I don't
wanna have to get a a two factorcode. Why can't I just just
attach it to the email, please?And they can go somewhere else.
You know, I don't wanna be suedbecause I was convinced to use
something that I don't think isthe right thing to do.
Justin (36:18):
Yeah. I mean, I've I've said before that if
cybersecurity isn't a giant painin your ass, you're doing it
wrong. I I hate that statement.I don't know that I completely
agree with it, but I certainlydon't disagree with it. And then
from, you know, I I do thinkthat there is a business benefit
because we always look at thisas a cost.
Right? IT, cybersecurity, it's acost. It's almost insurance.
(36:39):
Right? We're we're preventingloss.
We're preventing a what if. ButI do believe that there is a way
to demonstrate a strongcybersecurity posture and use
that to build trust, and we knowbusinesses do or people do
businesses Jesus. People dobusiness with those they know,
like, and trust. Right? And soif we can use this as a way to,
(37:00):
gain trust and demonstratetrust, demonstrate that that,
you know, people are giving awaytheir information to us, whether
we're a law firm or a health,you know, a hospital or a
medical practice or, you know,whatever.
We're we're holding we'restewards of this information and
where we can demonstrate andprove that we are taking it
serious. I do believe that thatcould be used as a way to to
(37:21):
grow your business or to atleast, you know, build that
trust factor. So, guys, let's goahead and and move to, key
takeaways and final thoughts.And, you know, we kinda do this
at the end. What if if nothingelse, if somebody just came and
and heard only this one point,what would you want them to take
(37:41):
away from today's episode?
And, Mario, we're gonna startwith you. And then, Jonathan, if
you've got some thoughts, andthen I'll I'll take it home.
Mario, go ahead.
Mario (37:50):
Yeah. I mean, for me, it it's really it it confirms a lot
of the things that we have beentalking about on on this podcast
for for a long time. It's it'sthat you have to do your due
diligence, and, you know, wehave it, you know, directly from
a lawyer that you, you know, ifyou're, neglecting something,
(38:10):
you're not doing, you know, somethings that you're supposed to
be doing, that it it's going toopen the door to not only an
attack, but, you know, possiblykick you while you're down and
get, you know, sued after thefact. So, you know, yes, it it
it it it it it it happens and,you know, you have to do what
(38:33):
you can to avoid it.
Justin (38:35):
Right. Perfect. Alright, Mario. As always, thanks for
being here. Sharing yourthoughts.
Mhmm. Jonathan, your turn. Keytakeaway. What if if somebody
could only remember one thingfrom today's episode, what would
you want that to be?
Jonathan (38:48):
You know, I think you can only leak what you have. And
so maybe you don't wanna collectinformation from your customers
that you don't need. Maybe sitdown and figure out maybe I
don't need, a home address forNetflix. Maybe I don't need a
cell phone number for Domino's.And so if you're just collecting
more data than is necessary, youhave more to spill if you are a
(39:10):
victim of a a leak or breach.
And so collect what you actuallyneed to collect, and then
encryption is your friend onwhat you actually do need to,
collect.
Justin (39:22):
I love that. Those are those are both very, I mean,
brilliant. Well, key concepts.Right? This is this is really
where it starts and it I'll I'llbe honest.
It's not one we talk about alot. I love that line. You could
only leak what you have. I thinksometimes we get sloppy with
what we collect, but also whatwe archive, what we keep. And
and I might just add to it.
(39:43):
Purge that shit. If you don'tneed it, get rid of it. So,
Jonathan, thank you so much forbeing here. I really do
appreciate it.
Mario (39:50):
Justin, I I believe John Jonathan was telling us he's
opening up his own practice.Right?
Justin (39:55):
Yep. Yep. You've got if if somebody were to reach you
for legal, first of all, they'regonna go to steel fam law, s t e
l e f a m l a w dot com.Correct?
Jonathan (40:06):
Yep.
Justin (40:07):
And then do you have a separate website for your
security firm that you'reworking in now?
Jonathan (40:11):
SteelFortress.com. You can reach me there and get your
cybersecurity and privacy,consultation.
Justin (40:18):
Steel Fort and again, steelefortress.com. Appreciate
it. And, you know, I I've saidbefore, I'll say it again. I
learn more on these podcasts of,like, I I'm here for very
selfish reasons, and I I lovebeing able to tap into to your
wisdom to the other guests we'vehad on the show. So thank you so
(40:39):
much again for being here.
Jonathan (40:42):
Thanks for having me.
Justin (40:43):
My my key takeaway, you actually stole it because I was
gonna use I was gonna stealyours, and then you stole it
right back. The, you can onlyleak what you have. So I'm just
gonna use my my generic one.Guys, best practices are your
friend. Make sure that those arein place.
Have a plan of action. Havemilestones. You show that, you
know, to, prove that you'reyou're doing what you're told to
(41:05):
do, what you're supposed to do.What are the best practices?
Have them written out.
Real quick, Jonathan. We I liketo pick on a guy I saw on
Reddit, an MSP owner that hadbeen in the business for thirty
years, and a prospect asked him,what are these best practices?
And he's like, I don't know. Youyou gotta know what they are if
you're gonna be rolling themout. So, identify them, write
(41:26):
them down, measure against them,and make constant progress.
I wish Brian was here todaybecause he would say
cybersecurity is a journey, nota destination. Make small
improvements every day, andthat's what we like to, to teach
people. So, guys, if you haveany other thoughts, questions,
if you wanna contact any of us,our information is available on
unhacked.live. Also, our linksto social media, and a free
(41:48):
assessment if you'd like like togo that route. Any of us and,
Jonathan, I'm a throw you outthere.
Maybe maybe you'll do it, maybeyou won't, but we do free
assessments to people thatlisten to the show and and wanna
come just get a basicunderstanding of what their
cybersecurity posture is. So,join us at unhack.live. And,
other than that, we'll see youguys next week. Take care.
Mario (42:08):
Bye, guys. Thank you.
Justin (42:09):
Bye.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Boysober
Have you ever wondered what life might be like if you stopped worrying about being wanted, and focused on understanding what you actually want? That was the question Hope Woodard asked herself after a string of situationships inspired her to take a break from sex and dating. She went "boysober," a personal concept that sparked a global movement among women looking to prioritize themselves over men. Now, Hope is looking to expand the ways we explore our relationship to relationships. Taking a bold, unfiltered look into modern love, romance, and self-discovery, Boysober will dive into messy stories about dating, sex, love, friendship, and breaking generational patterns—all with humor, vulnerability, and a fresh perspective.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.