Jonathan Steele
Family Law Attorney and Partner at Beermann LLP
Jonathan D. Steele is a skilled family law attorney, known for his strong handling of divorce, child custody, and paternity cases. He blends legal expertise with digital protection strategies, ensuring both personal and digital security for his clients. Jonathan’s career began at Nadler, Pritikin & Mirabelli LLC before advancing to Beermann LLP, where he quickly rose to partner.
Recognized by Illinois Super Lawyers as a Rising Star and by Leading Lawyers as an Emerging Lawyer, Jonathan has also been named one of the top 10 family law attorneys under 40 by the American Institute of Family Law Attorneys and the National Academy of Family Law Attorneys.
With advanced knowledge of Illinois law and rules, Jonathan also holds a CompTIA Security+ certification, merging law with cybersecurity at Steele Fortress.
Connect with Jonathan steele:
Stop, slow down, put your phone down.
Jonathan Steele
Episode 142
Listen now
Brief summary of show:
Protect Your Law Firm from Digital Hackers Now! In today’s episode of Counsel Cast, “How Can Your Law Firm Stay Ahead of Digital Hackers? with Jonathan Steele,” we explore the critical intersection of cybersecurity and law firm marketing with cybersecurity expert Jonathan Steele.
In this conversation, Jonathan Steele, a divorce attorney specializing in cybersecurity, discusses the critical importance of cybersecurity for law firms. He highlights common threats such as phishing and email compromise, and emphasizes the need for proactive measures to protect sensitive information. The discussion covers the legal implications of cybersecurity negligence, the importance of maintaining updated security practices, and the role of encryption in safeguarding data. Steele also provides practical tips for law firms to enhance their cybersecurity posture and protect their clients’ information.
Don’t just listen—take action!
Apply these strategies to see real results
Show Notes
Protect Your Law Firm from Digital Hackers Now!
In today’s episode of Counsel Cast, “How Can Your Law Firm Stay Ahead of Digital Hackers? with Jonathan Steele,” we explore the critical intersection of cybersecurity and law firm marketing with cybersecurity expert Jonathan Steele.
🔍 Episode Highlights:
- Discover the latest digital threats targeting law firms and how to safeguard sensitive client information.
- Jonathan Steele shares expert tips on merging cybersecurity with your law firm’s digital strategy.
- Learn about AI-driven cyber attacks and how local SEO can expose law firms to new vulnerabilities.
- Uncover best practices for securing your law firm’s website and protecting against hackers.
🎙️ In This Episode:
- We dive into how law firms can defend themselves against evolving digital threats.
- Jonathan Steele reveals the cybersecurity gaps law firms often overlook and how to fix them.
- Explore how AI search and local SEO can be double-edged swords for your law firm’s security.
- Gain actionable insights on protecting your firm’s reputation and client trust through robust cybersecurity measures.
Jonathan Steele gives listeners actionable tips on:
00:00 Introduction to Cybersecurity in Law Firms
02:01 Understanding Cyber Threats to Law Firms
09:15 Preventing Email Compromise and Domain Issues
12:39 Importance of Email Security Records
14:51 Evaluating IT Security and Legacy Systems
20:08 Legal Implications of Cybersecurity Negligence
24:58 Ongoing Cybersecurity Practices
27:24 Recommended Resources for Cybersecurity
30:41 The Role of Encryption in Data Security
32:24 Personal Security in Family Law Contexts
36:33 Final Thoughts on Cybersecurity Awareness
Jonathan Steele's Book
This week, we’re spotlighting Extreme Privacy by Michael Bazzell as the latest addition to our Thought Leaders Library! Chosen by cybersecurity expert Jonathan Steele, this book offers invaluable insights into protecting your privacy in an increasingly digital and connected world.
🔐 Why This Book? In Extreme Privacy, Michael Bazzell provides step-by-step strategies for individuals and businesses to safeguard their most sensitive data. From handling personal information to securing your business, this book equips you with the knowledge needed to stay one step ahead of potential cyber threats.
From the publisher:
Michael Bazzell has helped hundreds of celebrities, billionaires, and everyday citizens disappear completely from public view. Many of his previous books about privacy were mostly REACTIVE and he focused on ways to hide information, clean up an online presence, and sanitize public records to avoid unwanted exposure. This textbook is PROACTIVE. It is the complete guide he would give to any new client in an extreme situation. It leaves nothing out and provides explicit details of every step he takes to make someone completely disappear, including legal documents and a chronological order of tasks. For many, this is the only manual needed to secure a new private life.
Extreme Privacy by Michael Bazzell
Show Transcript
Here, you’ll find a detailed, word-for-word account of the insightful conversation from this episode. Whether you’re revisiting key takeaways or catching up on what you missed, this transcript is a valuable resource for diving deeper into the expert advice shared by our guest. Enjoy exploring strategies, tips, and actionable insights tailored to help lawyers and law firms grow their practice through effective marketing!
Jonathan Steele (00:10.629)
hi. Thanks for having me on your show. I’m Jonathan, Jonathan Steele. I’m a divorce attorney in Chicago with a specialty or a focus on cybersecurity and privacy.
Karin Conroy (00:22.242)
Jonathan, thank you so much for being here today. We are talking about cybersecurity, AI, how that relates to your law firm and why it’s important. feel like it’s kind of obvious why it’s important, but you’d be surprised how many times I have had clients or even potential clients where their sites are hacked or they’re having some security issue and all of a sudden they just like, it never occurred to them that this was a thing that could happen and they’d
They just don’t really put the pieces together of how it happens, why it happens, what they should have done different, all of that stuff. So the title for today’s show is, How Can Your Law Firm Stay Ahead of the Digital Hackers? And so thank you for being here to begin with. I appreciate this conversation. feel like I talk about it a lot, but I think a lot of people set it aside. It’s kind of like this thing that, you know,
My car got broken into this past weekend and it’s one of those things that you have. have the locks. have a, security system, but they popped a window and you kind of never think it’s going to happen, you know, and you, when it actually happens, you’re like, is this real? Is this really happening? So let’s talk about these things that you really don’t. There’s, there’s one little part of your brain that thinks some of these things are never going to happen, but they do. They happen all the time. So let’s talk.
First, are some of these threats to a law firm in terms of cybersecurity, digital threats, everything that falls under that umbrella?
Jonathan Steele (02:01.253)
Okay, so you’re spot on as far as like the light bulb moment when that comes, it’s too late. And most people aren’t thinking about it on the preventative end. And law firms aren’t particularly different in that regard.
Karin Conroy (02:12.664)
Yeah.
Jonathan Steele (02:13.157)
When something terrible happens, they get ransomware and they get locked out of their system, then they start to think, okay, what should we be doing? What should we have done? For a law firm, it’s a similar threat to other companies. Phishing is going to be the biggest threat, or at least the most prevalent. And that’s preying on human psychology. You’re not really attacking a system, you’re attacking a human.
Karin Conroy (02:21.858)
Yeah.
Jonathan Steele (02:39.005)
and you’re hoping that they click a link, you’re hoping that they send money, something like that. And second to that, I think is business email compromise, where you get an email that looks like it’s from the managing partner of a law firm, asking you to do something urgently, sort of out of the ordinary, and then you peel back the name of the sender and you see it’s not the right domain name or it’s not the right spelling. And again, that’s preying on sort of human psychology.
Karin Conroy (03:08.236)
Yeah. You know what the one I have been seeing? I get a ton of spam, malware, phishing attempts because I have, you know, services like SEO services and things like that listed on my website. And there’s a lot of people from, you know, these questionable countries that they just seek that stuff out. And I do a good amount of social media promotion and things like that. The one I’ve seen a lot lately,
that has been very close to getting me is Meta. It’s coming from Meta. And it tells me that I’ve done something wrong. Like I’ve got a bad post or, and my account’s gonna be shut down. And I look very closely. So actually, before I explain what my process is for like when I see something like that, let me have you like walk through what
should a person do.
Jonathan Steele (04:09.982)
Stop, slow down, put your phone down, go do something else, think about it in the meantime, come back to it, because rarely is there something that needs to be done right here, right now. And you know, if Facebook, and I’m using some air quotes here, is writing to you and saying your account’s gonna be suspended, you’ve got illegal content on there, act now.
that may not be how they reach out to you. maybe their email address should be the telltale sign there. They’re not going to be emailing you from a Gmail account or anywhere other than a Facebook domain.
Karin Conroy (04:36.588)
Right.
Karin Conroy (04:44.812)
Right. Yeah. And sometimes it takes me a minute and I have to look at those email addresses. So I use Google for my personal and for my business accounts. I within Google, and I think it’s similar for other inboxes, but within Google, when I look at an email, I have to expand it. It’s not just showing me the full email address by default. Usually it just shows the name of the person. And so the first thing,
is expand it, look at the full email address, not just the name, because the name from these hackers looks like it’s coming from Meta. And then when you expand it, it’s like a bunch of weird characters, maybe a Gmail, maybe a Yahoo, but it’s not coming from Meta because they don’t have access to that domain. like the technical background part of that is like,
they can’t send from a meta domain. So they make it look as close as they can to fool you. But it should be a very simple, like, if meta really were contacting me, it would be something like violations at meta.com. Like it would just be, you know, super simple like that. It wouldn’t be like seven, eight, nine, four, three, two, some big long thing at meta misspelled.
Jonathan Steele (06:08.149)
You know where that gets more confusing is when they’re not using a Gmail and they’re using Meta analytics comm or meta reach out Meta notifications dot co or something that has meta in the name and so then you’re even if you’re looking at the sender address You’re not a hundred percent sure Until you do a little bit more digging
Karin Conroy (06:32.344)
So then I usually never click on the stuff in there. And then the next thing I usually do is go into the associated, whatever they’re talking about. So in this example, I would go into my Meta ads account and there should be something corresponding in there. There should be some big red notification saying there’s a problem here. And there never is, but I’m not kidding the number of times that it, especially in the beginning, the first couple of times I saw these emails,
they’re very threatening and like it makes you, it just puts you on edge and it puts you on this defensive mode where you have to, like you said at the beginning, the first thing you need to do is stop, like catch your breath, take a minute. It’s probably not, it’s probably not true. Like the kind of content I’m putting on meta is not questionable. Like there’s nothing weird about it. so, but if you were like, some of my clients are like sexual harassment attorneys, they have language that.
could be flagged just because of the nature of their work. And not that what they’re posting is wrong or weird, but these bots sometimes flag the wrong thing. So it is important that you check it out because there are legitimate times when your stuff could be flagged and you could have a problem. And if you do that kind of work, then you just have to be super, super, super careful.
Jonathan Steele (07:55.577)
You know, there’s another tip that…
came to mind when you’re describing this because it’s the human factor. you can have the most secure computer, the most secure operating systems and firewalls and everything, but at the end of the day, the human’s gonna be the weak link there. And it’s a numbers game. So if I send you 10,000 of those emails over the span of a few years, I might get you to click one. It might be at three in the morning when you’re sleep deprived. It might be during travel. You you might just not have your Wits
Karin Conroy (08:02.541)
Yeah.
Karin Conroy (08:10.849)
Right.
Jonathan Steele (08:27.291)
about you and you might click that link. Something you could look into doing is setting up a filter where you basically tell Gmail if I get an email with the subject line of meta and it’s not from a meta domain, send it to spam, send it to the trash so that you’re taking your human element out of it and you’re letting a filter do it for you.
Karin Conroy (08:47.288)
The other thing I like to do in terms of tips is I do report all that stuff. I do sit and flag all of it as spam. And then now Gmail does, or Google has the option to block and report. And then I won’t see anything from that IP address anymore, but they also get reported so that Google and Gmail, they’re super smart. They’ll figure it out and…
those IP addresses are usually flagged and blacklisted. So that is the segue to the next thing I want to talk about because you mentioned earlier email, kind of having your email compromised or hacked or having problems there. And where I see that a lot is if a website gets hacked and then that domain is affected and they don’t do anything about it instantly,
The threat there is that your domain is going to be impacted and then all of a sudden your emails stop working because obviously your emails are tied to that domain and you have blacklisted issues where they’re not being received. this is where usually when I’m talking to clients, this is where they start to get it and they start to freak out this idea that their emails will not go through. And usually when I get the panic phone call, it’s that.
Like they are trying to email the court system or whatever and it’s not going through and that’s when they’re at full freakout mode. So let’s talk quickly about how to prevent that. What kind of your thoughts on all of that and kind of what to do in those cases.
Jonathan Steele (10:32.559)
You know, I think that’s just a good example of acting too late. You know, there are preventative steps to do before that happens that will keep it from happening. And…
Karin Conroy (10:36.963)
Yeah.
Jonathan Steele (10:43.737)
you know, an ounce of prevention is worth way more than a pound of a cure in this context. There’s a number of things you can do to keep your domain name reputable as far as email deliverability. You know, that’s a matter of DMARC records, DKIM records, and SPF records. And if it sounds like I’m speaking a different language, it’s something that, you know, where you buy your domain, GoDaddy, CloudFlare, or whatever registrar you’re using to buy the domain, it’s a matter of just setting a specific record in that.
Karin Conroy (10:47.68)
Yeah. Right.
Jonathan Steele (11:13.671)
that domain name, and that helps tremendously with deliverability. If your website is hacked and your domain name is compromised and people start sending emails from your domain, your DKIM records and your DMARC records can be set up in a way, you can set up a policy such that if it’s not from you and it’s just spoofing your domain, that your emails are gonna automatically go to spam.
So that’s going to help to keep your legitimate emails being treated as legitimate and somebody spoofing your domain as being treated as illegitimate. And then that’s going to help to prevent and to sort of curtail the outfall. Because if you let that go too long and your domain just gets flagged as suspicious in Gmail and Yahoo, the cleanup there is much more difficult.
Karin Conroy (12:10.474)
It is. And I’ve seen it take many, many days, sometimes weeks. And then there’s still little like places where it doesn’t quite work right. And it is a giant, giant pain. And I don’t wish that on anyone. And it’s definitely something you want to make sure that whoever set up your email, that they know those three things that you were talking about, the DMARC, all of that stuff, because it’s become a requirement now.
And your emails won’t work quite right if you don’t have all of that security set up. But sometimes like if you had an IT guy that you’ve been working with for 20 years and you know, he’s kind of coming close to retirement and he hasn’t been keeping up on it. Cause this is probably something that really got much more traction. I’d say in the last two years or so, maybe a little bit longer than that, but
If you haven’t made any updates or improvements to your email systems and securities in the last couple of years, that could be a big problem.
Jonathan Steele (13:13.795)
I’m hearing from businesses pretty often now, my outlook’s not working, my emails aren’t going through, and you hit it on the head, it was a recent change for Gmail to require DKIM records to be deliverable. And while it was publicized to some extent and I heard about it, that doesn’t mean that my kids’ preschool heard about it. So for a period of time, their emails weren’t going through.
Karin Conroy (13:18.776)
Yeah.
Karin Conroy (13:29.239)
Yeah.
Karin Conroy (13:37.242)
Right.
Right. Yeah, exactly. And you think about every little business and all the different places that you might need to be emailing and getting in contact with, and it just becomes a whole thing. there again, make sure that’s all in place. And you don’t necessarily have to do that if you have a person who set up your email and you have a contact for that. Just make sure that they did that and they know what that is because that should be
top of mind for whoever you’re working with in terms of your emails and your email accounts and all of that security kind of setting. What other ways or things do you have in mind for people to kind of evaluate their overall level of security and whether things are up to date or not?
Jonathan Steele (14:31.791)
You know, you touched on something earlier that I think is pretty common, that you have an IT person that is, they became an IT person when we had typewriters. And so, you know, nowadays they’re a little out of touch with, you know, what the trends are and how to stay ahead of them.
Karin Conroy (14:42.19)
Dial up.
Jonathan Steele (14:51.435)
And so even just as easy as bringing in a fresh face, a younger person that maybe is outside the mold of what IT used to be, because maybe Microsoft isn’t the best route anymore. And when that generation was trained, that’s what they learned. They learned Microsoft, they learned Outlook, and that’s what they know, and they know it well. even that, their infrastructure has changed over time, so you could still be out of touch with that. But bringing in a fresh face to evaluate
Do we need to be wedded to Microsoft and Teams and Office? Is there a more secure, a more private platform that we could be using? That’s helpful. And likely, if you’re finding a fresh face, you’re finding some younger blood to do this evaluation, they’re going to be trained in what’s called pen testing. That is an art of itself or science in itself where you’re evaluating systems and servers to see are there
soft spots, are there, you know, unpatched software on certain platforms that are just sitting ducks waiting to be hacked. So some pen testing is going to identify a lot of those threats.
Karin Conroy (15:59.895)
Yeah.
Karin Conroy (16:04.482)
Yeah, I was just gonna add to that, like this is a real issue because we get a good amount of clients coming in where the first conversation starts with, we have a legacy partner or partners who are nearing retirement and they have a way and a thought about the way things should be done. And…
So this aligns with this part of our contract that says, these are the following browsers that we support. We do not support things like Internet Explorer. And for those of you who are in that group, I will just explain Internet Explorer has not been a browser for more than 10 years. but sometimes these things need to be said. So I will just say in as kind and soft of a way as I can say,
If you have those guys on your team or in your firm, which many, many, many firms do, you know, and so what’s typically happening is those guys are getting close to retirement. They’re bringing in a new, group, you know, like there’s guys that are going to be coming in, but they are the cleanup crew first. Then they’re going to kind of come in and build their own thing. But first there’s usually a lot of cleanup that needs to be done. And the cleanup involves conversations around number one.
Internet Explorer is not a browser anymore. We’re not going to ask her why it’s not working on Internet Explorer. Things like this. But everything that goes along with that. Why are we using this? because Larry says. If you have that of firm, which I’m not trying to be judgmental or critical. I am a little bit on the critical side. But it’s normal and it’s common, but there’s threats there. There’s problems.
And it’s a thing that you can come in and recognize, okay, we’re not gonna keep doing things because Larry, just because the only reason is because Larry says anymore. We’re gonna take a look and have someone come in and maybe do some sort of an audit and say, okay, this is a serious threat. This could potentially do X, Y, and Z. And we’re gonna present that to Larry and say, Larry, we’re gonna stop with this.
Jonathan Steele (18:25.081)
I think that COVID did a good job of weeding out some of those generation of IT because you had to pivot quickly to remote work, which required.
Karin Conroy (18:34.413)
Yeah.
Jonathan Steele (18:35.905)
some skill set outside of that conventional Microsoft, is how you do everything and have always done everything. And you needed to replace that with like Zero Trust or VPN solutions and get some of the older partners to start using Zoom and multi-factor authentication to log into things. That was a real struggle that I witnessed in a law firm of the older generation, not only of IT, but of the lawyers that needed to go through all these steps. It started to weed out.
Karin Conroy (18:56.867)
Yeah.
Jonathan Steele (19:06.743)
some of the people that just could not keep up with that change.
Karin Conroy (19:10.422)
Yeah. But if those are still in the leadership positions and maybe they’re on their way out, there is kind of a mindset and a buy-in that has to happen first before you do any of this stuff. So if they don’t even realize kind of what the threat is and that these hacks and these attempts and the phishing, this is not just like a maybe. There’s a real possibility that you’ll witness at least some version of this.
and then there’s an absolute possible need for just being protected and having systems in place and thinking about this ahead of time. It’s just insurance. It’s like, you know, I’m, I haven’t been in a car accident in a long time, but I still have car insurance. Like I’m, you know, gonna not do that because it, you know, I haven’t personally seen it recently. okay. So what else, what, what kind of legal implications do you have? Cause I know that.
Usually, correct me if I’m wrong, usually when you’re having this conversation, are you talking to your clients more about like their potential issues and that kind of stuff?
Jonathan Steele (20:18.373)
I have the conversation, I’d say, in terms of frequency, it would be more often with clients. But I have, I lobby to my firm sometimes for changes and things that make more sense, at least in my mind. And so there’s an equal split there, but for the most part, it is trying to counsel clients through security issues, privacy issues.
Karin Conroy (20:41.922)
So out of curiosity, what’s the difference that you see in terms of personal security and digital problems and threats as compared to your law firm?
Jonathan Steele (20:52.889)
think privacy is more applicable to the personal level. People trying to keep their, where they live off of the internet, their social security numbers hidden, things like that, keep control of their social media accounts. So I think cyber security as a concept is gonna be a little bit more applicable to the business end and privacy is gonna be a little bit more applicable to the personal.
Karin Conroy (20:57.431)
Yeah.
Karin Conroy (21:19.618)
That makes sense. Okay. So what kind of legal implications, I mean, just to kind of maybe if there are those people who are having a hard time getting on board with this idea, like maybe some of those more legacy partners and things like that, what are the legal implications of not kind of like letting it just sit in the corner and not addressing any of these potential issues?
Jonathan Steele (21:46.691)
I don’t know that the first one that comes to mind is a legal implication necessarily, more of a business implication, but I think if you get your reputation diminished by the fact that you suffered a data leak and all of your client’s information is now on the dark web for sale and their social security numbers and everything about them, your reputation as a law firm is going to take a very significant hit. It’s going to spread quickly that the reason that happened is because you were using an outdated
Karin Conroy (22:10.893)
Yeah.
Jonathan Steele (22:16.916)
or because you didn’t train your employees. You know, didn’t do fishing training often enough.
Karin Conroy (22:17.954)
Internet Explorer.
Jonathan Steele (22:26.103)
And it’s negligent to not do that. So I think that it’s a reputation problem first. But there are legal implications, depending on the kind of law firm and the type of data that you store. If you’re a medical malpractice firm or you’re a family law firm and you have people’s medical records, if you’re not safeguarding them properly, if you’re not storing them in an encrypted way, you can find yourself in some HIPAA problems.
Karin Conroy (22:28.674)
Yeah. Yeah.
Karin Conroy (22:56.205)
Yeah.
Jonathan Steele (22:57.127)
And you know if you are not, similarly if you’re not storing people’s tax returns and their financial information in an encrypted way and then you leak it, you’re going to have some pretty unhappy clients that may have suffered tangible losses and you’re going have some explaining to do.
Karin Conroy (23:13.324)
Yeah, okay, awesome. I feel like that’s something that at least the lawyer audience can associate with and that’s like, okay, I can at least, that makes sense to me and that actually gives me a little bit of a motivation to maybe think about it in a more serious way. It’s kind of like vitamins, feel like. A lot of people know that it’s a good idea, but it’s like, eh, maybe next week.
Come on. Like I said earlier, if you don’t have the time and you feel like your max out and you don’t want to do all this, just hire the right person to get it done. That’s probably the best case scenario in most firms to get someone who actually knows this and knows what they’re doing and knows how to set everything up and evaluate what you need and all of that stuff because it’s probably a bigger project than you realize.
Jonathan Steele (24:08.741)
I think part of the problem too is that people get wedded to this is the way we’ve always done something and so that’s the way we should continue to do it. And it’s important just to understand that the threat landscape is not static. And so if you’re applying, you know, static defense to an evolving threat, you’re behind the eight ball.
Karin Conroy (24:13.931)
Yes.
Karin Conroy (24:21.186)
Right.
Karin Conroy (24:28.832)
Yes, I had this cybersecurity expert on who last year and he had some quotes and stats and I can’t remember the numbers and all of that, but he basically said, assume you’re going to be hacked. mean, just assume that’s going to happen because from my side, when we’re protecting our, all of our clients sites, we have a security thing that we add on to every single site and it’s constantly monitoring and
shutting down attempts, whether it’s a malware, whether it’s through the contact form, whether it’s, you know, there’s a handful of different ways they’re trying to get in, but it’s constant. It’s sometimes eight, 10,000 attempts a month. So first of all, this is not going to be handled manually. Like that would be stupid. And second of all, you, you just want to have it set up in a way where it’s addressing all of that.
And it’s doing it in a updated way because the thing that we use is constantly like looking at where they’re coming from because, know, as opposed to like, let’s just say the TSA where we still are taking our shoes off for something that happened 20 years ago. Like you want to have protection that’s looking at what they’re doing today. What is happening today? Like there is nobody trying to get on a plane. Well, I’m not going to.
say what I have no idea what’s happening in terms of aerospace threats, but there’s no reason to continue responding to a threat that was from 20 years ago that they’re probably not looking at that method anymore. We’ve moved on.
Jonathan Steele (26:07.983)
You know, I think a good example that is…
Endpoint protection. So if you put like an antivirus software on somebody’s computer Most likely that is doing signature based Analysis, so it’s trying to see are any of the files that are on your computer Known viruses viruses that we’ve seen before and then we’ll get rid of them And they do a good job of that, but that’s not the threat landscape anymore. That’s not what Happens to people you’re not really downloading viruses. You’re clicking phishing links or you’re you’re getting
your files encrypted with ransomware and that’s the threat landscape. It’s zero-day clicks and things like that and so you can have this sort of static antivirus and it gives you if anything sort of like a false sense of protection.
Karin Conroy (26:57.302)
Yeah. Well, and then when it comes to your website, that’s not even happening on your computer. So, you know, that’s something that has to be handled in a different way. so, and, it still threatens your emails. It’s still threatening, you know, all this other stuff. So there’s all these different avenues that need to be protected. so speaking of that, it’s time for the thought leaders library. our website has a whole curated collection of the book picks from all of our guests.
So Jonathan, what’s the one book you think every layer should have on their bookshelf?
Jonathan Steele (27:29.701)
I like Michael Basil’s Extreme Privacy. I think he’s on version 5 now. And every version is better than the last one.
Karin Conroy (27:37.568)
What happens in each version? Is it just like what’s happening now in cybersecurity and kind of an update?
Jonathan Steele (27:43.811)
Yeah, that’s the point is that this is an evolving thing. And so he can give spot on advice of how to configure your email or your mobile device today. And then that can be completely changed tomorrow. He’s gotten smart about it. He doesn’t push as much paper copies because of that. He does PDFs that update as new things come out.
Karin Conroy (27:59.543)
Right.
Karin Conroy (28:07.662)
that’s good.
Jonathan Steele (28:09.977)
So I think that was a smart pivot for him, but the book does sort of an excellent job of how to protect yourself, how to erase as much publicly available information as is possible and keep that data from resurfacing.
Karin Conroy (28:26.412)
Yeah, I took, I haven’t read this book, but I took a quick look at, at it. We’ll obviously link to it, to the Amazon link and all of that stuff. But, I will add just one other little sort of tangential tip is your online. If you haven’t Googled your own name, first of all, I think everybody does that. It’s, know, we all have our own egos. but you need to do that for a privacy from a privacy standpoint too. You need to know what’s out there and.
Usually there’s all these directories that are listing lots and lots and lots of private information and there are ways of getting that all removed. And I recommend it. It’s really not a good idea to have that level of information out there for people to dig around in. A lot of damage can be done, especially from like an identity theft perspective.
So I highly recommend that as another side tip is figuring out, just do a Google search of how to get your name off of these directories. I also recommend finding a service that will do it because there’s thousands of them and you don’t want to do it manually.
Jonathan Steele (29:36.357)
You’re referring to data brokers. It’s a crazy industry. Why it’s legal is Shocking to me, but there are there, you know something like a join delete me will automate the process of removing your information from all these data brokers And you know, there’s there’s a lot of threats with the data broker Disseminating your information, you know, if you are a lawyer and your home address is Googleable that could be a problem
Karin Conroy (29:42.483)
Seriously.
Karin Conroy (29:49.682)
Yeah.
Karin Conroy (30:03.982)
Right.
Jonathan Steele (30:04.594)
And you’re making yourself an easier phishing threat. The more information is out there about you, you’re easier to relate to. And so there’s a thousand reasons to.
Karin Conroy (30:15.596)
And it can be like, they’ll be listing your date of birth, your mother’s name, your mother’s maiden name, like all of those things that we all know are used in security hacks. Also, it’s just kind of creepy. Like it’s just, you know, nobody wants that level of data out there about themselves. So yeah, I wouldn’t be surprised if in the next few years, some of that stuff gets shut down. Cause it does seem very borderline, not legal.
Jonathan Steele (30:41.669)
I think it’s going to take, unfortunately, I don’t want to be the one that predicts this, but I think that it needs to take a member of Congress being doxed and having all their information disseminated, something bad happening. All of a sudden, you’ll see legislation saying, wait a minute, these data brokers aren’t a good idea.
Karin Conroy (30:48.226)
Yeah. Yep.
Karin Conroy (30:57.056)
Yeah, yeah, 100%. All right, so what’s one thing that you know that works?
Jonathan Steele (31:04.599)
encryption and that’s for now. There’s a caveat there about quantum computers and that’s sort of the unknown of the day but even post quantum encryption you know that it works. You know that it keeps your data secure whether you’re talking about text messages back and forth or emails or cloud storage all of that is made secure by encryption.
Karin Conroy (31:05.922)
Yeah. Yeah.
Karin Conroy (31:18.689)
Yeah.
Karin Conroy (31:33.058)
Yeah.
Jonathan Steele (31:33.165)
So it’s a math thing. You trust the math, the math works and it keeps your data secure.
Karin Conroy (31:40.002)
Well, and I mean, kind of pulling it back to your conversations more with your clients, because you were saying that is the conversation you have more frequently anyway. I think it’s another recommendation to just people in general that when you’re going through whatever kind of issue you may be going through that requires you to reach out to a family lawyer, think about the amount of data that’s out there, the amount of damage that can be done.
when you have some kind of conflict and someone’s really mad at you for whatever reason. And so thinking about this stuff ahead of time for them to not be able to make things worse is a better place to be.
Jonathan Steele (32:24.453)
You know, most people…
I say this reluctantly because I know that password 123 is one of the most common passwords and that people don’t pay attention to cybersecurity like they should. But if someone is quote secure, they’re most likely secure to outsiders, they’re outside threats. What they’re not really thinking about is the person sleeping in the bed next to them that has access to their devices and has access to their data might share an iCloud plan and all of those, you
Karin Conroy (32:32.309)
Yes!
Karin Conroy (32:44.365)
Yeah.
Karin Conroy (32:48.726)
Yes.
Jonathan Steele (32:56.074)
attachments of data.
Karin Conroy (32:57.634)
And passwords, they oftentimes no passwords. Yep. Yeah.
Jonathan Steele (33:00.783)
passwords and you know they share a ring account or a Nest Cam account and so they’re very attached and so they’ve people in a family law dispute they face sort of a heightened threat.
Karin Conroy (33:14.262)
Yeah, yeah. Because it’s one thing, you know, when we compare how my car was broken into this weekend, these are complete strangers. They don’t, they’re not coming for me. They just want my credit cards. And as compared to that, a family law situation where there’s so much more emotion involved and it’s personal and they are coming for each other. And so the motivation is different and the…
access to information is different. so all the more reason you should be protecting this stuff at an even higher level than just thinking about these hypothetical strangers who are hacking into your website. that does happen, but they have a different motivation. And if your website is set up well and also assumes that it could be hacked and has backups and plans in place for
recovery, then they move on once that’s done. But your personal situation is whole different situation.
Jonathan Steele (34:20.345)
No, that’s right. that, you know, I think…
Hopefully if people are listening and they’re interested in some level of security or some level of privacy, I think it’s important for people to understand that it’s not a light switch. It’s not one day you’re secure and the next day you’re not or vice versa. It’s a continuum. It’s not a sprint. It’s like a marathon. And you can do little things in your daily life that make a big difference. And those things are worth doing because the cleanup on the back end is much more painful.
Karin Conroy (34:33.549)
Yeah.
Karin Conroy (34:51.275)
Ugh.
Jonathan Steele (34:52.213)
deal with a little bit of friction and you have to type in an extra code when you log into your email, it’s going to be worth it instead of having yourself locked out of your email.
Karin Conroy (35:01.696)
Yeah, I was going to add as my last kind of takeaway that to just repeat what you were saying about how it’s an ongoing process. And like, like I was saying earlier, if you set this stuff up and haven’t touched it in like four or five years, you’re not secure anymore. Like this doesn’t, that’s, it’s not a one-time thing. So it needs to be an ongoing process and things are changing on a daily basis. And you need to kind of keep it in mind that it’s something that you need to be
either you need to be paying attention to and staying on top of, or you need to have someone else who is doing that for you. But what would you say your biggest takeaway that you’d like listeners to get from this episode is?
Jonathan Steele (35:42.703)
You know, I think at the beginning you mentioned that people think it’s not going to happen to me. And I think that’s an unfortunate and very common thought process. Somebody else has more money, so they’re going to be a more valuable attack target. And that may be true. Maybe they have more money. But maybe they put more effort and energy and money into their cybersecurity. And so maybe they’re a harder target. And it is just a numbers game. If somebody’s hacking or trying to hack, they might be trying to hack a
thousand people and if you’re just easier than the next person you’re the one that’s going to be a victim of that attack and so you know it may be limited reward in terms of like what you had in your checking account but multiply that by a thousand people and it becomes worth it for them so they’re not necessarily trying to hack Bill Gates and Elon Musk they’re going for easier targets
Karin Conroy (36:28.652)
Yeah. Yeah.
Karin Conroy (36:33.994)
No. Yeah, right. Can imagine the amount of security those guys have? Even just like actual security guards and all of that stuff. I wouldn’t, you know, I wouldn’t, you know, pass up a couple billion, but at the same time, I would not prefer to have to have like physical security around me 24 hours a day. That sounds gross. Yeah, I think that’s a really good point. And I think that’s a good
kind of takeaway endpoint to kind of leave it on where just assume that they’re going to, that you probably have holes and that you need to stay on top of it and that it changes so often. Yeah. Thank you so much for being here. Jonathan Steele is a family law attorney and partner at Beerman LLP in Chicago, and does a lot of work with cybersecurity and obviously talking to your clients and being on top of and in front of all of that.
So that was a really great and helpful conversation. Thank you so much.
Jonathan Steele (37:34.127)
Thank you.
Ready to Transform Your Law Firm's
Marketing Strategy?
Listen and Subscribe to Counsel Cast Today and Unleash the Full Potential of a Marketing Co-Counsel®