Cybersecurity and Divorce Recovery / Jonathan Steele, J.D. || DPTSP #051 || David M. Webb

[00:00:00] Welcome everybody out there too, don't pick the scab podcast. Episode 51, we have Jonathan Steele on

[00:00:05] the podcast. He's my first returning guest and that is an honor. You're the first one.

[00:00:10] This is a podcast from Innable 40 either starting in the middle or one and done with their divorce

[00:00:15] journey. Present some of the tips, tricks and methods for you to heal and move on with your

[00:00:20] new life. I think Jonathan's first podcast was 43 and I think the title was is Your Lawyers

[00:00:28] Not Your Counselor. One of those things. Life Coach. Yeah, life coach. Yeah, someone from there.

[00:00:35] And then we touched on the end about cybersecurity and man you guys reached out to

[00:00:39] you about cybersecurity like crazy. Welcome to the Don't Pick the Scab podcast with the premise

[00:00:57] of connecting men over 40 with the tools and community to thrive in their divorce recovery

[00:01:04] either before, during or after a divorce. So this one we're talking about cybersecurity

[00:01:11] and I'm going to get out to it. So Mike's first question is basically can you explain

[00:01:17] the role of cybersecurity in divorce proceedings and how it can impact your outcome?

[00:01:24] Yeah, like any facet of your life, cybersecurity can play an important role,

[00:01:28] particularly in litigation and in family law and divorce. Having a managed cyber posture goes a

[00:01:36] long way towards keeping your trial clean, keeping yourself in a good light with the court. So it's

[00:01:43] important to keep control over who you're connected to on social media, what you're posting,

[00:01:50] rein in your permissions across the board on your devices and then keep your accounts secure.

[00:01:58] We just had a this ironic because on the other podcast, Divorce over Podcast,

[00:02:02] Rach and I talked about social media and presence and first time divorce.

[00:02:07] And hers was ease up a little bit. My mind was get off because social media becomes a negative

[00:02:13] thing sometimes with divorce. So we think about that. It's more often negative than it is positive.

[00:02:20] There are so many cases where something that you've posted somebody that you friended comes

[00:02:26] back to bite you. So whether you're seeking alimony or maintenance and you lose that because

[00:02:33] you're posting on social media that you're cohabitating with someone else or you're wasting

[00:02:39] money as evidenced by with lavish vacation photos that you're posting.

[00:02:43] Going to Florida.

[00:02:45] Things like that. That has a tendency to pop up in your divorce case,

[00:02:50] whether it's that or whether it's just your connections to a paramour or whatever it

[00:02:55] may be. I rarely, if ever see a good application of social media in a divorce case.

[00:03:02] Let's talk about cybersecurity threats. It's almost like people go through a divorce

[00:03:07] like they don't pay attention to their passwords, whatever. Do you see like an increase of people

[00:03:11] getting stung or popped like that?

[00:03:14] I see an increase across the board and that's going to include people from divorce.

[00:03:19] When general phishing attacks are on the rise, email compromise is on the rise,

[00:03:26] business impersonation emails on the rise. But that's just going to keep growing.

[00:03:29] It's going to keep getting worse. It's going to keep getting more prevalent.

[00:03:32] AI is making phishing emails harder to spot.

[00:03:35] You beat me to my question but go ahead.

[00:03:37] All right. I'll pause that. I'll let you ask.

[00:03:39] Oh yeah, but go ahead. Yeah. So what about the AI component?

[00:03:42] I've seen where people can replicate faces. They can replicate voices.

[00:03:46] It's just, you almost need to have a safe word, like a family safe word in order to do things.

[00:03:53] Yeah. What you're touching on is deep fakes and that's a scary application of AI.

[00:04:00] And like any tool, there's a good use and there's an apharious use.

[00:04:04] And the good use is using AI to power firewalls and threat detection.

[00:04:10] But in the not too long ago days, phishing emails were easy enough to spot because you don't have a

[00:04:18] Nigerian prince cousin that needs you to wire $400,000 now.

[00:04:23] And they didn't email you with broken English that was really easy to detect.

[00:04:28] But now somebody that wants to phish you puts their broken English confusing narrative into chat

[00:04:35] GPT and just says, clean this up. And now what they're sending looks legitimate. It's much, much

[00:04:41] harder to detect. Wow. So how can people protect themselves? What are some of the ways I see that

[00:04:47] have life lock? That's a big one. Is that worth the money? People don't know about that.

[00:04:52] Generally no. I don't view it as being worth the money just because it's reactive.

[00:04:58] So I would rather prevent harm than have somebody tell me after the fact

[00:05:05] harm has been caused to you. And there's when you reference life lock, what you're trying to do is

[00:05:11] protect yourself or notify yourself of new lines of credit or things like that that have been

[00:05:18] opened on your credit reports. And you can proactively prevent that by freezing your credit

[00:05:26] for free with each of the three major credit bureaus. Then you're going to prevent it and then

[00:05:32] you don't have any need for notice after the fact. Got you. What advice do you have for the

[00:05:39] minnow or 40 who suspect their SX or their soon to be X partner is monitoring their online

[00:05:46] activities? It's quite possible. It's not, it's easier said than done to do that. But

[00:05:51] you have to triage how you go about sleeping at night. The first and most important thing

[00:05:57] is to make sure that your communications with your lawyer are secure. If your spouse is reading

[00:06:04] your emails with your lawyer, you've got a problem. And there's there are more secure email

[00:06:08] providers out there like Tuda and Proton Mail that are really cybersecurity focused,

[00:06:14] privacy focused. They do a great job of helping navigate landing in a place that's

[00:06:20] more secure. But even if you're not sold, even if you want to stay with Gmail, you can just

[00:06:25] button up your Gmail account. You can use a better form of multi factor authentication to

[00:06:30] keep your spouse out of your emails. You can change your password. You touched on that earlier

[00:06:35] about basically sloppy password practices. So get a password manager, use unique random

[00:06:42] long passwords or pass phrases for each of your accounts. That's going to go a long way.

[00:06:48] And then use multi factor authentication everywhere. Use it with your banks, use it with

[00:06:53] your emails, anywhere that it's offered. Yeah, it's going to add a little bit of friction. It's

[00:06:57] going to irritate you a little bit having to type in a six digit code, but the cleanup on the back

[00:07:02] end is far more irritating. Last time we talked about buzzwords and I think the buzzword was

[00:07:09] what is that word? I can't remember. Anyway, so one of the new buzzwords for me in cybersecurity

[00:07:17] is digital asset management. How can you discuss the importance of digital asset management in

[00:07:23] divorce and what should Manover 40 consider? I guess it depends on what kind of assets it is

[00:07:28] that you are trying to protect in your divorce before talking just generic terms like your

[00:07:36] financial assets, your cryptocurrency, your bank accounts. That's the same sort of advice where

[00:07:41] it's use a unique strong password for all of your bank accounts, all of your investment accounts.

[00:07:48] And then if you want to go a step farther, maybe you want to look for a bank that's more

[00:07:52] cybersecurity focused. So places like Chase Bank of America, they're going to offer you,

[00:07:58] for the most part, SMS based or text message based multi factor authentication.

[00:08:03] And that form is susceptible to what's called a SIM swap attack. And so it's not

[00:08:09] great. It's better than nothing. But there are better forms of multi factor authentication.

[00:08:15] For instance, if you go to an investment bank like Morgan Stanley, and you open an account that

[00:08:21] has a checking account component to it, they'll offer you the ability of having

[00:08:25] a hardware security key as your form of multi factor authentication. And that can't be phished.

[00:08:31] So either you have the key in your physical possession or you don't. And if you don't,

[00:08:37] you're not getting into the account. So that goes a long way. Anywhere you can use a hardware

[00:08:41] security key, you're better off using that. Let's talk about encryption. That's a big one. And

[00:08:47] as part of the security key, what role does encryption play in protecting sensitive

[00:08:52] communications during the divorce? It's pivotal. It's required everywhere. You should be having

[00:08:59] end to end encrypted communications with everybody if you can, but at a bare minimum,

[00:09:05] your lawyer, your accountant, anybody important, your insurance broker,

[00:09:11] anywhere you can use actual end to end encryption, you should be using it. Anytime you're storing data,

[00:09:18] whether it's your tax returns, your bank statements, your insurance statements,

[00:09:22] your health records, that needs to be encrypted. And most cloud providers, most email providers,

[00:09:29] there's some form of encryption. If you're sending, if you're using Gmail,

[00:09:33] which is the most common, your email inbox is encrypted. When you send an email from your account

[00:09:40] to someone else's account, it's encrypted in transit. The distinction that I'm making with

[00:09:47] end to end encryption is basically a privacy thing with Gmail. Yeah, it's encrypted.

[00:09:54] Anyone outside of Gmail is going to have a pretty hard time decrypting your mailbox and

[00:09:59] reading your emails. But Gmail has a key, and so they're like your landlord. They can come in

[00:10:05] and they can read your data and they can do with it what they want. They can market to you,

[00:10:10] they can profile you based on your shopping receipts that are in your inbox. And that's why

[00:10:16] I try to push people more towards a Tuda or a Proton mail because those operate on

[00:10:21] zero access encryption on your inbox, and they also offer end to end encryption, which

[00:10:26] if you're emailing from Proton to Proton, that's end to end encrypted. Nobody other than the recipient

[00:10:32] can read your email. But even outside of that benefit, all of your shopping receipts, your

[00:10:37] Expedia confirmations, all of your Amazon receipts, your DoorDash receipts,

[00:10:42] all of that once it lands in your inbox is encrypted to the point where even if Proton

[00:10:48] mail or Tuda and Oda wanted to, they could not access your emails. They can't produce them

[00:10:53] responsive to a subpoena because they have zero access encryption. And the same goes for

[00:10:58] cloud providers, storage, it's the same sort of situation when you look at Google Drive versus

[00:11:04] Proton Drive. I have a tendency to shy away from Google. That's probably not a secret at this

[00:11:11] point, but they do a good job when it comes to security. They do a good job of protecting your

[00:11:16] account. They're just not very privacy-respecting. They openly advertise based on the content

[00:11:22] to your emails and they market it to you and they build profiles. That makes me uncomfortable,

[00:11:27] but a lot of people don't mind it. And so it's okay when it comes to just security law.

[00:11:33] Oh, that's interesting. How can someone recover from identity theft since it happens so

[00:11:39] often? And how can let's say two people going through a divorce and there's identity theft,

[00:11:45] how does that turn the divorce topsy-turvy? What's some of the things that can happen?

[00:11:49] The recovering from identity theft is tough and that's why you have to look at it proactively

[00:11:55] because that cleanup that I mentioned earlier is so much harder than just a couple preventative

[00:12:02] steps on the front end. Once your information is out there, good luck getting it back. Once your

[00:12:07] social security number is leaked, good luck getting it back. It's almost impossible to

[00:12:12] undo a lot of the harm. You can try to mitigate the damage. You can try to open or set a fraud

[00:12:18] alerts on your credit reports. You can try, if you had a life lock, they'll help navigate that

[00:12:23] process of cleanup. They'll offer you some levels of insurance in certain situations.

[00:12:28] But the cleanup of identity theft, it's tough. One of the first things you're going to want to do

[00:12:32] is freeze your credit to prevent further harm. But it's very difficult. You'd be well-served

[00:12:38] to do all you can do to prevent that from happening in the first place. And if it does

[00:12:44] happen, I'm sorry that it happened. But freeze your credit, monitor your credit, look for any

[00:12:51] signs of breach and do the best you can trying to clean up the harm.

[00:12:56] How do you advise clients on the use of apps and online services for co-apparenting? That's a

[00:13:02] big thing. That wasn't around when I got divorced because I'm an old guy. And are there

[00:13:09] security concerns with those? Yeah. So at least here in Illinois, there's a couple. There's

[00:13:14] talking parents and then there's our family wizard. That's the pretty popular one is our

[00:13:18] family wizard. I like the apps. They're convenient. They do a good job of scheduling things and

[00:13:24] exchanging expenses. And our family wizard even has something called a tone meter where if

[00:13:30] you write something and it's snarky, seriously, it'll tell you this is snarky or something

[00:13:36] like that. And that's pretty important in a lot of my cases because people have a hard time filtering

[00:13:41] themselves. But like any other app, it's important just to keep the permissions in check. If you

[00:13:47] have an iPhone, it does a good job of telling you these are the permissions that you granted to the

[00:13:52] app and some are probably unavoidable, but some might not be. If you have a calculator app on your

[00:13:58] phone, does it need location permission? Does it need access to your local network?

[00:14:02] Does it need Bluetooth? The answer is probably no to all of those. So I would just try to be

[00:14:08] mindful of what permissions you've given to the app. I don't know for sure whether every

[00:14:14] feature of our family wizard is required to have location access, but if you can get away with

[00:14:20] having it off, I would have it off just because I don't like apps knowing where I am,

[00:14:26] where I'm going, where I'm spending time, how much time I'm spending there. So I would

[00:14:30] just try to be mindful of location. And then also, I know some of these apps have like a document

[00:14:36] sharing feature where you can share bills and share report cards and schedules and things like that.

[00:14:44] So I would just try to be mindful of metadata that's going along with the documents that you're

[00:14:49] sharing, hopefully, and this may not be the case. The apps are stripping the metadata before

[00:14:55] they're sharing what you're uploading and they may not be. And sometimes a metadata that goes

[00:15:01] along with a file tells more about the story than the file itself. That's more so the case,

[00:15:06] usually with photos when you upload a photo or you email a photo to someone. It usually has

[00:15:12] the GPS coordinates that the photo was taken, the time, the date, the kind of camera, the

[00:15:17] kind of phone, a lot of information that you may not know is going along with that picture.

[00:15:21] So I would just try to be mindful of is there metadata that's being sent with whatever documents

[00:15:28] I'm trying to send. And sometimes you can remove it, sometimes you can alter it if it's

[00:15:33] appropriate to do that. So I would try to be mindful of that.

[00:15:38] Let's do some positivity, man. It hasn't been negative, but it's been, yeah, let's get

[00:15:45] on with some positivity going on. What new and emerging cybersecurity trends should individuals

[00:15:51] going through a divorce be aware of? What's coming down the pipe? What have you heard?

[00:15:56] I'm seeing just more frequent and more difficult to detect of the same. I'm not seeing a ton of

[00:16:04] new attacks or new breed of attack. I'm just seeing more frequent phishing, more frequent

[00:16:11] business email compromise. And depending on where you work, that one in particular can be rather

[00:16:17] concerning. You can get an email that looks like it's from your boss that's asking you to do something

[00:16:22] now and they're preying on psychology. They're preying on this is urgent. I need that. Small

[00:16:30] businesses. Yeah. Yeah. That's a real concern. And sometimes there are good indicators of that

[00:16:36] if you look at the email sender, not just the name of the sender, but the actual address.

[00:16:42] American Express isn't emailing you from a Gmail account. Your bank is not emailing you from

[00:16:48] Outlook account. They're going to use their own domain name. And so you want to check that. You

[00:16:52] wanted to slow down because most of the things that are you're going to be asked to do aren't

[00:16:58] now. So it's rare that your boss is going to email you and say, I know I've never asked you

[00:17:04] to do this before, but I need you to wire me money right now. So there's two things there. One is

[00:17:11] confirm with the sender or the email by an alternative means. So if you get an email that

[00:17:17] looks like it's from your boss, it's hard to tell. Call your boss. You're not going to

[00:17:21] inconvenience them. They're going to appreciate the diligence in confirming before you do

[00:17:26] something silly and then just stop and pause and think maybe get up from your desk,

[00:17:30] do a lap around the office and come back. And during that time, maybe you've thought,

[00:17:35] gee, this just doesn't make a whole lot of sense. I've never been asked to wire money before.

[00:17:39] It's hard sometimes depending on the line of work you're in. There's not always

[00:17:43] the luxury of time. Certainly as a lawyer, it's fast paced. You're making decisions quickly.

[00:17:50] So it's hard sometimes to slow down and think, but it's important.

[00:17:54] So I got a story for you. A couple years ago, my dental software went down. So I was on

[00:18:00] the phone with tech support and it's one of the top two dental software programs. So they're pretty big.

[00:18:07] And so I was on the phone with this lady and so she was helping me out. She took control of the

[00:18:12] computer and did her thing. And so we're sitting there and said, hey, can you tell me,

[00:18:16] because I'm a big backup guy, I back up every day. So I said, can you tell me what's the

[00:18:20] longest amount of time that you had to help a dentist go back and back up? You know what

[00:18:27] she said? Six months. So we had to re-enter every entry from six months ago.

[00:18:36] That sounds wildly inconvenient. So can you tell the listeners out there how important it is to back up

[00:18:44] every day? It's vital. There's a lot of software out there that automates it for you. So it's not

[00:18:49] something that you need to manually do every day. I back up multiple times a day and it's

[00:18:55] important because ransomware happens and it can put you out of business. And if you have backups,

[00:19:03] that might save you in that situation. So backups are vital. Testing your backups to make sure that

[00:19:09] you can actually recover from them is vital. And then having a good backup strategy is also

[00:19:14] important. There's this three to one mantra that you should have three copies of your data

[00:19:20] in two locations or two mediums. At least have an off-site backup, have a cloud backup,

[00:19:28] or have a physical backup like on a disk or a USB drive that you keep in a safe somewhere

[00:19:36] because one of these methods goes down and then you have nothing. So one form of backup

[00:19:41] is about the same as having zero. So it's important to have multiple forms and to also

[00:19:46] test your ability to recover because some people they think I've been backing up. I'm good to go.

[00:19:52] And then disaster hits and they go to restore from their backup and they realize that then,

[00:19:57] wait a minute, I have all these backups. I can't do anything with them. What's important to test

[00:20:01] that? Yeah. What's the deal because I have fiber here. We got fiber probably six months ago.

[00:20:08] A lot of these Comcasts, Century Stink, because I hate Century Stink, they promote

[00:20:14] all sorts of software that they have to prevent phishing. How reliable is that?

[00:20:20] These guys always say that. I haven't seen Comcast promoting that, but it doesn't surprise me.

[00:20:26] Everybody's chomping up trying to seize on people's fear and the stories that you're

[00:20:31] seeing in the news is happening all the time. There are certain forms of software that

[00:20:37] the problem is that there's a new phishing site that pops up every day.

[00:20:41] And so unless these software or these services are somehow keeping track of emerging phishing sites,

[00:20:49] it might protect you from a phishing site that went down six months ago, but not one that went up

[00:20:55] today. There's certain firewalls. There's certain DNS providers that use AI algorithms to

[00:21:02] stop you from hurting yourself basically and clicking a phishing link.

[00:21:07] And there's certain endpoint protection that can do that on your devices.

[00:21:11] But all of those are hamstrung by what it has seen before. So the problem is just if you put up

[00:21:20] a new phishing site today, most of the software hasn't seen it before and it won't know to block it.

[00:21:25] What about getting things like McAfee or Norton? How reliable is that? Do you suggest someone

[00:21:31] get something? Yeah, it depends on what kind of device you're using. If you're using a Windows device,

[00:21:37] those are pretty vulnerable. Those are pretty commonly attacked just because of the market share.

[00:21:42] They're very prevalent devices. Nowadays, Microsoft Defender does a pretty good job on its own and

[00:21:48] maybe you don't even need to supplement. If you're on a Mac, those are pretty secure right

[00:21:54] out of the box. Apple does a pretty good job. They have complete control over their hardware.

[00:21:58] They only allow certain kinds of apps on certain kinds of devices. Maybe on a Mac,

[00:22:04] you don't need one. But it also depends on your threat model, what it is you're doing with your

[00:22:08] device. If you're downloading illegal movies and downloading illegal software from shady websites,

[00:22:15] then you probably do want to have some form of antivirus because you're going to come across

[00:22:21] some shady practices. But if you're not doing that and you're just sending emails,

[00:22:25] maybe it's not necessary. But it can't hurt, but really doesn't slow down a modern machine very

[00:22:30] much. They're not very expensive to the extent that gives you peace of mind. Maybe it's worth it.

[00:22:35] Can I explain the concept of digital footprints and how they affect divorce cases?

[00:22:42] Yeah, your digital footprint is unavoidable no matter how good your

[00:22:45] offset is, no matter how good your cyber hygiene is, you're making a digital footprint

[00:22:51] every time you open your browser, every time you're doing anything on the Internet.

[00:22:54] The more exposure you have, the more social media accounts, Instagram, Twitter,

[00:23:00] Macedon, Facebook, all of those are expanding your digital footprint. And you can't really shrink it

[00:23:09] other than to delete your accounts, make them private, prune your friends list.

[00:23:13] Certainly in the context of a divorce and elsewhere, your digital footprint is

[00:23:18] definitely something you need to be mindful of and keeping it as small and as tight as possible.

[00:23:23] Part of what I consider to be your digital footprint is made worse by data brokers now that

[00:23:29] if you hop on Google and you put somebody's name in, that's probably going to pop up the first 10,

[00:23:34] 15 links, their home address, the name of their spouse, their phone number, their email address.

[00:23:39] And it's all just publicly available information. And that makes you an easier phishing target

[00:23:44] of somebody can call you on your phone and reference your spouse's name and reference

[00:23:49] your city that you live in or spoof an area code so that it looks like it's coming from your neighborhood.

[00:23:55] That's all the easier to fish you. Whereas if somebody is just completely blind about any

[00:24:01] information about you, you're going to be a little bit harder to fish. And so there are certain

[00:24:04] services that you can subscribe to, to clean up your digital footprint a little bit,

[00:24:10] they can remove some of your data from these data brokers. Services like delete me,

[00:24:16] do a good job of automating removal requests, data removal requests on your behalf.

[00:24:22] They don't do anything that you can't do yourself. There's a way of requesting removal

[00:24:29] from each data broker manually. The problem is there are hundreds of them and it's time consuming.

[00:24:37] And once they're removed, they might repost that same information two, three months later

[00:24:42] because they've scraped it from somewhere else and they've reposted it. If you subscribe to

[00:24:46] delete me, you pay an annual fee and they quarterly go and search for your information.

[00:24:51] If they see it, they automatically submit new removal requests. So if you value your time

[00:24:57] at all, it's worth subscribing and not trying to do that manually.

[00:25:01] Man, what is your perspective on the future of cybersecurity and family law?

[00:25:07] How do you see it evolving? Positive and negatively?

[00:25:11] I'm trying to be more positive because you touched on a negative tone there, but

[00:25:15] it's hard to be positive about the impact. It's just going to keep

[00:25:21] increasing that intersection between the two is just going to keep increasing.

[00:25:25] Nowadays, most court appearances are on Zoom. So you're opening the door to more

[00:25:31] digital attack surfaces to your point about deep fakes. That's scary. That's scary stuff.

[00:25:37] If you can use an AI model to have your spouse doing something, saying something that they didn't

[00:25:45] say that they didn't do and you're using it as evidence, that's going to be a problem.

[00:25:48] That's going to be a hard thing to prove. And lawyers just, for the most part,

[00:25:52] aren't equipped to try to prove that, to try to dig into that because most people aren't.

[00:25:57] The intersection is just going to keep growing. It's going to keep getting

[00:25:59] worse in terms of the risks of cyber breach, cyber attack. I think it already

[00:26:06] intersects in certain areas like borders of protection, custody cases,

[00:26:10] but I think it's just going to continue to increase.

[00:26:14] All right, sir. That was pretty good. I'm going to drop some knowledge,

[00:26:18] not knowledge, but one of my things is I always tell my friends and my family that

[00:26:23] every computer is built to fail. That's probably true.

[00:26:29] And they say, so tell people out there where to find you. We can talk about it in law,

[00:26:32] but that was good, man. That was awesome. Tell people out there where to find you.

[00:26:36] Sure. I've got a website, stealfortress.com. That's got my contact information,

[00:26:41] so that would be a good place to look for me.

[00:26:44] So is there like a, I know there is the ABA and all these

[00:26:48] law organizations, is there a law cybersecurity organization yet?

[00:26:53] Not that I'm aware of. You know, I'm first.

[00:26:56] You could be it.

[00:26:57] I've been hearing a lot lately that I'm just like a very unique.

[00:27:00] Wow.

[00:27:02] Person that people does. It's not a very common intersection. Lawyers just aren't trained in

[00:27:08] security and security people aren't trained in law. So it's a unique intersection.

[00:27:15] All right, Jonathan, hold on the line here, but thank you very much for your time. I really

[00:27:19] appreciate you taking time at 530. And thank you for being my second, my first second guest.

[00:27:25] Thanks for having me.

[00:27:26] That was awesome.