BusinessPodcast

The Invisible Threat: Cybercrime and Your Law Firm with Dylan Evans

Apple | Spotify

Episode Description

In this episode, Lauren delves into the critical topic of cybersecurity for solo and small law firms with guest Dylan Evans. The conversation explores the real-world threats of cybercrime that even smaller legal practices face, dispelling the myth that only large corporations are at risk. 

Dylan provides eye-opening insights into how cybercriminals operate as an industry, targeting law firms of all sizes due to the sensitive nature of client information they hold. He emphasizes that while achieving perfect security is impossible, firms can significantly reduce their risk by implementing some critical practices.

The episode covers:

  • Why law firms are particularly vulnerable targets for cybercrime
  • The principle of not needing to be “bulletproof” but more secure than other easy targets
  • The importance of identifying and protecting the most critical business processes
  • The value of outsourcing certain security functions
  • A practical recommendation for improving personal and business security

Lauren and Dylan discuss the challenges of staying up-to-date with rapidly changing cybersecurity best practices and the limitations of traditional “defensibility” approaches. The conversation aims to empower solo and small firm lawyers with actionable steps to enhance their cybersecurity, balancing the need for protection with the realities of running a small business.

This episode provides a starting point for lawyers to think critically about their firm’s cybersecurity practices and offers resources for further learning and implementation.

Listen now!

Episode Resources

Video: Password managers explained

Book Dylan as a Speaker

Get in touch with Dylan

Episode Transcript

DYLAN: [00:00:00] Criminals figured out how to break into it in a scalable commodity way. They can go buy software that overcomes that so easily. And so the difference between what is defensible and what works in cyber has almost no overlap.

LAUREN: Welcome to A Different Practice. I’m your host, Lauren Lester, and I’m obsessed with all things business, well being, and optimizing the practice of law for solo and small firm lawyers.

I started my solo practice right out of law school, built it from the ground up, and now work part time while earning well over six figures. I’m here to share tangible, concrete tools and resources for ditching the legal profession’s antiquated approach and building a law practice optimized for profit and efficiency.

Think of this as grabbing coffee with your work bestie, mixed with everything they didn’t teach you in law school about running a business. Pull up a seat, grab a cup, and get ready to be encouraged and challenged. This is a different practice. [00:01:00]

Hey everyone, welcome back to a different practice. Tell me if you’ve had this moment.

You get an email from someone whose name you recognize, or maybe it’s someone you met a little while ago, but something in the body just seems off. Just maybe the way they wrote some words, or maybe you’ve corresponded with this person in the past, but this email just. doesn’t quite sound like them. You think maybe you’re just thinking about it too much and overanalyzing and maybe they’re just trying out a new way of phrasing things.

So you go ahead and click on the link in the email. Or maybe your curiosity just gets the best of you and you’re wondering What is this? What’s going on? I need to figure it out. So you try to investigate further. This actually happened to me the other day. I got an email from what looked like PayPal saying that somebody had sent me money and it was like several hundred dollars.

So I thought maybe it was a new client paying their deposit or maybe [00:02:00] because I didn’t quite recognize the name, somebody who was paying on behalf of a client. And that certainly happens sometimes, but the amount was weird. And that’s what made me pause. It was like 706 or something. And that’s not an amount that I sell anything for.

So despite my Very strong curiosity to figure out what this was and why somebody was sending me 700. I just deleted it. I figured at the end of the day, if it was actually a client trying to pay something with a very weird amount, they would reach out because I would ask every new client, Hey, you haven’t paid your deposit.

What’s going on? And the facts would kind of come out. Of course, that never happened, and I got lucky and trusted my instincts in this moment. Hopefully, if this has happened to you or something similar has come across your email, you’ve had that moment where something just stops you. There’s that voice in the back of your head, your instinct kicks in, and you just realize that something isn’t right.

But it happens all the time. These emails are [00:03:00] sent all of the time, and it can happen to any of us. no matter how big your firm is. If you fall ultimately into a criminal’s target market, you could be just that, a target. So how do we protect ourselves when this is becoming more and more prevalent in the world that we live in?

That is exactly why I wanted to have this conversation today. I don’t hear enough about cybersecurity in our profession. I don’t know if that’s your experience, but for me, I don’t see CLEs on it. I don’t see it constantly talked about. I know my malpractice insurer has a policy for it that I sign up for, but that’s about it.

That’s really the only touch point within the legal profession I feel like I get. So I wanted to start to have a conversation about it on here. And today I am talking with Dylan Evans. Throughout his years in cybersecurity, Dylan has noticed that adjustments to business processes, as well as management strategies, usually deliver better results than the [00:04:00] conventional practice of extra tech spending.

And many businesses actually overspend on security for only a nominal amount of protection. So in my conversation with Dylan, we dive into the real life threat of cyber criminals, even for us solo and small firms and how we can protect ourselves, our businesses, and our clients. I will fully admit that this conversation was uncomfortable for me at times because it exposed such a serious risk that is clearly out there, whether we want to admit it or not.

It was really scary. There were moments. I felt overwhelmed. I think you’ll hear me say overwhelmed several times because I don’t know about you, but I don’t like risk. I don’t like feeling like there’s something lurking under the water. I want to know what can I do to protect myself, my business, this business that I’ve worked so hard to build.

And more importantly, at the end of the day, my clients and their information, what can we do to try and protect ourselves? I know nothing is going to [00:05:00] be safe. Absolutely foolproof. I know that there is no way to minimize the risk to nothing, but I feel like there can be more that we can do. And we just don’t know because it’s not talked about.

We don’t have those tools in our toolbox yet. So this conversation is meant to be a start of one of those tools. Certainly doesn’t have all of the answers, but I’m hoping that it will continue on with the discussion. If you do listen and have any questions afterwards, want to dig in more, certainly leave either a voice memo or shoot an email and let me know what your questions are and we’ll have Dylan come back and answer them.

But for now, I hope you find this conversation enlightening. I’m sorry if it’s a little bit scary, but I think it’s something that’s good for us to talk about more often and more openly. And even though the approach to cybersecurity is going to be individual to each business, do stick around to the end because Dylan does share the one thing we can all do today to start to protect ourselves.

And it’s something anybody can do. And from my own personal experience, I [00:06:00] know it does make a world of difference. So here is my conversation with Dylan Evans. Welcome Dylan to a different practice. So excited to chat with you today.

DYLAN: Thank you. I am really excited to be here.

LAUREN: So this is a topic that I think a lot of solo and small firm attorneys theoretically know about, maybe have heard a little bit about, but they quickly run into a roadblock because it feels very overwhelming.

Don’t know where to start. There’s so much information online. And it’s also really scary in terms of the risk that can happen. What, when things go wrong, what does that look like? And we are certainly in a profession where client data. Privacy confidentiality is of utmost importance. So I’m excited to have this discussion with you today to hopefully have our listeners feel a little bit better about cyber security and what that means and what that might look like for their firm and then have some Some action items where [00:07:00] they can start taking steps to put things in place to really protect not only themselves and their business, but their clients.

So can you start by just telling us cybersecurity is a very big word. It’s in the news all the time. Of course, we hear all of the data breaches and the hacks, right? Those get pumped up in the news cycle. What are we talking about when we talk about cybersecurity from a sort of small to medium sized business perspective?

DYLAN: This is the best question, in part because it is a very different answer from what you see in the news. It is both a lot worse and a lot, like, less severe. depending on the business. Maersk was in the news four years ago and they had to sue their insurance provider based on a contract from like 1973.

Like they hadn’t updated their policy since then and it was just [00:08:00] like general business liability. And they, they had a claim of four billion because like a Russian virus got loose and infected all their ships and they were out for like four or five months. And just like one of the four biggest shipping firms, they were sad.

To say the least, I’m sure. To say the least. But, you know, if you run like a retail outlet, you know, upscale toys, I don’t know, what’s the worst that could happen? Who cares? Right? If, if my dentist, and he did, lose my dental record to thieves, man, and he had to like, notify me, right? I didn’t even open the envelope.

I don’t, I don’t care that a criminal has access to my, my dental x rays, and, and neither should you. Like, what are they going to do with it? But lawyers, small practice lawyers, have an entirely different risk profile than most other small businesses, even dentists and [00:09:00] doctors, because what you sell, especially business lawyers, like if you’re, if you’re doing business law, what you’re selling is trust.

You’re not selling a commodity product. People go to you because this is the biggest deal in their life right now. They’re acrimoniously separating from, like, their business partner, or they’re mortgaging the farm so they can buy the neighbors, or, you know, getting divorced. These are high. important things in people’s lives.

And if what you’re selling is trust, that is perhaps the most vulnerable to theft because it’s so easy to break. I mean, [00:10:00] if my divorce attorney loses my file to Facebook and I get a notification from some Bulgarian crime ring saying, you know, we’re gonna, we’re gonna pay us, pay us 200, 000 or. You know, we’re going to send it to your grandma.

All that stuff under attorney client privilege. And it gets out there. Man, that’s my life. I’m not just going to sue that guy. That’s, that’s me in my worst moment. I’m going to stab him. He ruined my life. And like, I’ve been to bench and bars where there’s family practice talks about how not to get stabbed.

Like, this is a real problem.

LAUREN: Are the criminals, I guess, the folks who make a living, get joy out of doing this in a very sick way, are they, because of that trust factor, does that make us more susceptible to attack? Like, are we a target? Even if we’re a small [00:11:00] or solo firm who maybe doesn’t have hundreds of clients or thousands of clients we might think, Oh, we’re a small fish in a very big pond.

No one’s looking at us. Is that true? Or are we sort of pulling the wool over our eyes unintentionally and thinking we’re not actually at risk?

DYLAN: There is a big reporting problem in security. If you are a big business, Maersk, or, I don’t know, a credit bureau, Equifax, for an example, you are so big, if you get nailed, there’s no way you can keep that under wraps.

So, we have a, the, the, the hacks we hear about, the damages we hear about, are heavily skewed towards bigger targets. In truth, small businesses get nailed every day, but because of this same [00:12:00] trust issue, they are extremely reticent to tell anybody. You probably know in your professional circle two or three people who have had terrible experiences in this space and they’ve never told you.

And maybe, maybe they almost lost the business. Maybe they’re, maybe they paid a ransom. Maybe they set back their retirement by seven or eight years. Like, and, and you just don’t know. The crime industry is an industry. It has suppliers, it has marketplaces, and, and like, supply chains. These, these people aren’t out to get you.

They’re just working at a call center, right? You’re, you’re like a sales lead, and if they’re likely to get less money out of you through a scam than, say, a Fortune 500, Yeah, but they’re still going to go after you, it’s just they’re not going to spend as much on you. So you’re [00:13:00] going to get like, you know, the, the 23 year old call center person instead of the white glove, you know, can fool anybody team from with years of experience.

LAUREN: I think that’s a helpful perspective that it’s not personal necessarily. Like the fact that this is an industry, albeit a very contorted weird one. But yes, they’re just looking to make Money just in the same way. We’re looking to make money, except we’re out trying to help people in some of their worst moments in life.

So, right. The honor is a little bit different, but to think of it as it’s not necessarily personal, but on the same side of that coin, that also means that there’s no empathy, compassion, like they just want to make a buck. And so we do have to protect ourselves as businesses with this information in this space of creating trust with our clients.

But it’s helpful to kind [00:14:00] of know that yeah, somebody isn’t looking up Lauren Lester’s law firm in particular, they just happened to come across me and go, Oh, great, I think this, this could be a quote unquote, lead that we can get something out of, right?

DYLAN: No, what happened is they got your name off some forum, big green egg forum, or I don’t know, whatever thing you do, or maybe they got your name off of, you know, Your Bar Association webpage got broken into and they stole all the members contact information.

And just like Google or Amazon or any other, you know, marketing list broker, they said, here’s a profile, which, I mean, you can buy a list of non profits in St. Louis pretty easily. The same lists are available with, like, except it includes your password and [00:15:00] your social and your credit card for law firms.

There are marketplaces for it. You can go searching. And you’re gonna get on there. Like, there’s not a lot you can do to stop your information from getting out. A lot of that’s outside your control. There’s, there’s companies you have to deal with, and you have to prove that you’re legit. And that means you give them secrets.

And that means The only way to reliably stop yourself from getting nailed is to be real careful about the risky processes you run. And that differs by, by practice.

LAUREN: Now that we’re all thoroughly terrified. Oh my gosh. Right. Cause you’re right. It’s public information. It’s out there. There’s no way that it cannot be out there. We’re trying to run a business. Like we have to be out in the public. And so. I don’t [00:16:00] know if it’s fair to say it’s a not if but when, which really sounds terrifying.

But I I’m hopeful that at least gives everyone the understanding of the seriousness that this is not something to put your head in the sand. Oh, this only happens right to Google. This only happens to Equifax, these huge companies that it can absolutely happen to us as solo and small firm law firm owners.

But I’m hoping That you can put our minds a little bit more at ease that we have some steps that we can take to protect ourselves, that we’re not just sort of fish in a barrel just waiting to be speared but that we can do stuff for our business to. Help protect ourselves and particularly our clients information.

So can you please share so we can all feel a little bit better? What some of those things are that we can do to improve our security?

DYLAN: There are two principles, overwhelming principles, and these are not quick tricks. I’m not into quick tricks. [00:17:00] That’s a ranch for another day. Two principles. The first is You do not have to be bulletproof.

There’s, there’s, you know, the story about the bear and the running shoes and the hikers. No, very popular in the cyber world. Okay. So two hikers, I can let’s say the Rockies and, and they see a grizzly maybe two, 200 yards down and the grizzly sees them and gets grumpy fast and starts barreling towards them, fangs, everything.

One of the hikers takes off his backpack and starts unlacing running shoes off of it and starts putting them on. And the other guy’s like, what are you doing? You’re never going to outrun that bear racing shoes or not. And the guy keep putting on his shoes and says, I don’t have to outrun the bear. I just have to outrun you.

I mean, as callous as it [00:18:00] sounds, this is a winning strategy. This is the most winning strategy. You just have to increase. The cost, the effort, the difficulty of people nailing you so that it’s not worth it for them. Think of it like in sales terms. They’re already running like a 6 percent conversion rate on the list they’ve got.

If you take that to 0. 5%, it doesn’t make any economic sense anymore to keep banging on you. And that is so much easier than the cyber industry makes it sound. Because all you have to do, you don’t even have to stop attack. All you have to do is stop attack that’s gonna really mess you up. And this depends on the business.

If you, like, Finally, some good news for bankruptcy attorneys. If you’re a personal bankruptcy [00:19:00] attorney, you don’t care. Everything you file is public anyway. What are they gonna do with it? You don’t even have, like, like, trust accounts that you have to maintain access to and, like, carefully validate payment information.

You There’s not, you’re not transferring huge buckets of cash. If you’re, if you’re a bankruptcy attorney, call that a win. Like security is not a big deal to you, just go buy the insurance policy and move on with your life. But if you’re an M& A attorney, like that’s dangerous stuff. You’re billing 800, 000 an hour and shepherding very high value acquisitions that are under wraps until the very right time.

If that gets out and a short seller gets it that might, that might get exciting.

LAUREN: That’s good to know. So really is looking [00:20:00] at for each individual law firm owner. I almost think of it as like, what type of information do you have behind that closed door? If like a bankruptcy attorney, there really is no closed door. It’s sort of wide open because that’s just the nature of that practice area.

Not so much of a big deal, but in the M and a example, in the divorce example you gave earlier, right? There are Confidential conversations that happen. There’s confidential information that isn’t outside that closed room door. And that’s really where the value is to somebody who wants to do a cybersecurity attack because they know you’ll pay or do something to keep that ideally in that closed room door.

And that’s where really the risk gets heightened.

DYLAN: Yes. So this doesn’t take very, very much thought. It doesn’t have to be hard. You don’t need advisors. I mean, sometimes it helps to have someone to bounce ideas off of, especially if they know the space. But just think to yourself, this is, this is a [00:21:00] space of my business.

Talk through, all right, what do I, what do we do? If a terrible person had control of this capability, maybe it’s accounts payable, maybe it’s the email system for two weeks and did the worst possible thing with it, Facebook or sold it to short sellers or whatever. Ransom my clients, what would happen to me?

And you just go through the list. And if the answer is like, I don’t know, I might be out a couple months of revenue, then it’s not a big problem. You’re fine. If it is, I’m going to lose my business, or my portfolio of practice is going to reduce by 70 percent over the next quarter, you might want to consider that capability.

And how do you make that more resistant to crime? And start with that, and then go do the next one. And it’s really more about, [00:22:00] like, you get a huge amount of value from standardizing things, because that’s what criminals do. They try to sneak in through the cracks, right? They try to pretend to be legitimate.

And if you got really sloppy practices about, like, let’s take trust account management. You have sloppy practices about verifying the payout information. Your odds of getting defrauded are much higher and so sitting down, you can even outsource this stuff if you do it properly, that can have a lot, a lot of benefit because there’s a, a lot of maturity in this space that honestly it’s not worth your time to develop, right?

Accountants have been doing, like, stopping fraud since like, I don’t know, 3000 BC. You think you’re going to do a better job? Like, you’re smart. But. Do you really want to spend the time to get that smart in that area? [00:23:00] Like, we got software that can do this stuff.

LAUREN: Yes, much better than we can.

DYLAN: Yeah. So strategically outsourcing, especially to eliminate like single points of failure can be enormously valuable.

I promise you are also not good at it. Even if you think you are, I’m going to tell you right now, no one’s good at it except maybe Amazon. Don’t try. It’s not worth your time. Just, it’s, it’s so cheap to get a cloud based platform. And it’s fairly easy, if you know what you’re looking for, to vet them, to vet their relative strengths because there’s a big difference between someone that’s really sloppy and someone who’s real tight.

LAUREN: That makes a lot of sense. So not. Feeling like we have to be bulletproof that gave me a wave of relief when you said that I was like, Okay, I don’t have to like have all the answers and do all the things and certainly know where my lane is and outsource [00:24:00] where need be. What was the other principle that you mentioned outside of not feeling like we have to be bulletproof?

DYLAN: Right. So, in particular, you don’t have to be bulletproof, but you just have to run faster than the next lawyer. A little bit will set you up quite well. I mean, think about how poor most people’s practices are. If you invest just a little bit in tightening up the riskiest processes and the riskiest capabilities, that goes a really long way.

It’s also a lot cheaper than, like, buying a whole bunch of cybertech, like, you know, You read on the top 10 listicles on Google, like how to be secure. They always recommend like go buy all this. Equipment that blinks in your closet. Think about how you might get really nailed. And see how careful you can be about that.

I mean, you don’t want to go overboard. You don’t want to spend [00:25:00] an hour per transaction. But if you’re dispersing like 20 million dollars, maybe an hour is worth it. Video call. Have them show a photo ID. No excuses. This is our policy. That goes a long way.

LAUREN: And you said there, I mean, are some of the outsourcing or the vendors, are there folks who can come in and help do that?

If somebody feels like, I think I could get a maybe general sense of where the holes are or those cracks are in my processes, but maybe I would feel better to have a fresh set of eyes come in because we’re in this every day, right? So we’re blind to some things. Is that part of what those outsourcing vendors can do?

DYLAN: This sort of thinking is actually really hard to find. And this is the problem with the cyber industry is that it’s not geared towards stopping crime. Everybody thinks it is, but what it’s mostly geared toward is defensibility. When the breach happens, when the bad thing [00:26:00] happens, allowing people to say, look, I did the reasonable thing and either defending against the shareholder lawsuit or keeping your job.

But the goofy thing, I mean, how long does it take for defensibility precedent to get established? 10, 20 years, right? Often, what’s the standard of care for what a reasonable person would do? It’s not, it’s not fast, but security moves fast. What the multi factor Mechanisms that worked great two years ago haven’t been working for like nine months.

It’s, it’s just for show. You get that little token texted to your number, man, that is so easily, I mean, hard, does hardly anything anymore. Terminals figured out how to break into it in a scalable commodity way. They can go buy software that like, overcomes that so easily. And so the difference between what is defensible and what works in cyber [00:27:00] has almost no overlap.

I know this is not what you guys like to hear because, you know, you’re about defensibility and you’re about reasonableness, but this is such a confusing space because it keeps changing. And even the experts, once you get to be an expert, you’re not usually in the nitty gritty anymore. And you’re just preaching what worked six years ago.

It’s really hard to stay up to date. Some people do it, but there’s too much uncertainty. So this is, this is why I started my company, is because I figured somebody wants to know how to actually stop the crime. Because if you go to any cyber shop, they’re going to give you the defensibility answers.

They’re going to measure your maturity against the best practices that worked in 2006. And they’re going to tell you a big list of problems, usually technical ones. And with the implicit message that if you fix all these things, you will be safe. And if you [00:28:00] believe checking things off a 20 year old list will make you safe, I have a bridge in Brooklyn to sell you.

So we, we have, we mostly aim at large firms, 50 million and above, and like other high trust professional services, like engineering firms that do a lot of IP, because they have something to lose. They’re like, for lawyers, for high, these high trust professional services, if you get nailed, your cyber policy will get you back on your feet.

They will not bring back your customers. That is never covered. And that’s where the risk is. But we do have kind of a one off service of basically like we do this for you. We sit down with your, you know, your finance person, your marketing person, how the major components of your business and do an inventory of what all you do.

And then we tell you what’s scariest, what is actually worth your time.

LAUREN: Is there one thing that law firm owners Can do today that you would recommend like to [00:29:00] get started? Cause again, it, it does feel overwhelming and we are trained to identify risk and issues. And so, you know, hearing things like that, it’s sort of an extra red flag, I think, in our heads and we really focus on it.

So I want folks to. Hopefully feel like there is a solution out there. I get that. It changes. Technology changes constantly, right? Like the, the criminals are going to figure out a way around all the new things. I mean, that just has been that way for all of time. So I think there’s no benefit to constantly worrying about that, but trying to have a plan in place to.

Be as proactive as we can and aware as we can so that we kind of always have eyes wide open. Is there one place to start or that folks can do so they can at least feel like they’re going in the right direction?

DYLAN: I’m going to give you a really sassy answer.

LAUREN: We love sass.

DYLAN: It depends.

LAUREN: Our favorite two [00:30:00] words.

DYLAN: I know your favorite two words. I mean, in effect, it’s for the same reasons. Right? You would not, if someone came to you and said, What’s the one thing I should make sure I have in my trust document? It depends! It depends on what your, the purpose of your trust document is. And do you think it’s going to get challenged by Aunt Nellie?

It really depends. There are some easy wins. There are like some, some things that apply to almost everybody. That work a lot really well, so I’m, I’m a little bit gonna back off, it depends. I would say the weak point in a lot of people’s personal security is passwords. Because the security industry is bananas and like for four decades have been preaching, you know, none of them can match, they all have to be gobbledygook, they have to be super long, and you have to change them every 30, 60 days or something like that.

We are not password remembering machines. That [00:31:00] is not what we’re good at. It never worked. And the best approach right now is to get a password manager and have it automatically fill in the password into the sites with your goal being to no longer know any passwords except the one that gets you in your password manager.

So you have one password in your life and it gets you into one thing and you never type it anywhere else. Thanks. And then, if your password manager refuses to fill in your password, you can’t override it very easily, right? Because you don’t know it. It’s like 63 characters of gibberish. And in doing so, this affords you time to wake up.

Because it’s 6 20 in the morning on a Saturday and you’re banging through emails and you click the link because you’re you’re just trying to hurry and it’s a criminal and they [00:32:00] say it’s your bank your password says This ain’t your bank. I, I’ve never heard of this place in my life. And so you have to go through all these extra steps of trying to get the password and username all filled into this phony website, and that gives you more opportunity to notice that something is weird.

I’ll emphasize this works best when you’re done, when your whole life is in this thing, when you never type a password again. Because when that happens, when you no longer type a password again, that’s when you get most of the value of this is weird. Also, there’s a lot of password managers out there. I would say you do not want to be buying or getting the free version of the Smirnoff Ice version of Password Manager.

Like, you want top shelf stuff if you’re going to be entrusting your life to this. 1Password and Bitwarden are kind of the two top trusted brands right now. LastPass used to be real hot, and then five years ago they liked it. Exploded. That was bad.

LAUREN: But that’s a really [00:33:00] simple, I mean, I shouldn’t say simple, maybe simple in concept, but like you said, it can take some work to get everything in there.

Go through all the logins that you have put them in most likely update passwords that are now are matching or are not as complicated or involved. But once you do get it in there. I have had that moment of why isn’t it automatically filling in? Oh, this is not the actual sites. Like it does give you that half a second beat to realize something weird is going on here and that can really be the moment that you go in one direction or another.

So think of password manager, something we can all do, even if it takes a little bit of investment in time to get it set up, that can really be a good starting point have that security in place.

DYLAN: Yeah, it really isn’t that big of an investment either. It sounds scary because like most people haven’t done it and you don’t know how, how big of a lift something is going to be when you’ve never done it before.

Honestly, most people get it done in less [00:34:00] than 10 hours, five or six minutes at a time over the course of a month. You install the Chrome plugin, the extension, and as you log into places, it says, Hey, do you want me to remember this? And you always click yes. And then once you got a bunch of them in there, you start rotating them out for random strings of gibberish.

Just as you go to it next time, and then maybe at the end of the month, you run, it’s little, like, are any of my passwords real sketchy? Did they show up in, in breaches? And are they known by the criminal underground? Like, Bitward knows, 1Password knows, and they’ll say, like, yeah, these ones are at risk. Go change these ones first.

It’s not too hard. It also works pretty well for teams. You can buy team versions and that allows you to extend the string of gibberish to, like, different members of your team maybe because, like, you only have one login to Westlaw or something. Actually, no. Forget I said that. You should always buy all of the subscriptions to Westlaw.

LAUREN: They’re going to come after you. They heard that.

DYLAN: They’re going to come after me. I am not a lawyer. Your mileage may [00:35:00] vary. And it allows you to extend access. extend a credential to other people. And if they leave, it’s a, it’s a long stream and gibberish. Even if they copied and pasted it, you can rotate it when they leave.

And like all the other people, it’s just going to be auto filling. You won’t have to change it anywhere else. It’s it’s stupid proof, which is not a term I use lightly.

LAUREN: No, it is a really simple way that with just a little bit of time, it’s sort of monotonous. I will say like, I’ve done this to get it all in there.

But like you said, if you just kind of go slowly, Use the passwords as they come up as you’re engaging with your bank side and your case management side and your scheduling. I mean, like it’ll prompt you, but kind of being more aware of it, it definitely is doable with a little bit of time and has a huge impact.

DYLAN: Yeah, it’s, it’s time well spent. And when you’re done, you’re going to be saving yourself time. Think of how much time you waste in a month. messing around with passwords, like [00:36:00] resetting them, getting them wrong. Security, nothing. This is going to pay for itself in two months.

LAUREN: And I don’t remember. I have one password.

I don’t remember it being expensive. Like it’s kind of a no brainer. Yeah.

DYLAN: It’s a coffee a month. Well, maybe a cappuccino a month, but either way.

LAUREN: Yes, it’s in the grand scheme of things of my expenses. It is a drop in the bucket and well worth its money and gold. So yeah, it’s not thousands and thousands of dollars.

It’s pretty, pretty inexpensive.

DYLAN: If you want help with this, I do have a series on YouTube. It’s like And it’s so hard creating good content. And like, you have to be good so many things. So it’s like the production values are not high. This was a couple years ago, but it’s out there. We can, we can link it in the show notes, explaining the right way of doing a password manager.

LAUREN: That would be great. And I think that gives folks not only something to do today, but then a resource to kind of continue to dive into this area and put the protections in place. Certainly You know, look at [00:37:00] your resources, other outsourcing vendor resources. I know that you have a talk, I believe, on what to look for in a vendor.

So if anyone would be interested in having that for their organization or their team, right, you can come and talk to them about what to actually look for. If somebody is like, I don’t want to deal with this, please have somebody else do it, but you want to make sure you pick the right person.

DYLAN: Yes, there’s there’s a lot of misconceptions in this industry, and following them can be very expensive.

LAUREN: That’s certainly something we want to avoid doing it right the first time going to save us a lot of time and headache. Thank you so much for your time today. This was really enlightening. Like I said, a little A little terrifying, but I felt really good about having an option or a step forward to start to put this process into place, understanding that it is doable and that there are certainly folks like you out there who are helping us as small businesses do as much right as we can.

So really do appreciate your time.

DYLAN: Thanks very much, Lauren. It’s [00:38:00] always fun.

LAUREN: I’m over here giving you a virtual high five because you just finished another episode of a different practice. For more from this episode, head over to a different practice.com/podcast for the show notes. If you found this episode helpful, I’d love it if you’d share it with someone who might like it too.

Be sure to rate the show wherever you listen to podcast and don’t forget to subscribe so you never miss an episode. If you’re ready to unleash your firm’s potential, grab your free guide to the six pillars of optimization today. I have tried everything and made all the mistakes in building my business over the last near decade.

I figured out what works and what’s essential. Now I’m sharing the six essential pillars every law firm needs, key factors for implementation and optimizing each. Grab your free download today at adifferentpractice. com slash optimize. I can’t wait to connect with you next time. Until then. Keep building a different practice.