How COVID Changed Our Cybersecurity Landscape

Episode Notes

Transcript

[Music]

Male: Got the world turning as fast as it can? Hear how technology can help, legally speaking, with two of the top legal technology experts, authors and lawyers. Dennis Kennedy and Tom Mighell. Welcome to the Kennedy-Mighell Report here on the Legal Talk Network.

Dennis Kennedy: And welcome to Episode 287 of the Kennedy-Mighell Report. I am Dennis Kennedy in Ann Arbor.

Tom Mighell: And I’m Tom Mighell in Dallas. Before we get started, we’d like to thank our sponsors.

Dennis Kennedy: First of all, we’d like to thank Nota powered by M&T Bank. Nota is banking built for lawyers and provide smart, no-cost IOLTA account management. Visit trustnota.com/legal to learn more. That’s N-O-T-A, Nota. Terms and conditions may apply.

Tom Mighell: Next, we’d like to thank Colonial Surety Company bonds insurance for bringing you this podcast. Whatever court bonds you need, get a quote and purchase online at colonialsurety.com/podcast.

Dennis Kennedy: And we’d like to thank ServeNow nationwide network of trusted pre-screen process service work with the most professional process servers who have experience with high volume serves, embrace technology and understand the delegation process. Visit servenow.com to learn more.

Tom Mighell: And with so many new podcasts announcing their very first episode these days, we occasionally like to mention that at 15 years in counting. This is the longest continuously running legal tech podcast out there.

Dennis Kennedy: In our last episode, we looked at the current state of legal publishing options online and offline and how you might to rethink your own approach to publishing in the legal work. In this episode, we decide to revisit cybersecurity and how COVID has changed the cybersecurity landscape and what all we can do to protect ourselves these days. Tom, what’s on our agenda for this episode?

Tom Mighell: Well, Dennis, it is edition of the Kennedy-Mighell Report. We will indeed be talking about cybersecurity, old and new cyber threats and what we can try to do to protect ourselves and each other. In our second segment, we’re going to do another round of our new Hot or Not Series. And as usual, we’ll finish up with our parting shots, that one tip, website or observation that you can start to use the second that this podcast is over.

But first up, how or whether COVID has changed cybersecurity. And I think it’s going to be how because it’s not for the better. I think it’s arguable that from a cybersecurity standpoint, 2020 was the worst year on record. Because over the past year while the rest of the world was taking a break from going into the office, cyber criminals were instead keeping quite busy. And by all accounts, it has been a lucrative year for them whether state actors are trying to infect the networks of as many American companies as possible or ransomware leading the people hoarding gasoline in plastic bags. The threats just keep on coming.

So Dennis, let’s talk about cybersecurity. What in cybersecurity worries you the most these days?

Dennis Kennedy: Yeah. It’s sort of like what doesn’t. So I think the three big ones out there are, first and foremost, ransomware then I think the sort of lack of understanding, knowledge and good practices on the security involving collaboration and collaboration tools and this availability of scripted attacks on known vulnerabilities making it very easy for people to use existing vulnerabilities to break into systems and that’s like a killer three right there. We’ll dive into some more but that’s plenty. And like you said, the cybercriminals, the state actors. Everybody is working overtime and I agree with you Tom with a lot of success.

Tom Mighell: I think you’re right. I think, for lawyers and firms, ransomware is the number one threat right now. I think it’s been the worst problem. We’ll talk about that a little bit more. I really think that the second biggest threat in my mind right now is what we would call supply chain or service provider threats. The solar winds hack was a classic attack to try to get to as many companies as possible through a supply chain provider, someone who is in the chain. You only have to infect one to infect a whole lot. Here in Texas, that’s what happened with a manage services provider who provided IT services to lots of companies including law firms. Just make sure they’ve gotten hacked, they’ve gotten malware and you can spread it to as many companies as possible. But I will tell you. Let’s bring it down to a very personal level.

(00:05:00)

I am finding threats against me on a daily basis these days. I will tell you that over the past two weeks, and I’m glad we decided talking about this subject, but over the past two weeks I’ve had several emails telling me that I’m trying to recover my Instagram password. So someone is trying to get to my Instagram password, which is interesting. That doesn’t quite bother me. The one that bothered me the most was I got an email from LastPass. My password security saying “It looks like you’re trying to do an account recovery. You want to recover your account. Let us help you.”

Well, I’m glad that I have multi-factor authentication setup. I’m glad that I have a ridiculously hard password on that account. I emailed LastPass to say “should I be doing anything else?” They said “Nope. You’re in good shape. You’re fine. They can’t recover it because that link is going to you. It’s not going to somebody else.” But the fact that it’s happening and it’s happening more often than it did before really, I think, shows what this past year has been. I think the number of attacks are starting to step up.

Dennis Kennedy: Yes. So I’ve been thinking about it. We just see more of the same or is this something completely different or it’s just gone up a level? And so what is happening out there? And I guess that my sense is that it’s just taking the existing issues and attacks and kind of moving up a notch evolving them, just getting better at them while people have kind of let their guards down. The one exception I would say is I listen to webinar probably like two months ago where Bruce Schneier, the cybersecurity expert, was talking and I could tell you he really unnerved me with his concern about the state attacks; namely Russia and China, and then potentially what our own government is doing.

But that kind of made me realize there’s a bunch of vulnerabilities out there and there is a lot of exposure out there. But some of this just goes back to the people — risk has been a big one for several years now. A lot of these attacks come on known vulnerabilities from systems that are updated or, as you say, people aren’t vetting their third-party providers, the whole supply chain thing. And then I think it’s — we’ve been talking about for a few years’ time about security and collaboration tools but that’s — I don’t think we pay enough attention to that and then the phishing attacks and what’s known as spear phishing to make it seem like very plausible that somebody is reaching out to you. I mean, that’s become an art form these days and that has become super dangerous. So I don’t know that it’s, like you said, other than the state actor thing which seems like it has caused a lot more concern. It sort of seems like just the bad actors have gotten better at all the different techniques and that we, as users, have gotten lazy.

Tom Mighell: I think people are still the problem. I think if you look back at the 2020 ABA legal technology research or legal technology survey that the Legal Technology Resource Center does every year, on 43% of lawyers are using file encryption. 40% are using email encryption or two-factor authentication. 30% use full disk encryption on their laptops.

This is still just amazing to me. There is just still maybe not a lack of awareness but a lack of understanding that this is important to be doing. So I think that people are still going to be the most successful attack vector to the hackers to do. I will say I think that COVID and 2020 was a boom for hackers because security people took their eye off the ball and they spent their time focusing on things like “how do we get our team up and mobile and working from home and let’s maybe–” there is a company Tanium, I guess. They’re a security management provider. They were saying that 93% of companies delayed security projects in 2020 because they had to take care of other things. 43% of them delayed or stopped patching vulnerabilities altogether. And so I think hackers just jumped into that and said “Let’s take advantage of that situation.”

I think that hackers are getting better. We’re also seeing more things that are subject to being hacked. I’ve seen a lot of things a lot more biometric information, facial images, bigger target than in the past. I think we’re seeing a lot more what we would call zero day exploits which is flaws that you find in software or hardware that wasn’t discovered during testing.

(00:10:03)

Those were growing too. So the number of threats, the number of areas are increasing and when the security folks are busy paying attention to other things, it makes it easy to exploit and take advantage of those things.

Dennis Kennedy: Yeah. I think you’re right. When you’re focused on just kind of making sure everybody runs, everything is running okay and people can access remotely. All those kinds of things. Then you start to say “Well, are we going to make people change their passwords every 30 days? Are we going to do these things?”

Multi-factor authentication which is such a big help. It is a pain in the butt especially if you have to use like different authenticator AI apps for different things that you’re doing. And you’re logged out really quickly so it feels like you have to do the multi-factor like a couple of times a day or multiple times each week. And so it’s just become — sometimes, I think people have loosened up. Some of those practices just because you want to make it convenient for people to work. So I think that people — I just look at it and go “people are still the problem.”

I mean, we underestimate the issues. People tend to not to think through what the bad actors are looking to do which is kind of get onto your system and then escalate what they’re able to do on your system. And that can be to store things to use your computer to launch other attacks, to get information. And so sometimes people say “well, I don’t really have anything that somebody is going to be interested in” and that’s not always the case and sometimes you’re going to have stuff that somebody is going to be vitally interested in.

And then also I don’t think we educate ourselves on the biggest current threats. I mean some of the things I like to do is I like to pay attention to what the FBI is identifying as the biggest current threats and it’s been easy for the last couple of years because it has been ransomware. But once you know what the big threats are, then you can start to say “I know I can’t have 100% defense against everything but if I can take the precautions against the big things and I can take the simplest precautions, I think that’s going to help me.” And those rules have always been true.

Tom Mighell: Well, but I think that you’re right that to be able to do that, you do have to keep up with things. So let’s talk really briefly about — I mean, using ransomware is the example. The strongest example of that has been just a few weeks before we decided to record this episode with the Colonial Pipeline incident where Colonial Pipeline was struck by ransomware. As a result, they had to shut down their whole pipeline. As a result, the Southeast basically thought that the world was ending because they went and got all the gasoline they could from every gas station around. And what’s interesting is the organization that was responsible for that ransomware is actually a very sophisticated group of hackers. They’re called DarkSide. They actually don’t exist anymore. They shut down after this probably because they are now probably on a most wanted list of the CIA.

But they have their own policies and procedures. They actually have their own code of ethics. And what was interesting about his is they were kind of apologetic for this attack. Probably why they only, I think, accepted five million dollars rather than what we’re seeing most companies pay these days, 30 or 40 million. Because they’re code prevents them from attacking entities that can cause the kind of damage that got caused in this case. So that’s how they’re evolving. They’re evolving to — like organizations that have standards and have policies. But it’s more than that.

So we’ve learned a little bit about ransomware. We’ve taught people that backup is important, that a lot of companies at the very beginning, they really got killed by ransomware because they didn’t have backups which was just incredibly dumb for them not to do. Now, people are catching up. They all have the backup. So the ransomware people have taken it a notch up. And what they’re doing now is that they’re threatening something that, I think, is being called docsware which means that if you don’t pay, so what if you’ve got a backup, we’re going to release this to the public. We’re going to release confidential information that either is going to hurt you, hurt your customers, hurt somebody. You’re going to get in trouble. You’re going to embarrass yourself. You’re going to get sued out of existence or have all sorts of privacy breaches and that’s what convinces people to pay.

(00:15:00)

So it’s getting increasingly sophisticated on how they’re handling it. And so I think, Dennis, you’re right. Knowing how those threats are evolving, knowing that they’re changing should help you know how to better counter them and avoid them if you’re not aware that they can release stuff and start docsing you and publishing information. Then you’re less able to protect yourself.

Dennis Kennedy: Yeah. And that code of ethics on ransomwares is really a kind of fascinating thing where there is sort of an agreement out there that you’re not going to take down hospital systems, health systems. You’re not going to shut down pacemakers which would be pretty high leverage, right? On an individual. Are you going to do other things? But there could be a point where somebody decides it’s the honor among thieves notion like that where there are lines we don’t cross but typically somebody is going to be willing in certain situations to cross those lines.

So I was thinking, Tom, about what’s different. And I think we’ve hit on a number of these. So I think the whole work from home which has expanded the perimeter of organizations and their security. So whatever is happening at the home offices, let’s call them, of people now has a direct impact on your network. And so the fact that if somebody is using shared computers, other things at home, you have your kids on them. Those sorts of things. Now, that become part of it.

We’ve talked in the past. We used to talk about collaboration tools. So you’re just connected to everything and somebody’s poor security on a document sharing service or other things can cause problems for you. The role of state actors — recommend that people do some reading on that because it is disturbing. Some of the compromises that have happened and the vulnerabilities out there. And then I think there’s this whole notion of toolkits out there that you can get set up as a ransomware in the ransomware business and just get toolkits. And there’s something just called REvil, R-E-V-I-L, which has — it’s been described as ransomware is a service. So in the same way you have software as a service, right? I can just use this service in a platform and use it to launch my ransomware attacks.

So just a lot of things are out there. Lots of vulnerabilities and I think that, like I said, phishing has just become so sophisticated these days. So those are things I see that are different unless — kind of a long list, Tom. I don’t know whether you have others to add to or maybe we should jump into what are the things we need to do now.

Tom Mighell: No. I don’t have anything to add but I think you’re right. I think phishing has become very successful. But the interesting thing about phishing is that you have 5,000 people in your firm or your company and 4,999 people know what to do and that one person who clicks on a link, well, they’re in. Unless you have designed your security so that one person doesn’t decide the whole thing, then you’re in a better shape.

But it doesn’t take very much to be able to get into these things. It can just take one dumb person depending who that is getting in, doing the wrong thing. And I think that there are still very much common sense things that lawyers need to be doing to protect themselves just at a basic level and I don’t think that has really changed much if at all since the last time we talked about this.

Dennis Kennedy: Yeah. It just feel like your big thing is just kind of know the standard security playbook and then actually act on it. I mean it’s like strong passwords, multi-factor authentication, install security updates, read the news about what’s going on. So like if you’re reading the news these days then you would say “You know what? Law firms are still considered a soft target.” There have been law firms that have apparently suffered ransomware attacks and paid the ransom. You see other things going on. The Colonial Pipeline thing is just going to be something that attracts other people to try this because five million dollars is five million dollars. And then you mentioned before, this whole notion of realizing that backup is part of your approach to security.

(00:20:01)

So when I see that somebody has been shut down by ransomware or they have to pay the ransom, I immediately think they just don’t have good backup or they may not have any backup. And sometimes that’s so unfair. Tom has mentioned these people blackmailing with the release of sensitive documents or there are other ways they can get you but that was a lot of the issue was there were a problem with the backup system and the ransomware just took people out and they had no way to get the data back.

Tom Mighell: Yeah. I think early on, that was a major issue. I think that a lot of people have gotten the message and have started to backup more but I’m sure nowhere near as many as need to do that.

Dennis Kennedy: Yeah. And one that organizations have been doing that I like is the phishing training. Even like sending out these emails and then seeing who clicks on things, who identifies it and reports “this is a potential phishing attack.” Those are the things. And they’re doing the follow-up training on that. I think that can be really helpful. I mean, as Tom said, that it only takes one person to click on something and it’s going to cause a problem for everybody.

Typically, in the phishing training, what I have seen happen and have heard happen is the people at the top are the ones who are the problem when you send out those fake phishing letters or emails. And typically, they are punished which sends a message to the rest of the organization that security isn’t being taken seriously. And so you need to have a whole plan there. I think the other thing these days is that it’s pretty clear that in ransomware attacks that a lot of people are just paying and I heard recently that even if you pay, you might get 50% of your information back. You might get it back in a corrupted form. You might not get it back at all and you might have another attack coming at you in a few months. But you probably need to have some kind of ransom or a game plan. I think is really important these days.

Tom Mighell: And I think that that includes looking at cyber risk insurance. I think that includes, now depending on — probably, the audience that we’re talking to doesn’t have to worry about this but there are ransomware negotiators out there. They are known to the hackers who are doing this because the insurance companies call these folks in to then negotiate. So the hackers now say, “Hey, it’s me. It’s Bob.” “Hey Bob! How are you doing? Good to talk to you again.” Amazing that we’re kind of in that world but I think that being able to not only have good insurance if you need it, I mean I think that’s part of the reason why some of these money is being paid because there is insurance available to do it. But I think there’s also the need to understand I think part of that ransomware game plan especially if they’re going to release the information, especially if something rises to the level of what I would consider a data breach because that information is going away is to understand that incident response, similar to ransomware is not just about containing the security issues.

It’s also about containing your reputational issues as well. It’s about making sure that you are communicating with the regulators, it’s communicating with the Bar, communicating with whoever you need to do but also communicating with the public to the extent you need to, your clients to the extent you need to. Because if you don’t, one of the suspicions about the LTRC’s ABA survey is that most law firms aren’t actually reporting when things are happening. They’re hiding it. Most have been the victim of some type of hacking, maybe even ransomware, and they’re hiding it. I think that as this becomes more prominent, it’s going to be more important to have a good game plan on how to protect your reputation when this comes out because they’re going to start to come out more often, I think, especially if information starts getting released. Right.

Dennis Kennedy: And you do need a multi-faceted approach to incident response because there’s a lot of moving parts. You have to make decisions about who you’re going to work with, who you need to share information with, what you need to release. I’m a little bit — I understand the importance of cybersecurity insurance but the fact is with the ransomware that if your business is shut down and nobody can work because your whole system is in fact shut down by the ransomware people, your insurance is only going to do so much for you at the time.

(00:25:05)

So you need to kind of think “Okay, there have to be different players to this and some of them have to be very practical.” I think another big thing is to understand how each of the attacks or the each of the main categories attack work and what the goals are so if you have — there’s the denial of service attack that they’re trying to take you offline so people can access you. Other things are meant to come into your system and lay imbedded in there for time to either harvest information or to open up a trapdoor. Other things are ransomware is designed to either pay money in an untraceable way. So understanding the basic attacks and the goals of those attacks have happen.

And then, Tom, I think this is sort of — you touched on this area in your work to some extent, I think. But once you have an incident, how do you respond to that? How do you know what might have been touched, what you need to do, who you need to inform? And so that incident response piece is very important especially as we get more and more often confusing data privacy laws and requirements of reporting those incident responses.

Tom Mighell: So let’s finish this out by maybe talking about how do you keep up to date with this. I think that there’s so many really technical sources out there that it’s hard to — that some of things might be over our heads. May might be things that your IT people need to understand but maybe lawyers don’t need or shouldn’t have to worry about. So what are — I guess, let’s talk about kind of what our favorite resources are. I will give four out and make sure I put links in the show notes. Our friends Sharon Nelson and John Simek do a great job talking about security. John, on his blog ‘Your IT consultant’. Sharon, on her blog ‘Ride the Lightning.’ Both of them on their podcast Digital Detectives. They do a great job of talking about security for lawyers and keeping people to date.

I will tell you, I am a big fan of The Cyberlaw Podcast. It’s done by the lawyers at Steptoe & Johnson. They do a weekly update and it’s a little bit more law-related and they talk a lot about legislation but they talk about what’s happening and new trends and new things that are happening both with the threats and what we’re doing to combat them. But it’s more from a law perspective. So I think you’re getting a little bit of a mix of education about the bad stuff but also kind of what law and what lawyers and what the government and other governments are doing about it. I do like Brian Krebs. He’s a good security person to follow on twitter. Those are kind of my favorite resources. Any that you like in particular, Dennis?

Dennis Kennedy: Well, one in the parting shots, I would say for that but I think that what we’ve just talked about, standard play book, backup, multi-factor, all those things if you just go back and listen to this podcast again, you’re going to pick up a lot because we’ve synthesized a lot of that. I think the main thing for me is just kind of being aware of what’s happening in the news, on the cybersecurity level, and then looking at when new updates are released especially what the Apple OS and with Windows, understanding what it is they are patching will give you a clue and I would say, to me, if you’re in an organization that’s still running Windows 7, these programs aren’t supported anymore, you really have to start to question what the heck is going on there. So some of those things are out there and I think that I’ll make this point and I’ll make it because I’m going to teach a new class in the fall on cybersecurity and data protection.

But I really think if there’s anything that’s required by the tech competence ethics rule, I think cybersecurity has to be a piece of that in terms of confidentiality, relevant technology and actually doing good work for your clients. Cybersecurity is integral in all of that.

Tom Mighell: Only thing that I’ll add to finish up is I’m really encouraged by new trends and kind of possible scenarios in improving security and making things better. So here’s some terms of things to think about. We’ve talked about a passwordless world. Google is working on it. Microsoft is working on it. Everybody is trying to get away from passwords. I think that’s part of the problem why security is so hard is that we have to remember long complicated passwords that are different for every site. I think we’re still making our way towards that.

(00:30:01)

There’s something out there now called zero-knowledge proof which is kind of, I would consider, a mind-bending approach to security that allows you to verify your identity without having to actually reveal who you are. I’m fascinated by it. I think it’s kind of something that’s coming. It’s going to be very interesting. Something that’s been here for a while but is not getting used enough, in my opinion, is something called Zero Trust. If you listen to John and Sharon talk, they talked a lot about Zero Trust. And it’s really the basic ideas that devices should not be trusted by default. For example, your bank might not recognize the device that you’re logging in from but once you authenticate it, it’s fine. And so it’s an idea that nothing trust anything and that’s Zero Trust.

The one that is the most fascinating to me is this idea that security companies are coming up with that they call misinformation moats, M-O-A-T-S. like the old time motes around a castle. You build a moat full of bad data, full of misinformation, full of malware. And the hackers get to it. It’s surrounding the crown jewels. It’s surrounding the castle with all the good stuff but when they get to the moat, they think they’ve struck it rich and they download all that stuff and they’re done with it. I am fascinated by that. I would love to see it happen. I just haven’t heard any stories where that’s going on but I’m encouraged by the way that the good guys are finding to combat some of these ideas. They’re trying to help you out. I think you should try and help yourself out by following some of the tips that we’ve got in today’s show.

Dennis Kennedy: Can I scare people with one more thing, Tom?

Tom Mighell: Sure.

Dennis Kennedy: So one of the things that’s super interesting to me is that as we move toward, and we’ve talked about this on our earlier podcast but sort of fake video and fake audio, so if somebody can get into your system and basically get audio files of your CEO’s voice and other things like that or even video, they can create these fake things and really do some damage with that.

So there’s a lot out there. That’s on the one hand and then also remember that people are doing all kinds of stuff with biometrics, location, combinations of those things to help identify who you are and then figure out what authority you actually have and really keeping you limited to the authority that you have.

Tom Mighell: And so consider yourself appropriately scared. Before we move on to our next segment, let’s take a quick break with a message from our sponsors.

Male: You wish you could get a quote and purchase an appeal, trustee, a state or any other court or fiduciary bond quickly online, Colonial Surety Company has every bond you need and is a direct insurer that’s US Treasury listed licensed in all 50 states and territories and rated A excellent by AM Best. So you can be confident. It’s a trusted resource. Get started at colonialsurety.com/podcast.

Male: Looking for a process server you can trust? Servenow.com is a nationwide network of local, prescreen process servers. ServeNow works with the most professional process servers in the industry connecting your firm with process servers who embrace technology, have experience with high-volume serves and understand the litigation process and rules of properly effectuating service. Find a prescreen process server today. Visit www.servenow.com.

Male: You went to law school to be a lawyer, not an accountant. Take advantage of Nota, a no-cost IOLTA management tool that helps solo and small law firms track client funds down to the penny. Enjoy a piece of mind with one-click reconciliation, automated transaction alerts and real time bank data. Visit trustnota.com/legal to learn more. Terms and conditions may apply.

Tom Mighell: And now let’s get back to The Kennedy-Mighell Report. I’m Tom Mighell.

Dennis Kennedy: And I’m Dennis Kennedy. This time for our new segment we call Hot or Not. We pick something people are talking about and argue whether we think it is hot or not. We might agree the odds or we won’t. Although the odds maybe today or that we will. And we want your feedback on this segment, of course. So let’s get started. Tom, Notion announced its’ API.

Tom Mighell: All right. So this is maybe a little inside baseball for the people who haven’t been following our second brain series. But I will say that for users of Notion, incredibly hot and long overdue. I would say that for those of you who aren’t using Notion have no interest in it. Probably not at all.

But let’s talk about it a little bit. So we’ve talked about the idea of using Notion as a second brain. One of the requirements to do that, one of the things that makes a second brain what it is the ability for you to get information in there in a way that’s easy that’s not manual, that’s not having to force you to do stuff and contort yourself to get information in there.

(00:35:06)

It should just work. You should say “I like that tweet, I want it to go into Notion. I like that blog post, I want it to go into Notion. I love that podcast. I want Notion to be storing it.” The way that you do is through an API. And Dennis can talk more about the technology if you want to but I’ll just say it’s something that connects the Notion with other tools.

Up until now, Notion hasn’t had one. They finally have one and they’ve really needed it for some time and frankly it really opens up the power of this tool, I think. And I think what’s also hot is that it’s available to anyone whether you’re using the free plan or the pay plan. So I like that. I like that anybody can use the API.

There are two websites that I think you should pay attention to right now. Zapier. I think we’ve got a lot of listeners who probably are familiar with Zapier. They have a huge number of integrations that go in with Notion. Just type in and app you’re using and it likely integrates with Notion.

Another one that is interesting that I was not very familiar with until this is called Automate.io. The argument is that may be a better site than Zapier because it’s cheaper than Zapier if you’re going to use some of the pay services to do the integration. If you aren’t using any of those tools, you’re going to need to learn a little bit of coding but not anything tremendous. I was going to give some examples but to be quite honest, there are so many tools that can link to Notion. You should just go to those sites, the Zapier or Automate.io, and see.

It looks like it’s going to connect to hundreds, if not thousands, of applications. So if you’ve got information somewhere you want to get into Notion, then head over to those places and see what’s included. And if this isn’t enough to get interested in Notion, then I don’t know what else we can do because we’re really enjoying making it our second brain. Dennis, how do you feel about it?

Dennis Kennedy: Well, I kind of chose this because this is close — you did a tweet, this is close as you can come to cheering out loud when you tweet, when you heard about this. And I agree with you, I mean. So for those who aren’t familiar with APIs and what they do, so I think it’s more of what they do that counts as opposed to how they do it and some of those details. But if you want to say I’m on twitter and I like something and then it automatically could go into notion into a folder or a document that says “here are everything I’ve liked in twitter” and then becomes searchable and useable in Notion.

And I start to automate these things so I’m getting multiple things that happen when I do one thing and that’s what you can do — some of the things that you can do with Zapier, other things like that. And you go on like “oh this is a way that I can start to in our second brain Notion.” Say, all the stuff that’s interesting to me that’s something in the idea of, it’s a note or something I want to remember or store to use in a different way, that gets automated.

And I think if you want to use Notion as the base for all of those which is what Tom and I are — this is the news that we’ve been waiting for. So super hot but maybe just for Notion users but we would give you a good introduction to both Notion and APIs once you see how it works.

Now, it’s time for our parting shots. That one tip, website or observation you can use the second this podcast ends. Tom, take it away.

Tom Mighell: So I had one parting shot that got expanded to two because we’re recording this the first day that Google is having its annual IO conference and they had a related announcement that I want to mention. They’re both around Google Photos. So if you’re a Google Photos user, I realize that I’ve been keeping all of my photos in Google Photos. I love it to death but I realized that I don’t have a second backup of that. I just assume, well Google will have it. But then somebody made a good point that you need an extra backup of your photos. I agree that’s necessary but I don’t want to spend a lot of time organizing and I just want it to be a place where I can backup my photos to.

So what I’ve decided to do is use the Google Takeout service. So Google Takeout allows you to basically export a copy of any of your Google content and put it anywhere that you want to. And what I really-really like about it for photos is that I can set up an automatic export to happen once every two months for a year. I probably have to renew it at the end of the year. But what I like is that every two months, I’m going to get a new backup where I can replace the old one. I’m just storing those backups in my OneDrive account as my other backup of my photos but it is set it and forget it and all I really need to do is move it over to that OneDrive account.

To me, that works perfectly. I’m enjoying that. Google Takeout I think is a great service and I like that feature. The new announcement that came up today is something I like.

(00:40:00)

The Notion API I think is long overdue and that is that Google Photos is now offering to give you a, what they call, a secure folder to store what you would consider to be your private photos, things that you don’t want to be shown in photo albums or just — if you’ve got a SmartHub and you’ve got it on your kitchen counter and all of a sudden the photo comes up. You really don’t want other people to see. This is the way to do it. So there’s going to be a secure folder where you can put those things. You get to see those photos but nobody else has to. I think it’s a great idea. It just took a long time for Google to get to it.  Dennis, what about you?

Dennis Kennedy: Well, I’m going to give my two source on cybersecurity and it’s a website/blog called Schneier on Security, S-C-H-N-E-I-E-R.  Bruce Schneier. Well, very well-done respected cybersecurity expert. Also a great writer. And he does a great job of explaining things and the blog is great for new developments and for learning about security. Not legal-focused but it’s good on everything. And like I said, I learned a lot about the current state of what some might think of as the cyberwarfare recently from Bruce and this site. So www.schneier.com.

Tom Mighell: And so that wraps it up in this edition of The Kennedy-Mighell Report. Thanks for joining us on the podcast. You can find share notes for this episode on the Legal Talk Network’s page for this show. If you like what you hear, please subscribe to the podcast in iTunes or on the Legal Talk Network site where you can find archives of all of our previous podcasts along with transcripts. If you like to get in touch with us, reach out to us on LinkedIn or remember you can send us a voicemail for our B Segment. We love to get voicemails at (720) 441-6820. So until the next podcast, I’m Tom Mighell.

Dennis Kennedy: And I’m Dennis Kennedy.  And you’ve been listening to The Kennedy-Mighell Report, a podcast on legal technology with an internet focus. If you like what you’ve heard today, please rate us in Apple Podcast and we’ll see you next time for another episode of The Kennedy-Mighell Report on the Legal Talk Network.

Male: Thanks for listening to The Kennedy-Mighell Report. Check out Dennis and Tom’s book ‘The Lawyer’s Guide to Collaboration tools and technologies: Smart ways to work together’ from ABA Books or Amazon. Join us every other week for another edition of The Kennedy-Mighell Report only on the Legal Talk Network.

[Music]

(00:42:51)

 

Podcast transcription by Tech-Synergy.com