New Ransomware Surge – Protect Your Law Firm Now

Episode Notes

Transcript

[Music]

Intro: Got the world turning as fast as it can, hear how technology can help legally speaking with two of the top legal technology experts, authors and lawyers, Dennis Kennedy and Tom Mighell. Welcome to the Kennedy-Mighell Report here on the Legal Talk Network.

Dennis Kennedy: And welcome to episode 296 of the Kennedy-Mighell Report. I’m Dennis Kennedy in Ann Arbor.

Tom Mighell: And I’m Tom Mighell in Dallas. Before we get started, we’d like to thank our sponsors.  First of all, we’d like to thank Nota powered by M&T Bank. Nota is banking built for lawyers and provide smart no-cost IOLTA account management. Visit trustnota.com/legal to learn more. That’s N-O-T-A Nota. Terms and conditions may apply.

Dennis Kennedy: Next we’d like to thank Colonial Surety Company, bonds and insurance for bringing you this podcast. Whatever core bond you need, get a quote and purchase online at colonialsurety.com/podcast.

Tom Mighell: And we’d like to thank ServeNow, a nationwide network of trusted pre-screen process servers. Work with the most professional process servers who have experienced with high volume serves, embrace technology and understand the litigation process. Visit servednow.com to learn more.

Dennis Kennedy: And with so many new podcast announcing their very first episodes these days as we and at the time I got to tell you, it feels like we are rapidly approaching our 300th.

Tom Mighell: Rapidly.

Dennis Kennedy: We occasionally like to mention that at 15 years and counting, this is the longest continuously running legal tech podcast out there. If you have ideas for our special 300th episode or a question, we can answer in the B segment of an upcoming episode, leave us a voicemail at our special voicemail number (720) 441-6820. In our last episode, we discussed the productization of legal services primarily using document automation tools. In this episode, we want to discuss a topic so serious that the FBI and Department of Homeland Security issued a special alert in early September and that is ransomware. Tom, what so on our agenda for this episode?

Tom Mighell: Well, Dennis, it’s in this edition of the Kennedy-Mighell Report, we will indeed be talking about ransomware. Currently, the best known form of cyberattack and more specifically one that has been hitting law firms, big and small and what you can do to protect yourself. In our second segment, we are going to take our respective temperatures after the September Apple announcement and as usual finish up with our parting shots that one tip website or observation that you can start to use the second that this podcast is over. But first up, ransomware, why it such a big deal right now and what you can do about it?

What with stories about ransomware being headlines on the national news a lot over the past few months, I sort of get the feeling that a lot of you, most of you may probably already know what ransomware is but to get us all on the same page to start before we have this conversation. Dennis, what is this ransomware stuff and why are we talking about it?

Dennis Kennedy: So I always think of ransomware and it really is like the digital analogy of the kidnapping ransom approach, but I see it as a simple but in its own way, sophisticated form of cyberattack. So a hacker slips into your system, put some encryption software in place that enables them to lack users out and then those hackers demand money to unlock the data. It’s really not much more complicated than that. The goal is to get money from you and the leverage they have is they make it impossible for you to use your data and the incentive to you to pay them is that they will unlock the data so you can use it again. And I take that as simple as it is. So it’s just basic, you know, criminal activity 101 that’s been done since time immemorial.

Well, I did notice that the first use of the term when I looked was back in 2005 and some people said that you really start to see it become more common and people treat it with more seriousness around 2013 and I usually have seen. I don’t know about you, Tom, you usually do detailed research on this, but I generally see it ranked as the number one cyber threat right now. I know you’ve taken a look at this time so would you agree with that?

Tom Mighell: Well, I do and although there are a lot of cyber threats out there, I think that we look at this and it’s probably number one because it’s getting the most attention, but it feels like something that is — I don’t want to say simple to do, but it is very straightforward.

(00:05:06)

I mean the way in to get people is pretty straightforward and shockingly or maybe not shockingly, simple to get people to fall for this. I’m sure we will talk about that in just a second. The only thing that I will add to your definition of it is that — and we’re going to I think get into this a little bit more later about some of the ins and outs is that I think that the original intent of ransomware was like you say to hold it ransom, to hold your data ransom and to make you pay at until we, you know, unlock the information. And so we’ll talk a little bit later that’s why having a good backup is such an important thing.

But now that so many people are actually doing backup, that it’s real — and some of them are saying, you know what, I got a good backup. You can just keep my locked up data. I’ll just go to the backup and restore it and I’m good to go. So the ransomware people now are doing a second thing. They’re not only flocking the information, they’re making a copy of it and they’re threatening to release if the ransom isn’t paid. So it’s kind of a double threat there. It will lock it up and then if you go any further, we’ll do a little naming and shaming and we will release things that are sensitive to you, which in my opinion, probably has — that’s a lot harder to counter than just locking up the information knowing that a backup can pretty, maybe not easily but at least be a workaround that people can use to avoid being caught by the ransomwares.

Dennis Kennedy: Yeah. I mean, it’s sort of like, if you look at the history of blackmail, you sort of see all the techniques just kind of transplanted over into the digital world. But I think you’re right. There have been some big ones recently. And so, if anybody’s gone to a webinar or ransomware has been discussed probably in the last six months, you’ve heard about the Colonial Pipeline ransomware attack, which shut downs major of gas pipelines in the Southeast and cost the price of gas to go up for that and there’s also been a lot of study of how law enforcement was able to track some of those payments, which is another aspect of this.

So, Tom, Colonial Pipeline, some thoughts on that or some other big ones that people should be aware of?

Tom Mighell: Well, no. There have been — I mean, one of the biggest ones and maybe we’ll talk a little bit about kind of the techniques that get used because that’s one of the bigger attacks that has happened in addition to Colonial Pipeline is a company called Kaseya has some software that was what they call an attack vector. And one of the new ways that and one of the popular ways to attack a lot of people has been through managed service providers. Instead of trying to just infect the thousands of companies separately, why don’t you infect their provider and wait for the infection to spread and then you can nail a lot of them. And so, that’s what happened with the Kaseya attack which was either end of June, beginning of July, something like that. It was like a 70 million-dollar ransom that they were requesting and there are over 1,500 companies that were impacted and they demanded 70 million dollars.

So, you know, that’s a pretty — they’re getting more inventive. They’re going after more money. They appear to have some level of a conduct code or a code of ethics, you know, when they learned that they had gone after Colonial Pipeline that they had really cause problems to the supply chain of oil and gasoline, they broke get off. I mean they apologized publicly for doing something like that. And so, they’re going to places that are not going to hurt lots of people although you can argue that not all of them are so beneficent. They are not all as ethical or moral because there’s been a lot of hospitals that have had ransomware. There was I think, a case in Germany, where a person was the first official death by ransomware was at a hospital in Germany, where Because the Ransom hadn’t been paid or the money was done, then some of the equipment that was needed to keep a person on life support was not working. And so, they’re not good — in addition of committing crime, they’re not all doing this with companies that don’t affect people in other ways.

(00:10:05)

Dennis Kennedy: Yes. So, one of the things is I find really interesting about these types of attacks is how they combined kind of mix and match a number of standard technique. So email phishing is usually one of the ways that the malware gets introduced. It’s a basic malware, basic encryption tools and then Bitcoin and crypto, especially a cryptocurrency, but especially Bitcoin has been part of it. And I would say that Bitcoin in its own weird way has been a little bit of a driver of this because it makes it easier. Because if you’re doing ransomware and you don’t have digital currency, you got to figure out like how you’re going to get paid in cash and, you know, keep it secret and make those transactions. So Bitcoin makes that possible.

We have some friends and I know other people have said, it’s kind of been a running joke, it was ransomware that forced lawyers to learn how to actually buy Bitcoin and what it was and what to do with it.

Tom Mighell: Well, you know, it’s interesting that Bitcoin really is what makes ransomware so profitable because it is untraceable, it’s digital, it’s instantaneous. There are a lot of legislators out there right now who think that ransomware could go away if Bitcoin or other digital currencies were either banned or significantly regulated and they’re thinking about implementing regulation in order to combat the ransomware issue. They think that ransomware would go away immediately if they didn’t have a ready source to that information. What’s interesting is that some states are actually considering passing laws against paying the ransom. Now, some of the states are forbidding the use of taxpayer dollars to pay the ransom. So, you know, the state won’t pay, you the taxpayer won’t have to pay for some company doing a stupid thing. But actually New York is actually prohibiting private companies from paying a ransom, which feels weird. I feel just kind of interesting that they would require that.

What I also found interesting was in the Colonial Pipeline case. The US government was able to recover over two million dollars of that ransom. And so, it’s not untraceable. It’s not something that’s gone. So it’s not foolproof. And it’s very I think also interesting to wonder if more of that is happening if the government or the good guys are being able to trace the dollar payments, the Bitcoin payments are in be able to get some of this money back. I’m be interested to see how that affects the ransomware going forward if law enforcement is better able to strike back in some way.

Dennis Kennedy: Yes. So understanding how they got that money back is something really worth studying as we go forward. So generally, you get the argument that Bitcoin is actually a good form of to have people pain in ransom because there are some ways to trace that. In this case, there were some stories that maybe third parties involved and we’ll talk about ransomware as a service a little bit later, kind of provided information to make it possible and there are other mistakes made. But the state approaches really interesting to me because it’s like, if you say you can’t pay the ransom under state law, then basically, the state has told you that you have to go out of business, right? And in a classic example, you go that’s a weird law and then if you say you can’t use Bitcoin as a payment, basically you’re forcing people to the perfectly untraceable route of cash, and then we have people carrying bags of cash around, you know —

Tom Mighell: Seventy million dollars in cash down the street.

Dennis Kennedy: Yeah. It just — you’re going like why are all these armored trucks going around?

Tom Mighell: Well, see, that’s the other problem. Is that one of the things that Bitcoin is so good is that it allows for, you know, sort of the cross-border payment. I mean, you can do your ransomware from Russia and there’s a ton of different groups but, you know, they’ve set it up easily and monetize it by having this cross-border money transfer that makes it so easy. If you get it, do away with the method of payment, I do think that could cause serious harm because it would essentially restrict you to only being able to do it in ways that or you would have to hire somebody to pick up the money. I mean, there’s lots of scams that I know here already in other countries that hire people in the United States to pick up the money. So not impossible, but significantly harder.

(00:15:00)

Dennis Kennedy: So let’s talk about the basic approach to this, Tom. So the basic approach to remind you is that people are going to come in. They’re going to lock your data, encrypt it. They’re going to encrypt your files even drives and then pay you to get a key that they were provide the encryption key to unlock them. So, that’s the theory and that sort of leads us to how best to prepare for this and to protect yourself it. To me, if we go back and we look at everything that’s been described over the years is good cybersecurity hygiene. That’s really your best defense and especially kind of minimizing access levels and what people are allowed to do, because you know, a lot of times this is an escalation attack where people find a way in and they’re able to access their privilege ideally for them up to an administrator level and that allows them that gives them essentially the keys to the kingdom to do anything they want.

So I don’t think we have to go into a lot of detail of that about that time, but you might add a few thoughts on there and then kind of lead us into what is really always been the key piece of ransomware, which is backup.

Tom Mighell: Well, so I mean, I’m actually going to — and I’ll put this as a link in the show notes. I’m going to just quote from a great infographic that Nist put out on Ransomware Tips and Tactics, which I think are the main pieces of ways to protect yourself and these are all really straightforward. But this is if you’re a firm of five people or a hundred people or a thousand people or whatever, but good anti-virus software obviously we talk about that all the time, that goes without saying here. Making sure that your computers are patched, your systems are patched, your network is patched because wherever the flaw in the software is, they will exploit it. I mean, if you saw the story wasn’t a ransomware attack, but the Verizon, excuse me, T-Mobile breach was done because there was a flaw in one of their routers. The router software had a flaw in it. So making sure everything is fully patched.

Blocking access to known ransomware sites. Having your internet web software to make sure that nobody inside your company or your firm can get to these sites even if they’re doing it inadvertently. One of the hardest rules is to restrict personally owned devices. That’s one way to get ransomware in is let people bring their own devices and then they do their own thing. Obviously, you reduce the risk of if you can control the devices, but that probably is one of the hardest pieces of advice I think to follow. Make sure that you give your users standard user accounts that have no administrator privileges. The more privileges they have, the more they can let into the computer and allow things to join. Avoid using personal apps, avoid using your email or a chat app or something that you personally have from a work computer. That’s another way for things to get in. And then really the standard rule about ransomware is unknown links, unknown documents, things that you get where you might recognize the email address that somebody you do business with or somebody that you worked with, but they might not actually contact you or communicate with you in that way.

Be smart about what you get and don’t just immediately click and question it and if you have a question, then go to the person and say hey, did you send me this email or do you send me this text message or whatever. Don’t immediately assume that it’s right. I do that with every time I get a notification that claims to come from my bank. I will go on to my bank account and if it’s true, I’ll get a notification once I log in to my bank account. If not, I know that it’s a fake phishing attack.

So really being smart about suspicious things that you might get is really the number one way to avoid protecting yourself from ransomware. Dennis, I’ve been talking for a while. Do you want to follow up with any of that or go on to the next topic?

Dennis Kennedy: Yeah. I was going to let you talk about backup, but I’ll jump in. And so, basically the notion here is that if the ransomware people have come in and they have encrypted sort of like your live, no, where all the data on your live network that if you have a good backup, you just restore the backup and you’re good. So that’s conceptually why backup is so important. But because these attacks evolved and, you know, Tom’s given a couple of examples, but the one evolution was that you would put the malware in of that was going to run the ransomware attack and you would let it lie dormant for a while and kind of let it proliferate through different backups.

(00:20:10)

And so, you really didn’t have any good backup. So what you found was to your surprise of all your backups were encrypted to and so you had no way to restore it. So that was a sophisticated attack. You also saw some things where people kind of got to places you didn’t expect. You thought things weren’t connected to networks, but they were that’s where you see the router flaws, the printer froze. Those kinds of things. So backup is so important and checking the backup, and all of that. It just emphasizes so much that backup is just such a key part of security.

Tom Mighell: Yep. So let’s talk maybe about what happens if you are a victim of ransomware. There are a number of steps you need to take. I think that the first question that I usually ask and this is something we do a lot for our clients is — but it’s more in the area of a data breach more than a ransomware attack, but I think the principle is the same, which is do you have an incident response plan? How do you plan to respond to this? And it’s not just about getting your backups. It’s not just about the technology. It’s about who do you notify? Do you talk to your clients? Do you talk to your insurance company? Do you talk to law enforcement? Or if you’re big enough company, do you need to have a press release or some sort of communication that goes out because this has happened? An incident responds plan covers the gamut of all sorts of things. It’s not just about dealing with the technical issue. It’s about how do you respond to it, to reduce your risk, your clients risk and make sure that you’re doing things properly according because there’s a lot of laws related to this to making sure that you’re following the laws.

That raises the question. Do you need cyber insurance? Do you need to have insurance that will cover you in this event? You know, it’s interesting because the ransomware people are making it difficult for cyber insurance to really do their business now because they’re actually attacking the insurers and putting ransomware and their computers as well for selling it. Obviously, backup and restore making sure that that capability is available and protected to avoid the problem that Dennis was mentioning. Knowing who to contact including law enforcement is important. And then another link I’m going to put in the show notes is from the cyber security and infrastructure security agency, which is a US agency that really is doing some really great work that is probably a lot responsible for along with Homeland Security with getting some of that money back my guess is. They have a stop ransomware website where you can learn about it. You can learn how to report it. It really is a good one stop shop for ransomware. I’ll put that in the show notes so you can go get more information.

Dennis, anything you would like to add on what do you do if you’re a ransomware victim?

Dennis Kennedy: Well, I think having some kind of plan is important but clearly most people don’t do that and you can never predict everything. So I think you need to assess have an idea of who to call and just a general approach to it and have the right people involved in making decisions. The sort of, kind of helper businesses that are developing, you know, like people who really can help you handle ransomware attacks, there are even ransomware negotiators like kidnap ransom negotiators. So there is a lot of help.

The general feeling is and you saw this with Colonial Pipeline where we know they paid for million dollars that a lot of times victims to pay the ransom going forward. So, that’s something you have to think about and that’s why there was a running joke about lawyers needing to learn how to buy Bitcoin because they were paying off ransomware. But sometimes it’s not as simple as that and if you look again to look at the history of blackmail, you kind of see this is that you may pay and get no response at all. You may pay and they give you an encryption key and they’re just not very good at what they did and the keys don’t work or the malware might not be removed and they know that you’re somebody will pay, so they’ll hit you again. So it really becomes, as Tom says, there’s this whole incident response notion that you want to have a plan to start with and you need to keep modifying, you say, well, what happens if any of these sort of bad contingencies happens.

(00:25:01)

So I guess the other thing I mentioned and Tom you touched on this is that there is this kind of rules of ransomware, informal rules out there and there are some companies that sort of offer ransomware tools and offer ransomware as a service even to criminals, but they do have a set of rules it seems like. And so it’s really frowned upon to go after hospitals although we saw it. We know that certain parts of infrastructure are off-limits. I always like to use the example pacemakers clearly off limit, although definitely attackable. And so, there is this informal set of rules like there is a line and people won’t go over it. But they’re also, you know, we’re finding more and more people willing to go over those lines. So all of that needs to get factored into your contingency plan. And I would say if you can lock up a law firm that given the deadlines and stuff they have, it’s you’re probably likely to be able to demand a fairly significant ransom to unlock that.

Tom Mighell: The last piece that I didn’t mention, I can’t believe I didn’t mention it, is training, training, training. It’s not just enough that you know and you’re smart, but you need to make sure that you and your employees are smart too. And lots of folks out there who will offer cyber security training, who will offer to send test emails to your employees to see if they fall for things, that I think is a really important way to make sure you protect yourselves. So I think this is only going to get worse. It’s only going to be more. There’s just it’s not going to stop anytime soon until, you know, either Bitcoin get shut down or somehow they find a way to make this not profitable, but it is increasingly profitable. So it will pay for all of you to learn how to deal with it and how to protect yourself, and then how to respond to it in case it’s from.

Dennis Kennedy: Yeah, I would say it that we also know that blackmail and kidnapping is never gone away through the whole history of the world. And I did want to mention, Tom, I’m teaching a class in cyber security and data protection in Michigan State this semester. Great students were really having in its own weird way. Fun with the class, but we’re learning a lot. But I’m going to do a practice simulation of ransomware attack and see how the students, what the students come up with who (00:27:35) as in response to that.

So I do think that ransomware Like all cyber security is something that lawyers need to know about to be technologically competent. That’s what my argument with the students. And I take that if you — so you have two things. How do you protect yourself and your firm and then I think even more significant is as a lawyer, what do you do if one of your clients comes to you for help because they’re being attacked by ransomware? And I think you’re in a bad place if you don’t even know what it is or what they might do or how to help them.

Tom Mighell: All right. Before we move on to our next segment, let’s take a quick break for a message from our sponsors.

Midtro: You went to law school to be a lawyer, not an accountant, take advantage of Nota, a no-cost IOLTA management tool that helps solo and small law firms track client funds down to the penny. Enjoy peace of mind with one click reconciliation, automated transaction alerts and real-time bank data. Visit trustnota.com/legal to learn more. Terms and conditions may apply.

Wish you could get a quote and purchased an appeal, trustee, estate or any other court or fiduciary bond quickly online cloning? Colonial Surety Company has every bonds you need and is a direct ensure that US Treasury listed, license in all 50 states and territories and rated A excellent by AM Best so you can be confident, it’s a trusted resource. Get started at colonialsurety.com/podcast.

Looking for a process server you can trust? Servenow.com is a nationwide network of local pre-screen process servers. ServeNow works with the most professional process servers in the industry connecting your firm with process servers who embrace technology, have experience with high volume serves and understand the litigation process and rules of properly effectuating service. Find a pre-screen process server today. Visit www.servenow.com.

Tom Mighell: And now let’s get back to the Kennedy-Mighell Report. I’m Tom Mighell.

Dennis Kennedy: And I’m Dennis Kennedy and it’s time for our segment. We call hot or not. We pick something people are talking about and argue whether we think it is a hot topic that you need to pay attention to or not.

(00:30:01)

We might agree but odds are that we won’t. So let’s get started. Tom, Apple made a bunch of big announcements of actually the day before we recorded this show. So generally, when that happens, that means that you get the chance to call me an Apple fan boy. However, is what we heard yesterday from Apple, hot or not?

Tom Mighell: So I am finding that when a company now has what they call announcement day and this is the season. The fall is usually the season where we start to see a lot of the announcements. The announcements just aren’t as thrilling as they used to be. I mean we used to love watching these because I think we’ve largely reached a plateau in technology where companies aren’t able to offer truly revolutionary products, whether they could do that five or 10 years ago so just, wow, amazing, you know. It’s a phone and it’s a computer, and it’s a podcast device and it’s all in your hand. We just don’t have that. The products are still great, but I consider them part of the kind of expected evolution of these products. If they don’t do a certain amount of update every year, then so what. And so, that’s what I really expect everything to roll out.

So, with that being said, said with 10 being a smoking-hot announcement day and one being ice cold, I will give Apple’s announcements a seven. Good solid products, but nothing amazing. And let me give my defense before Dennis weighs in. So, let’s go down the list. There’s a new iPad. They upgraded the internals to the fast processor, but there’s no change to the look and feel to the iPad itself. So I say, ho-hum to that. Now the one thing that we both agree on is the new iPad mini. I’m very excited about this. I was sad when they stopped updating the mini a while back because I really do like the smaller form factor that is better to me than a Kindle. I use that as a content consumption device and I have already purchased one of those. So that’s the one that I’ve got. It looks they’ve updated it. It’s faster. I’m looking forward to it. So I am excited about that. That is hot.

They updated the Apple watch. I don’t have one. So, Dennis, you can gush about it, but it looks like a nice respectable evolution of the watch. Now even tougher against dust falls, other tragedies. It’s an all-around nice upgrade, but nothing to me that’s just amazing. There are three new iPhones. There’s the iPhone 13 mini. There’s the iPhone 13 and the iPhone 13 Pro where they actually said the statement during the announcement that it’s more pro than ever before which I just don’t even know what to do with that. All of them are faster. They all have slightly better battery life. So I say these are all natural evolutions. The big upgrade really for both the iPhone and the iPhone Pro is on the camera. And Dennis, I know you’re going to talk about this more. They’ve included some really cool features that I think are useful for content creators. They’re going to allow you to make more professional looking videos. There’s a cinematic mode. That looks really cool. Unfortunately, it’s not available in 4K resolution, but that still doesn’t take away from the fact that it’s a very cool feature. Not sure — and I know, Dennis, you’re excited about it. Not sure how that’s going to be how exciting that’s going to be to the average lawyer. But I think those are the most exciting new things that I saw come out of the announcement. So I will say that seven is a good respectable level of heat for this particular Apple event. Nothing amazing, but nothing boring either. So that’s my take. Dennis, let your fan boy flag fly.

Dennis Kennedy: Well, I sort of gauge things on how much, how many of the things the announced that I would actually like to buy. So, in this case and you got away without saying that you’ve already ordered an iPad mini, but I’ve also ordered an iPad mini, but I’ve been wanting the mini type of device and platform for a couple of years. So it was just a matter of waiting for this generation to arrive. And the regular iPad, it’s okay with me but nothing that — it didn’t distract me from just going ahead and getting the mini even though mini is more expensive. The watch, I think there’s significant updates but their evolutionary as Tom says, it’s just nicer in some ways, but what’s really happening is in the software. So, in the rollout, the first thing they showed was all the cycling features even like a sensor to tell that could recognize that you had fallen while riding your bike and that just blew me away as the cyclist like those tools, but that’s basically the next version of the watchOS. So that will run on the watch that I have. So compelling need for me to get the new watch.

The phones. As you said, Tom, it has camera pieces. The what I would say like the power of them, mean there’s neural networking and machine learning built into these phones.

(00:35:02)

And so, as a platform, it can already do some cool things. I expect it to do more. There’s this thing that’s been around for a while that if you’re doing a video, it will kind of adjust the focus, and even to the point where if you move it keeps you in the center of the frame and somebody walks into the frame, it changes the focus so that you’re both in their automatically without you doing something. So, I had to calm, as you alluded to that content creation piece is really interesting how it’s built in there.

Tom Mighell: But really cool. What’s really cool about that let me just say is that it saves the content for both people. So if there’s two people in there so that you can actually go in there after the fact and say, you know what, I put the focus on this person, there they put it, but I really want the focus to be on this person. You can actually change that focus afterwards, which I think is awesome.

Dennis Kennedy: Yeah, and then you can also see just as the technology advancing just so you can take better pictures and I don’t know, Tom, whether you saw the smart friend, Fred Falkner tweeted. It’s kind of funny that they still call these things smartphones because the only feature not mentioned was the phone part of this, which is I take two things that we all know. One is hardly anybody uses phones anymore especially young people and the second thing is the quality of phone calls is probably worse these days than it’s ever been. So I’m really, you know, the phone is at least interesting thing to me as well.

So I think it was hot, but I think it’s just building this platform that the technology just keeps sneaking up on us. So we’re going to have these things where it’s like, wow. It’s like we do have artificial intelligence in our hand. We do have these things. We are able to do these things. But as somebody who creates content, I really like the tools that that’s being put together there. And so, in my case, the new iPhone Pro is really interesting to me because there’s three cameras on it including a telephoto and including white to take macro photographs. So, I just see it as like, definitely a platform that I can use for a while. So I’m heading in that direction. So I’ll give it a pretty darn hot for me on iPhone, iPad side and there are more announcements from Apple to come later this year. But I liked what I saw including some new colors.

So now it’s time for our parting shot at one tip website. Our observation you can use the second this podcast ends. Tom, take it away.

Tom Mighell: I will say first that you did not let the fan boys down by your review of hot or not. So congrats and good on you.

All right. Here’s my parting shot. We’ve taught and I’m breaking my rule by doing this parting shot because I usually don’t talk about things that have yet to be released, but I’m unreasonably excited about this and so I wanted to talk about it. I’ve talked on this podcast before about Readwise.  Readwise is the great tool that will take all of your highlights from your Kindle books, from your instapaper, from your pocket, from places where you highlight things, and they will capture them and then move them on into your, for us, into notion or multiple other tools, ever note other tools where you keep information. So it’s kind of the perfect note taking and synthesis and transport vehicle.

Well, right now what they do is they take all of that from all those sources and move it forward, but they’re thinking to themselves why can’t we just be the source of all that information? So they are building their own reading app that is going to allow you to do RSS feeds. I hope newsletters. If they don’t do that, I’m going to email them and suggest they do it. They’re going to, you can put articles in there. You can put Twitter threads. You can put all sorts of things. So they’re cutting out the middle person. They’re becoming their own middle person and saying, you can read and consume all the information here. Highlighted all here within our app and I’ve been looking for kind of my new favorite RSS reader in a while and I haven’t really found anything. I want this to be that app. I don’t know that it will be and I may very well be disappointed, but everything they’ve done so far I really like and I really think they are taking a good approach to it. So if you like, if you’re already a member of Readwise, you can get on the waiting list for what they call their private beta. Just go — we’ll put the link in the show notes. Just go to that page and enter your email address and you’ll get a notification when they send more invites out. But otherwise, if you’re not, go to Readwise and start subscribing to it. I think it’s a super tool.

(00:40:02)

Dennis Kennedy: So Tom, here’s my reaction to that. Could you put that URL in the Zoom chat for me so I can sign up right away?

Tom Mighell: There you go.

Dennis Kennedy: So by parting shots is something that is not necessarily technology but something that I found really interesting. So I was on a webinar and the kind of Lewis Glassy (ph) who’s an expert on psychological safety was talking and I get talked to him afterwards and I said I’m going to do this design thinking event and I want to get more participation from my students in class. And is there a normally to establish a sense of psychological safety which Google did a study of its best performing teams and the factor they identified most important is something called psychological safety. So how much trust do you have? How willing are you to expose yourself to share your thoughts and opinions is a really key thing? So I said, is it normally takes a long time to establish? And I said, do you have any tricks to kind of accelerate that process? Because I’m, you know, I have this group of 20 some first-year students, and I would like to do have them do this design taking thing. Is there a way to kind of accelerate that sense of trust and safety? And he said, yes, I have something I do. And it’s a two-minute video and it’s by a guy named, Simon Sinek, S-I-N-E-K. And it’s called Be The Idiot. The truth about being the stupidest in the room, and it’s on YouTube. So, you can find it right now by just Googling Be The Idiot, but we’ll have the link in the show notes.

And he describes like how part of his approach is he’s really comfortable with being the dumbest person in the room and asking questions. And you might not think this relates specifically to psychological safety but what I found after I showed this was that both the groups seem really comfortable brainstorming and sharing ideas in ways that I hadn’t seen before. And several of the students said that they really like seeing the video. It’s like one of their favorite parts of the process that we did. So I recommend that and I think it’s the — what he describes there is really useful to lawyers in their practice because I think lawyers sometimes care too much about being the smartest person in the room and the value they bring is asking the questions and asking the stupidest question so that they make sure that everybody’s on the right page. So very cool two-minute resource. Totally recommended.

Tom Mighell: I usually don’t have to worry about being the stupidest in the room. It just comes naturally to me. So that wraps it up for this edition of the Kennedy-Mighell Report. Thanks for joining us on the podcast. You can find show notes for this episode on the Legal Talk Network’s page for the show. If you like what you hear, please subscribe to our podcast in iTunes or on the Legal Talk Network site where you can find archives of all of our previous shows along with transcripts. If you like to get in touch with us, reach out to us on LinkedIn or Twitter or leave us a voicemail as Dennis mentioned. We are coming up on our 300th episode. We’d love to get questions, feedback, recordings or anything. That voicemail mailbox is (720) 441-6820. Please leave us a message. So until the next podcast, I’m Tom Mighell.

Dennis Kennedy: And I’m Dennis Kennedy and you’ve been listening to Kennedy-Mighell Report, a podcast on legal technology within internet focus. If you like what you head today, please write us in Apple podcast and we’ll see you next time for another episode of the Kennedy-Mighell Report on the Legal Talk Network.

Outro: Thanks for listening to the Kennedy-Mighell Report. Check out Dennis and Tom’s book, ‘The Lawyer’s Guide to Collaboration Tools and Technologies’. Smart ways to work together from ABA books or Amazon and join us every other week for another edition of the Kennedy-Mighell Report only on the Legal Talk Network.

The views expressed by the participants of this program are their own and do not represent the views of nor are they endorsed by Legal Talk Network, its officers, directors, employees, agents, representatives, shareholders and subsidiaries. None of the content should be considered legal advice. As always, consult a lawyer.

 

Podcast transcription by Tech-Synergy.com

Continue Reading