Grace and Liel open the show with an update on Camp Lejune as things seem to be moving on a path forward after some turbulent weeks of uncertainty and challenges. The conversation goes on to discuss the advantages and disadvantages the plugins have for law firm websites and why you should pay attention to what gets implemented on your law firm site.
Just as Google announced new E.A.T factors, Neeva shared their search ranking factors for technical queries, and while much of their consideration mirrors what Google considered a ranking factor, there is one particular differentiator that has a massive impact on user experience; this and more in this week’s episode.
Resources mentioned in our episode:
- Neeva shares search rating guidelines for technical queries
- Vulnerability Found In WordPress Gutenberg Plugin?
Send us your questions at email@example.com
Enjoy the show? Please don’t forget to subscribe, tell your coworkers, and leave us a review!
Liel: [00:00:00] WordPress is the most popular content management system on the Internet, with more than 37% market share. It’s also the most frequently hacked CMS. WordPress detected over 2800 attacks per second against WordPress in 2020. I’m Liel Levy, co-founder of Nanato Media and author of Beyond Se Habla Español How Lawyers Win the Hispanic Market. And this is in our podcast where less is better when it’s about plug ins on your site. Welcome to our private legal marketing conversation. Grace Welcome back. How are you today?
Grace: [00:01:02] Good. How are you, Liel?
Liel: [00:01:04] Doing very well, Grace. Thank you very much for asking. Happy to be back. And I think we are starting off the episode with some news and updates. Right, because we were just talking about Camp Lejeune. We’ve just had our episode released Camp Lejeune two weeks ago and kind of like we left it at. We need to hold tight, sit and wait because there is a bill in the middle that needs to first get sorted out and then it can be looked at. What’s the next step for this potential mass tort?
Grace: [00:01:40] Yes. So as we spoke from previously that they had some what they call riders or additional items that they believe should not have been on this particular bill, they were able to pass it. So with that being said, in an 86 to 11 vote in requires 60 votes minimum to pass this, the US Senate passed the PACT Act. It’s a bill that aims to provide health care to veterans that were exposed to toxic substances while serving without forcing them to prove exposure before receiving care. So it’s a very specific bill for a very specific reason. And so that’s why there was some they’re being held up and that kind of thing. But yes, it has since passed and an 8611 vote and now they are just passing it over to produce, to sign. So President Biden will need to sign it and then it is put into action.
Liel: [00:02:37] Grace These are fantastic news and I think very worth acknowledging that pretty much most of the industry that is in mass torts from the legal standpoint got together and we’re good sports about the fact of moderating their marketing activities or stopping their marketing activities as a whole in order to let legislation do its thing. And so now that things have passed and they really have just passed, literally, I can see here within the last couple of days, what’s the next step? Like, can people now start marketing?
Grace: [00:03:19] So yes, they can in theory, right? I mean, it still hasn’t been signed by SCOTUS, but the bill has passed. So the last piece of the puzzle is to have him sign it and put it into law. But at this time it does appear as if they can start trying to assist people that have been harmed by this. So, you know, I think it’s important to note and it’s not specific to the bill, really, but it is the reason that they kind of came up with this was because there’s a law that specific to North Carolina that prevented people that were exposed to toxins from suing. It was from suing more than ten years after the date of their first exposure. So that’s what they consider statute of limitations. That was the limitation in North Carolina specifically. So these people that had been harmed so many years ago. Right, 40 plus years ago, they were not able to file. Once they found out that there was something wrong and able to link it to the fact that it came from contaminated water at Camp Lejeune. So that’s why they they intended portions of the pact act to aid veterans who were previously excluded excluded from these assistive programs. I just wanted to mention that because I think it’s important, particularly for the lawyers that listen to us and and and other people that understand the marketing behind it. The the reason behind the bill is because they did not have any other recourse for those who were harmed so many years ago by this contaminated water in North Carolina.
Liel: [00:04:52] Specifically, as I’ve said, very relieved to hear that this is now looking much better than it looked a few weeks ago, especially up until last week, where things were starting to look a little bit grim. And now finally, it sounds that things will be moving forward. And so I can already tell you that it feels that the advertising landscape for Camp Lejeune has already shifted on the digital field. I started seeing more actual law firms starting to run paper, click ads and such, whereas before it felt that it was more the strategies of lead generation companies. So I guess, you know, this is it. If this is something that you want to get involved into, you need to up your game because it very soon going to be late.
Grace: [00:05:46] Definitely. I mean, this started before it even passed, right? So you can imagine that the the window gets closer and closer and smaller and smaller in terms of the amount of people that are out there pretty quickly.
Liel: [00:06:01] That’s right, Grace. Now, I want us to jump into a different thing, because always in the green room we have interesting conversations that then lead us to topics to talk about here in the podcast many times. And here we have another one. You were telling me that you recently received an email from WordPress letting you know about potential malicious plugins that could basically break your website in the best case scenario and at worst, compromise your data. So, Grace, it’s been a little while since we’ve had our cybersecurity conversation here. And, you know, with most of the law firms having their their websites built on WordPress and many of them relying heavily on not just one or two, but sometimes dozens of plugins, I think it’s a little bit important for us to explain how how do they work and why they can be risky.
Grace: [00:06:58] Okay. So I think the easiest way to explain it to people who don’t quite understand how a plugin can cause vulnerability, right, which is basically keeping you open to possibility of getting hacked or your site, like you said, security wise or information stolen or get into your server or there’s a lot of potential pitfalls to not having a secure site, email, etc., etc.. With that being said, I’m going to start with what Liel was saying, that the plug in I got a notification we use WP Engine, which is a web host that uses WordPress as the basic actual CMS write content management system or website write theme and design. And all of that is through WordPress on WP Engine. Wp Engine as a web host has some monitoring in place and a lot of hosting sites have this ability to monitor your WordPress site, which you have plug ins on. Right. Those plug ins, for the most part are approved, quote unquote, or created and approved by WordPress up to a certain extent. Then there are other plug ins that are created and approved, technically speaking, by WordPress, but they may or may not have certain vulnerabilities that your web host doesn’t allow. So they’re or pretty much always will be a list of plug ins and WP Engine does provide that a list of plug ins that are approved versus those that are not approved and those that could be at risk and particularly if you don’t update. So I got a notification from WP Engine that one of the plug ins that were that had been being used were going to be deprecated automatically because there was a vulnerability that was discovered on that plugin. So it’s not just plug ins, guys.
Grace: [00:08:53] It could be I mean, it could be your theme. It could be your CSIS. It could be the code that you’re using. It could be your markup. I mean, there’s there’s so many, unfortunately, ways to have and expose your site to vulnerabilities. And that’s just on your website side of it. We’re not even talking about email. We’re not talking about your servers. Right. Because a lot of people, while it’s in the cloud and we’re all on the network. Right. And that a network is just a way for everybody to connect to the same sources and information, sort of like your OneDrive and those types of things. All of those have potential vulnerabilities. But if we’re talking about just WordPress, you should have something in place. If you don’t already, you need to get something in place or purchase it from your hosting provider or make sure you’re updating your plugins. Either way, you need something in place to monitor your website, monitor downtime, monitor vulnerabilities, and monitor the fact that your plugins will have to be updated to make sure, just like you update on your phone and app, right? And you update the computer if there’s a malicious malware that needs to be updated so that it doesn’t happen to your computer. It’s the same exact thing for your website just about, right? Liel I mean, anything we touch has to be updated. So it works the same for our websites, it works the same for our servers, it works the same for everything we do. You need to keep it updated, and if there’s a vulnerability that was found, it will either come off your site or you need to take it down.
Liel: [00:10:28] So I actually think you used a very good example here by comparing the plugins to the apps on your phone, because it’s kind of like similar from the standpoint that you install an app in your phone. And basically that app now has access to whatever data you allow it to access on your phone. And over the past few years, we’ve been moving towards a system where the user has more control and gets to decide what actual data apps that are getting installed in your phone have access to similar with plugins, right? Once you allow a plugin into your site, you’re basically giving them a lot of access to the developers of this plugin and anyone who connects to this plugin to kind of like the heart of your website. And while as you were saying, most of the plugins that you would find through WordPress and such are actually vetted by them and they are reliable. You need to be careful into what gets installed, right, because you can always end up installing a type of blocking plugin that can get hacked and through that you can just get some bad things happening to your site, you know, which could be just your side getting broken or from the start. And one day you enter to your side and it’s full of ads in Chinese and Chinese letters, and you have no idea what’s happening. And so basically it’s likely something around those lines or your data can be compromised.
Liel: [00:12:12] Right. And that could be even more devastating. And so what’s very important here is A, what plugins are you allowing into your site? B, what’s your strategy for your web development? Right, because ultimately you need to try and aim for relying the least amount on the least amount of plugins that you possibly can. At the end of the day, you want to have a website that is fast and plugins tend to be one of the reasons that your website can turn out to be slow. They consume a lot of memory on the server and they are not great from that standpoint for the user experience. They’re quick fixes for developers to try to get things to work or to happen or to add functionality onto the site. But the reality here and why it’s not always a great approach to take is that plugins are programmed from different by different developers, different companies with different ideas in mind. Right, and different environments as well. And when you try to mix and match them into your website, you’re always going to have to make adjustments in order for them to be able to co-exist inside your website and not interfere with each other. And that’s kind of like always the battle that goes on when you are using several plugins on your site. And what’s happening there is that whenever these plugins will require an update and as Grace pointed out, you will always going to have to update because other otherwise they’ll stop working and if they stop working, so whatever part of your website that they were interacting with or they were giving, providing it functionality is going to look off.
Liel: [00:14:14] It’s not going to be working. So that’s the reason why you need updating them. But the problem is that sometimes when you update, the new update of a plugin can actually trigger an incompatibility with another plugin. And as a result, now you have a broken site or sections of your site because a newer version of a plugin is not compatible with a lower with a with the current version of a different plugin. And so you’re back at the drawing board trying to fix these things out and that’s why is great not having to rely so heavily on these plugins because otherwise you’re never get out of this circle. So custom code is going to be the ideal scenario here. But of course it also has its own disadvantages, one of them being that it requires a lot of skill. Custom code is custom code. So, you know, once it’s written, it may not be very easy to get another person or another developer to work on it because they may not be able to quite figure out what’s going on in there. And at the same time, it’s costly, right? Because it’s not the same to just go into a builder in WordPress and just use that to build your website.
Liel: [00:15:36] The level of expertise that you need to have as a web developer is quite different is that that’s where they call them frontend and backend developers. Right upfront and developer can potentially build a website using a builder inside WordPress, the backend web developer or Fullstack one will be able to do it on on custom code. So it requires a more advanced understanding of web development to be able to pull that one off. Yeah, it’s a really, really good reminder, Grace, because especially when you when you’re coming with all of these demands to your team that you want this and you want that in your website and so forth and so on, you know, you’re putting your web development team under pressure and your team under pressure to deliver on those things. But it’s always good to ask, how are they actually implementing the solutions? Because in an effort of trying to please you with all of your requests and all of your ideas, that you may be compromising on these other things. So it’s very important to stop for a moment and understand the complexities that are behind wanting to have all of these carousels and slide bars and hero videos and, you know, pop up notifications in and out. How are all of those things being powered up? Because if it’s all happening via different plugins, then you’re overloading your website and at the same time increasing its vulnerability 100%.
Grace: [00:17:01] You know, I mean, it’s again back to the apps because that is the easiest way to explain it to anybody that doesn’t quite understand how you could be vulnerable. You may remember back in the day, particularly with the first versions of the iPhone, if you were like me or like Really, I didn’t personally do this, but a lot of friends did at that time. They would jailbreak their phone, right?
Liel: [00:17:24] Oh yeah.
Grace: [00:17:25] Do you remember that? So yeah, people would quote unquote jailbreak their phone and add apps that weren’t previously approved in the Apple Store because they wanted an app that was available on an Android but not on iPhone. So, you know, I might I. Got to say, my daughter ended up doing that, as a matter of fact. And her computer. Well, the phone was spritzing it completely. Like she when she loaded this particular app, it ended up destroying something and totally having to download from Apple, the OS, the iOS and roll it back. I had to uninstall roll it back and then reinstall like it was a brand new phone and that’s the only way I was able to fix it. But the reality is it may not have been fixable. Right. Because once you’re open to a vulnerability on your computer, your phone, your website, if you don’t close that out or you’re not aware of it, it’s everything could go down, right? It could crash. You may not ever get it again. I mean, it could be any number of things. But either way, you need to be aware of this and you definitely need to have something in place to monitor uptime, to monitor vulnerabilities, security. Same with your emails, right? Kind of native to a lot of office three, six, five and g suite things. They have security in place, but there’s user error potentially. There is, you know, the installing of something on the administrative level that maybe shouldn’t have been.
Grace: [00:18:58] So it’s a lot of little things that unfortunately they’re getting more and more sophisticated. I mean, there’s emails coming through from people in your company somehow, some way with their full signatures. You can’t even tell that it’s a fake one until you look at it. And you were not expecting that email. That happens to us. You know, it’s happened to us. You actually very recently we got something from one of our engineers and it definitely wasn’t him. I knew it wasn’t him because of the way the email was written. But I was lucky enough to know that because I know this person. So I was able to say, Hey, sent a screenshot. I’m pretty sure this is a someone somehow hacked your email, has your signature, looks like it’s actually from you. But then I look at the headers and it says this and the body is not something you would ever send. So what’s going on? And he was like, Oh, let me check, let me find out. And we immediately sent that to our IT provider. They went ahead and dug deep and checked it out. But, you know, I was able to tell, I was able to stop it and there was nothing that happened after that, but it could have been very easily. So it’s kind of a scary prospect and we’re not trying to scare anybody here, but cybersecurity is so important and they’re getting way, way more sophisticated than ever. It’s kind of scary.
Liel: [00:20:20] Yeah. You just need, you know, keep keep your eyes open, keep your network connections secure, right. Limit access and use VPNs. And just to wrap up here, a lot of times people think like, well, I built a website, why do I need to pay someone to maintain the website every month or such? I mean, that’s it. It’s built, it’s there. I don’t want to rank. I don’t want I just want to have it there. Well, you still you still need to give maintenance to your website because of these things that we were talking about. There are there there are things that that that move and break. And one of the reasons that caused that is are the plugins that are inside your website. So. Okay. Grace, the last topic that I wanted us to talk about today is a very interesting article that came out with regards to the way that Neeva ranks pages in its search engine. So just a quick reminder for all of those who’ve don’t know what Neeva is, Nivea is a search engine that is putting privacy first, meaning that it’s not tracking you and it’s also not selling you ads or serving you ads. It’s the right term. And the whole idea here is that this is a user powered platform. So you pay an actual membership to be able to use Neeva rather than the platform making money out of serving ads. And it’s a big game changer because still up until today, the biggest search engine, particularly Google, is ad powered platform. They make their whole money out of ads. So while Google has the interest of serving ads to users, it obviously going to have bias way about ranking pages.
Liel: [00:22:29] Right. And that’s one of the biggest complaints that I’ve seen Grace. And I’d love to hear your experience about it. Right. You search something in Google. Something that is about how to do something or how to troubleshoot something or something that you want to learn more about. Right. And Google gives you listings or organic listings that actually have the right information, at least on the meta. It all looks nice. It looks. This is exactly what I want. And you click on the site. But then when you get to the site, the first thing that you see is a display banner right in front of you and the title. And then you scroll and there is like a tiny paragraph with three lines and then another display banner, and then you scroll a little bit more and it’s kind of like the second part of that first paragraph and then another display banner and you’re just getting bombarded with at ads while you’re trying to navigate through the content, which I mean, let’s face it, oftentimes, like how many times it has happened to you that you get to the page, you start reading it and you’re like, This is nonsense, and this is just keyword stuff, written content by probably someone that has no idea about this topic. And they were just strategically trying to write something here that was going to rank. And then you have all of these terrible experiences with all of the ads. So not great. Grace. And I want to hear, have you ever experienced that and what are your thoughts?
Grace: [00:24:10] Yeah, actually, I have quite a bit. And it’s it’s really annoying. I remember when back back when the very one of the first things that not first things but one of the first things that Google did in terms of popups and advertising all over people’s pages was they not banned? But they basically told you straight out, if you have an interstitial pop up or interstitial ad or a pop up that requires you to fill out an email address or any requirements on the user for them to be able to access the content that is supposed to be free that you are looking for. They were going to thing you, right? It was going to be a problem. So, you know, when I get on sites and they have ads at the top on the side and I have to click to close the ad because it’s covering the content.
Liel: [00:25:04] Or especially that one.
Grace: [00:25:05] Oh, it drives me completely insane. Like I cannot stand it. I get I get upset. I won’t ever truthfully, I won’t probably ever visit that site again. And I will specifically find a way to remove it from anything I’ve ever visited. And if I see it as purple because I visited it before that link, I will avoid it and I’ll bookmark it just not to visit it again.
Liel: [00:25:30] You’re you’re going to try it. You’re going to start a campaign against that website. So, Grace The reality is that a lot of users are feeling that way, right? And, you know, not to get into that topic, but that’s where the rise of the forums is coming from, right? People starting to go to Reddit and ask their questions and their queries there rather than to Google because they prefer to see real user generated content than actually this content which feels like it was sometimes machine generated just in order to get the page to rank so that you can go and click on it and then just eat up like ten different ads while you’re on the page and then Google can actually sell those impressions to an advertiser. So the way Neeva works is completely different, right? There are whole things we want to put the user in front of everything. That’s our main interest. It’s to meet their needs. And therefore, according to what they’re stating here, they actually use humans to understand what is the intent behind our queries and to assess the quality and the search results they’re going to serve. So for query understanding, they kind of have six categories. One of them is how to. So user is searching for instructions to complete a task error. Troubleshooting something went wrong. Users is searching for a solution, right? Educational learning who, what, where, when, why? Those type of queries, product thinking or comparison user is searching for a new product tool or comparing products tools.
Liel: [00:27:12] Those are like, for instance, Canva alternatives, right? That would be a comparison or a product seeking query. And then there is navigational. One user is searching for information on a person or an entity. Here we’re probably branded search terms will fall and then there are some big ones which are unclear. Right. Of course, the search engine just cannot understand what the user is after. Now, that’s great. That makes a lot of sense and probably you would think Google is doing the same. So that’s really not mine. You know, nothing really unique about that. But here is interesting. Here are the different ratings that they are giving to pages and they have three categories. So very simple, low quality, medium quality and high quality. So what would be considered a low quality page? Well, it has dead pages. So errors, malware, pages, porn and no say for work pages, foreign languages, pages behind a paywall. So foreign language is very interesting. Foreign language from the language that the search query is on. Right. So they’re not going to serve you a page in Spanish. If your search queries in English, they’re not going to serve you as as a page in English if your search queries in Spanish and clones. Duplicated pages. Now let’s look at their medium tier. Write the medium quality pages. And I and just like the first point that will automatically make you or categorize you as a medium quality page is there are at least three ads in the page or one large.
Liel: [00:28:50] So trees, crawling ads, the ones that we’ve just talked about that are like little squares that show up as you’re reading the text. If you have three of those, you already consider a medium quality page. If you have one large banner ad, you already consider a medium quality page. Or if you have interstitial or video ads. Right? So. Basically that overlaying video that comes in the middle of the screen and blocks you half of the screen or the entire screen. What did you exactly what you were just talking about? So all of those things are automatically going to put you on medium quality. So basically, what’s the message here? Doesn’t matter how good the content of the page is, if you are saturating your page and I must say one large banner ad is not really saturating, but still they’re saying that’s enough for us to consider you medium quality page so you’re not going to get prioritized. So really, really interesting. And that’s, I think, the biggest and most significant differentiator that we can find between the Neeva experience and what potentially you’re still seeing in Google Ranking High, the first results in many cases. Now, another one here is Page is five years old and I’m assuming without having been updated. So so that’s a good one. How many of you in your law firms have pages that they’ve been sitting there for six, seven years? Nobody’s touched them. Nobody is actually going to update them and such.
Liel: [00:30:19] So those pages are considered, you know, ineffective pages. And they will not rank the page load slowly. Of course, you know, page speed. We know it’s an important factor. Format of page makes it difficult to interact with information. So user experience, text size, all of these different things pages behind a log in or a non dismissal email capture question page with no response, right? So all the different things that would interfere with the user experience. Now what would they consider a high quality page? Meet the criteria. So it has to be five years or less meet the criteria. So ideally no ads and then be well formatted, right? So, you know, very, very basic stuff. Have a great experience, make sure that your content is recent and relevant and do not try to to overwhelm the user with too many ads. Now then they have a different thing. They have the page match. And so that’s the third element that they take into consideration. And basically what page match is, they want to know what’s the match between the query and the actual web page. So poor match will mean a significantly poor match will mean does not load page is inaccessible. So it’s kind of a little bit of a redundancy of what we just went through. But this is basically another set of categories that are they’re going to be taking into consideration especially poor match page is wholly unrelated to the query. Missing, missing key terms.
Liel: [00:31:55] Poor Match page may have some query phrases, but not related to the query. And so you see here how Neeva is trying to get through and overcome keyword stuffing, which is sometimes when you are just getting into a website where you are trying to find best places to read to rent a car in Cancun. Right. And you just go to the search results page and there is an actual listing on position number one that has that as a title. It all looks great and perfect. And then you get to the website and you start reading these little paragraphs in between ads and it says five times. So here is how to get the best rental car in Cancun. In our research, we found that the best place to get a rental car in Cancun. And like you continue reading over and over and over again and you just read on the same keywords and it’s just not what you want. It’s just serving you the same sentence over and over. Non-dominant match pages related to the query and useful but not dominant intent shown satisfactory match. This page satisfies the query but may have to look elsewhere to round out the information. Solid match the page satisfies the query. In a strict sense, there is not much extra or beyond what is asked for. Wonderful match. This page satisfies the query in a robust, detailed sense. It anticipates questions, pitfalls that may come up and or adds appropriate framing to the query.
Liel: [00:33:26] Vital Match. This is a bullseye match. It is not available on all queries. The user has found exactly what they are looking for. I think it’s very, very interesting, particularly when they try when they start categorizing the relevant search queries. And I really like the one that it says wonderful match. This page satisfies the query in a robust, detailed sense and anticipates the questions pitfalls that might come up and or adds appropriate framing to the query. And so whenever you’re designing your practice area pages, this is exactly what you should be keeping in mind. This is how much you should go in to providing content and useful content and writing the content in a way that. You’re not just meeting up the search query of the user best personal injury lawyer in San Antonio, but you are also answering the different questions that may come up to someone while they are in the page researching about the best personal injury lawyer in San Antonio, right? Grace I think, you know, this is a wonderful exercise of understanding how to better create websites and content and pages that put the user first above anything else. And I have no doubt, particularly in the legal industry, that for as long as you. Implement these best practices, you’ll continue to rank high up in Google and you can rest assured that Neeva is also keep you on their list of wonderful matches and solid matches. So Grace. Any other final thoughts on this topic?
Grace: [00:35:12] You know what? I’ll add one more thing, really, because it’s very clear on here kind of what has to be done, in my opinion, to your site to make sure that your pages come up for user intent. We’ve talked about that quite a few times. So I would say take a look at your pages. And I mean, just start with the old stuff, right? If stuff hasn’t been updated, if things haven’t really been looked at for a while, I would say for me, that’s the first and best place to start. You know, start cleaning up the content that you have on there or updating it or finding the holes and you build for your user. Don’t build for you, don’t build the content for to soothe or help your ego. Content is for the user. Content is to help people find what they’re looking for when they search. So just always keep that in mind. Whatever you do, whatever content you have created, it’s for the user. It’s the user intent that is always going to drive traffic. And if you don’t ever have that and if you don’t have that in mind and you don’t understand that, hire a company that does because you will never get traffic, you will never get anything, and your rankings will start to drop more and more if you ever had any ranking, if you don’t follow basic cleanup and procedures, that’s all.
Liel: [00:36:31] Yeah. So that’s your first take away Grace, because it’s actually pretty good and very relevant to the conversation we had. And I would just add to that that I think most websites could actually use a good focus on updating their content rather than creating new pieces because a, it’s not a healthy it’s not good for your strategy to be adding pages and pages and pages endlessly to your website when there is way more value in you just making existing pages more robust, more comprehensive and more up to date. So whenever you’re looking at your KPIs for SEO tasks and performance, make this one an important one. Updating content and and I think it’s super important for you to have a good understanding as what’s happening in the market in terms of your competitors, how long, how extensive, how well structured are their practice area pages that you’re competing up with and how can you make yours better than that? Super, super important. Grace. So stop only focusing on creating and publishing new pages every single month. Focus more on making the ones you already have better and start with the pages that are of more importance to you. So excellent take away. Number one. Take away number two, Grace. Let’s make it about cybersecurity and plugins. Right? Try to lose. I mean, sure, plugins are necessary. Even in custom code websites, you’re still going to need to use a few of those, but be sensible with the amount of plugins that you use and just make sure that if you are using plugins that A) you’re giving them the right maintenance and B) that they come from from reliable and approved sources.
Grace: [00:38:16] Definitely. And you know, for me, it brings up a third. And if you don’t have a cybersecurity policy in place for your company, you need to implement one yesterday. It is of utmost importance that anybody understands exactly what they have to do if they make a mistake and click on a phishing email, if they make a mistake and do anything right because we’re all humans, we can all make mistakes. But what do you do after it happens? So yeah, cybersecurity is so important and with the remote workforce that we have, with everything kind of going digital, almost everybody’s digital, you need to have a policy in place, whether you’re a one person company or you’re a 1000 or more person company or whatever, you need to have one in place because people need to know what action they have to absolutely take to protect the company.
Liel: [00:39:11] Yeah, especially law firms, because you have sensible and personal data from your clients in there and it’s vital, right? You’re one of those organizations that you can. Well, it would be quite harmful if you have a data breach. So Grace, you know, just to make even more rich, this final takeaway that you’re giving, what would be three reasonable steps to follow if a team member were to suspect or know with certainty that they have been hacked subject to some sort of, yeah. So compromise.
Grace: [00:39:46] The first thing that we usually do is obviously you need to tell your IT department because they have certain things in place that they can go check. And one of the first things they will do, generally speaking, will be to reset your password. And then from there, they will verify if anything has gotten into your computer, then the server, and then they’ll just keep taking it a step above that every time to see what might have happened if anything happened. So one of the first things you do is you must inform somebody in your department. That is what we always instruct everybody to do because we’re humans and we make mistakes. So I think people sometimes might be scared to do that. So you need to create a culture of not being afraid to say when something happened, right? Because if it is if there if people are afraid to say they made a mistake, that they clicked on something that they shouldn’t have, you’re going to have a systemic issue at that point and then everybody’s computer will be compromised and everybody’s situation will be compromised. So it’s imperative that you start there. One of the actionable things you can do is to create a culture and let everybody know if there’s a phishing attempt. They believe there was a phishing attempt. They believe they were hacked. Anything like that, they must immediately inform the appropriate parties so that they can take action as soon as possible. The quicker you can take action, the quicker you can hopefully mitigate the risk, because that’s what it’s about. It’s about mitigating the risk that you are now opened to because of a click. Or situation or a plug in. So for for me, that’s the first thing is to make sure everybody understands that if there’s a problem, they believe there’s a problem or if they even have an inkling that there’s a problem, you inform your department and allow them to take action that they need to take to fix any potential pitfalls from and mitigate the risk.
Liel: [00:41:42] Love that Grace. Create a culture where people can come up with their concerns. When things didn’t go their way, they made a mistake. It’s important. All right, Grace, thank you so much for another great conversation. And we’ll be back. Maybe we’ll skip next week. We’ll see, but we’ll certainly be back sometime soon with another conversation. Thank you so much.
Grace: [00:42:05] Thank you, everybody.
Liel: [00:42:09] If you like our show, make sure you subscribe. Tell your coworkers leave us a review and send us your questions at: firstname.lastname@example.org. We’ll see you next week.