Upgrade Your Website Security with Jonathan Hochman

In this Episode

• [00:20] – Stephan introduces Jonathan Hochman, a Yale University graduate with two degrees in computer science. He has worked as a sales, marketing and technology consultant for 30 years. 
• [04:55] – Jonathan gives some examples of the risks of owning an unsecured website. 
• [11:00] – Jonathan discusses the software CodeGuard and how it can help protect your website.
• [14:36] – According to Jonathan, computer security is a triad called CIA which means Confidentiality, Integrity, and Availability.
• [21:00] – Jonathan tells the story of how PODS won a case over U-Haul for corrective advertising.
• [26:21] – Stephan and Jonathan talk about the impact of doing malicious acts in SEO, trademarks, fabrication of online reviews in a company owner or business’ reputation.
• [30:15] – Jonathan states the advantages of having Professional Liability Insurance and why everyone should have one.
• [36:33] – Stephan and Jonathan explain why it’s always a good idea not to hold grudges against people and deal with business professionally by negotiation.
• [41:27] – What to do if you’re a victim of character or reputation attacks?
• [47:25] – Visit Jonathan Hochman’s website at hochmanconsultants.com to learn more about him, their services, or read through their trusted SEO, PPC, and web design advice.

Jump to Links and Resources

Transcript

Jonathan, it’s so great to have you on the show.

Well, thank you for inviting me.

You’ve been on here before. You were on, I think it was 2016. It’s a long time ago, five years ago and that episode we focused on Wikipedia, what to not do, so that you don’t get the Wikipedians angry and coming at you with pitchforks because there are a lot of marketers who want to get into Wikipedia and are doing the right things. That was a fantastic evergreen episode. There still is such important content there for anyone who is interested in Wikipedia to go and consume.

In this episode, we’re going to talk about malicious actors, malicious behaviors, malicious marketing, and how to stay clear of that so we’re not caught in the crossfire or we’re not affected by it. Who knows where else we’ll go in this discussion, but let’s start with malicious actions that happen online. How do you know about this stuff? How do you get involved in this? I know that you have some background in computer science and particularly internet security. Maybe a bit of your origin story and how you got into this area of study would be great.

Internet marketing and Internet security are closely related because it's all about identity. It's about figuring out who you're dealing with online. Share on X

Sure. It’s interesting because people often wonder, Hochman, why do you get involved in internet marketing and internet security? How are those two things in any way related? It turns out that they are closely related because it’s all about identity. It’s about figuring out who you’re dealing with online. With advertising, you’re trying to get some information about the viewer in order to show them an ad that’s much more valuable. A personally targeted ad might command a rate that’s 12 times higher than an untargeted ad. This is crucially important for publishers. 

At the same time, if you’re trying to protect the system when someone’s trying to log in, you’re also asking the same question. Who is this? Is this an authorized person? Is this an unauthorized person? It turns out that a lot of the methods that are used to do ad targeting are closely related or the same as methods that can be used to detect synthetic activity and threats. In fact, the first area where these two things intersect is ad fraud.

When publishers are targeted with an ad fraud attack, someone will typically go out and create multiple identities to go click on the ads. Sometimes the publisher is complicit in this, sometimes they’re not. The person who gets hurt in the end is the advertiser because the advertiser is showing ads to fake people. This creates huge problems. 

I’ve been exposed to these things through litigation consulting. I’m a consultant, so people come to me with problems. It happens that the worst of the problems are usually turning into lawsuits. One thing has led to another, and over time I got more and more law firms as clients. That’s where I’ve had a chance to do a real-world investigation of ad fraud.

There’s more than just ad fraud going on in terms of malicious actors. There are SEO activities that are happening where they’re hacking into websites, dropping the bad links and hiding those bad links from the website owner, using cloaking or whatever techniques. There are lots of things going on and our listener or our viewer needs to be aware of these things, right?

If you have a website, there’s a risk that someone’s going to break into it.

Yes. If you have a website, there’s a risk that someone’s going to break into it. Not because they really care about you or hurting you, they’re just doing it to get a platform where they can put some landing pages for a phishing campaign. Naturally, they don’t want to register their own website to do malicious activity. They prefer to just break in and use someone else’s. Much the same way criminals will often steal a car and then go use the car to do drug buys or drive-by shootings because that car isn’t theirs. It doesn’t trace to them.

You have to be mindful of that with your website. But there are worse problems if you have a web application if you have a shopping cart, or you have an online store. Maybe it’s your larger operation and you store some payment card information. You have to be really mindful of that. Obviously, you have a PCI compliance. 

Let’s say that you’re just a health care system. You have big problems with HIPAA compliance. I’ve seen cases that resulted in many, many millions of dollars with settlements paid just because someone’s medical records got stolen, so these are real problems. Keeping those websites secure and keeping web applications secure is a major challenge for many organizations.

You mentioned HIPAA. For those listeners who aren’t familiar with HIPAA compliance requirements because maybe they’re not in the healthcare space, that can still affect you because (as you said) someone can use your website as the vehicle to break in and steal medical records, violating HIPAA compliance, and you are now embroiled in this mess.

Yes. There are other areas in malicious marketing that are quite common now. Another one is just a reputation attack. People can set up websites to slander somebody or they can post content to an existing website to trash someone’s reputation. This can quickly lead to a lawsuit. It becomes a thorny issue. Where does free speech end and where does defamation begin? 

There are other areas in malicious marketing that are pretty common now.

Another problem is in trademark cases. There are times when someone is using a competitor’s trademark in keyword advertising, for example, or they may use it as part of an SEO campaign. That can lead to a rapid deterioration of the situation including lawsuits.

These are all things to watch out for. We should probably drill into some of these, maybe talk through a few real-world examples to understand what this all means for the typical website operator or the typical website consultant.

Let’s do that. I’ll share one of my personal stories to start this off because this was definitely a learning experience for me, painful one and expensive. It happened in, I think it was 2008, plus or minus a year. I spoke at an SEO conference where I was talking about WordPress, SEO, security, and all sorts of WordPress-related topics in that session. I didn’t cover WordPress security much but just apparently it was enough that somebody in the audience decided that they were going to teach me a lesson that I was not qualified to talk about WordPress security.

They hacked my site, my WordPress blog, and just put some back doors in there that it cost a lot of money to finally remove. The hacker just came back again and again and we just couldn’t get rid of them. That was awful. It went on for probably six months. 

I eventually gave up and actually switched platforms. I moved from WordPress to b2evolution. It’s another fork of B2, WordPress being the most famous fork of the B2 blogging platform, but b2evolution was a minor competitor. It didn’t have the same known security vulnerabilities and once we switched over, we didn’t get hacked again, but that was horrible.

A cautionary tale. I was apparently arrogant in my presentation and I didn’t realize that. But that doesn’t give anyone the right to target you for an attack. It is what it is. That was a long time ago. I learned some lessons from it and it hasn’t happened again, knock on wood.

Wow. The last invention I did, CodeGuard, was actually designed in response to a situation we had were one of my developers had his Dreamweaver software hacked. There’s a password cache in Dreamweaver. He simultaneously had all the passwords for all the websites he was working on stolen. Every single one of those websites got hacked all at the same time. 

What we learned is that trying to fix a hacked site is really hard because it’s really hard to get all the worms, trojans, backdoors, and everything out of the site. It’s much easier to just erase it and restore a clean backup from prior to the attack. Then you patch and secure at that point.

It’s very hard to completely remove. Once something’s been compromised, you pretty much have to erase it, then just rebuild it. Trying to figure out all the different places that someone could have put things in there is very, very hard.

Yes. I learned that one. CodeGuard, what was that software? What did it do?

What it does is it just monitors your website files and database, and whenever something changes, it just grabs the change. It has an embedded Git repository and just checks it into Git. You don’t have to know how to use Git. You don’t have to think about it. There’s no discipline involved. Good security is something that operates without discipline because most people don’t have discipline. Where if they do have discipline, there’s eventually a failure of discipline.

CodeGuard is good for small website operator. It gives them the ability to be really resilient. If something goes wrong, they can just go back to yesterday’s version of the website. It also allows you to set WordPress to instantly apply all updates. You just automatically apply all updates, don’t think twice about it because if something breaks, you can always go back.

If somebody compromises your website, you can't count on the website's backup to work properly. So you need to protect yourself at all costs. Share on X

The reason why you’d want this versus just using the built-in WordPress backup is because I’m guessing the hackers know that you’ll try to restore from backup, so they will infect the backups as well?

Yeah. Here’s the situation. It’s very simple. I asked this great question to my thesis advisor long ago. I said, “is there any way to do a secure transaction on a compromised machine?” The answer is no, you can’t. If somebody compromises your website, you can’t count on the website’s own backup to work properly. The idea behind CodeGuard is that there’s a second system independent of the first system that’s actually checking the first system and doing the backups. That protects you much better.

The biggest problem with a lot of backup systems is that you go to use the backup and it doesn’t work. That’s devastating. I also recommend the same thing. This strategy works equally well for your desktop or your laptop and for your mobile phone. For your mobile phone make sure you have iCloud backups turned on. Pay Apple the extra buck or two a month if you need to get the storage. With your desktop, you can use OneDrive, you can use iCloud. Again, you may have to pay for storage but backup your computer, always.

Make sure there’s a backup and make sure it’s running daily, automatically, and that is storing the data somewhere totally independent of your location. People try to do backups on a hard drive, it doesn’t work. If your house burns down or has a flood, that doesn’t work.

Right. You need to have multiple backups and those backups, at least some of them need to be offsite.

The biggest problem with many backup systems is that you use the backup, and it doesn’t work.

Yeah. I have two computers, so it’s great because I use OneDrive and I sync between the two computers. It’s not only backing up, copying everything into the cloud, it’s also using that to keep my two computers in sync. Then whenever I decide to replace a computer, I can literally just take my old computer away, erase it securely, get rid of it, buy a new computer, and I just restore from backup. And now, that new computer has the same personality and data as my original computer. It’s just new hardware.

But doesn’t the cloud provide another point of vulnerability for you? You’re putting all your stuff in the cloud, can’t the cloud get hacked.

Everything can get hacked. The cloud is operating via Secure Sockets Layer. The traffic is encrypted, so I’m not really worried about the traffic. Yes, someone could hack that OneDrive account, maybe. But it’s not that common. It just isn’t happening very much. 

Computer security is a triad. There’s an acronym which is called CIA, and it’s not the Central Intelligence Agency. The CIA triad is Confidentiality, Integrity, and Availability. Those are the three characteristics of a good security system in a computer network.

Confidentiality, I think we all understand what it means. It means that someone unauthorized can’t get at that data. Integrity means that you’re checking that the data has not been improperly altered either by error or malice. Availability means that your system is up. You’re not suffering a denial of service attack. When you use this cloud system, the advantage in availability is very strong because it means that your files are always there if you need them. I can literally use my iPhone to look up any file I need in a pinch. Any file that’s on my computer, I can get out from my iPhone as a high utility.

Everything can get hacked.

There is some minor risk that it’s slightly increasing the attack surface but really not that much when you weigh the risks and benefits. I could build a great security system. I had a systems professor. He said that there’s a way to build the perfect security system. What you do is you take your computer, cut the network cable, put it in a copper-lined room, you have one operator there, you lock the door, you have a soldier standing behind the operator with a gun. If he comes the least bit suspicious, he shoots. That’s perfect security. But it’s also not very practical. It’s not useful.

Yes and when you mentioned the I in CIA as integrity, that is circling back to your whole CodeGuard model doing things like checksums on the data to make sure that the code has not been altered on the website.

That’s right. It’s actually something called file integrity monitoring. In addition to doing backups, CodeGuard is also a file integrity monitoring system because that’s how it actually knew what to backup. It would look for any change in the file. When it would take the backups, you can also have it email you and tell you what files have changed. You get inventory. These are the files that changed on your website today. If something changes and not expecting it to change, that might tip you off to the fact that someone has hacked into your site.

Got it. The idea of a cloud-based backups is based on this concept of file integrity monitoring and file change monitoring because a full backup every single time is quite expensive and time-intensive, so doing incremental backups, the changes get copied over the entire hard drive or document root folder.

Yes. I guess I’ll plug CodeGuard here and I no longer own it, so it’s no longer a benefit to me, but I still am a customer. Believe it or not, I have to pay to use it and I still do. We have a policy. We don’t touch a client website until we’ve taken a backup of it first because the worst thing you can do is touch a client website and break something. Once you break it, you own it. You really don’t want that scenario. You really need to have backups before working on a client site. It can save you so much heartache. If you accidentally delete the wrong file and you need to get it back, there it is.

You need to have backups before working on a client site. It can save you so much heartache.

Yup. Very good. Let’s go back to some of these cautionary tales. I want to share one more and I want to hear some from you and your experiences with clients, different cases, and stuff, things that are not confidential that you can share. 

One interesting story I can recall, I spoke at a BlogHer conference, Women’s BlogHer Conference. My daughter, Chloe, my oldest—she’s now 30—was co-presenting with me. We were doing an SEO session for bloggers. After the session finished, we got mobbed with people wanting to get the books I was giving away, getting questions answered, et cetera.

There was one lady that my daughter Chloe saw in the bathroom during the break and she was sobbing. She told Chloe what was going on after Chloe approached her and said, are you okay? What happened was she said, “I had lost all of my posts that I have been working on, that I’d written over the last X number of years. I don’t remember if it was a hack or it was some sort of hardware failure.” She lost everything and she didn’t have a backup. 

I mentioned during the session Wayback Machine archive.org, and how it has copies of most websites. She was just crying with gratitude and relief that she could recover her website at long last by going to archive.org and using the Wayback Machine. 

That’s a great story. In the early days, I have actually done that on at least a couple of occasions. Had a website, something lost, we went to archive.org, found it there, and restored it. It’s not the most efficient way. Archive.org is not necessarily complete so you don’t want to not rely on it too heavily, but as a last resort, it could be helpful. 

Yeah, and she thought she was out of options. She just had come to terms with the fact that her life’s work in terms of blogging was gone and this reignited her hope that she could get back.

That’s fantastic. 

that was really, really exciting and very happy for her. Maybe you could share a few examples of situations, maybe you’ve experienced, your clients have experienced, and what we can learn from them. That’d be great.

In backups, I don’t have anything I totally want to share just because there are a couple of fun situations, but they’re kind of confidential. I could talk about some of these other areas I mentioned, though. I talked about defamation being a big problem, reputation, and also keyword advertising and bad SEO practices where you kind of trample on someone else’s trademark. 

Maybe those are our good ones to talk about because people often think, well, I can go do this. If I can do it and get away with it, that’s fine. They feel like the Internet’s the Wild West and then they’re surprised to learn that it isn’t. 

Yeah, let’s go through some of those. 

I guess I can share with you some things that have appeared in public, sort of have been exposed in the public dockets. One of them was a 2014 case between U-Haul and PODS. U-Haul going out there and decided to optimize their website for the keyword ‘pods’ and they had used the word ‘pods’ all over their website. They were saying, well, this is a generic word. We can do this and PODS didn’t agree. You’ve seen PODS, right? The big white storage containers. 

They feel like the Internet’s the Wild West, and then they’re surprised to learn that it isn’t.

Yes. 

They didn’t agree. I was in this case, I was working for U-Haul. Chris Silver Smith was working for PODS. 

Chris, by the way, was a past guest on this podcast and you know how Chris ended up getting that gig? 

No. 

I referred him. 

Oh, really? 

PODS asked me and I wasn’t interested. I just don’t enjoy getting involved in litigation, so I passed that on to Chris. 

The secret is that I spent a year in law school and early in my career sort of a knockdown drag-out lawsuit. I’ve kind of gotten used to it and bizarrely enjoy it. I do see Chris around. He does a lot of these reputation cases. 

Yes, he does.

Computer security is a triad. CIA: Confidentiality, Integrity, and Availability. These are the three characteristics of a good security system in a computer network. Share on X

Anyway, they were taking a big risk by doing this. They felt that this pods was a generic term, and they could use it, PODS didn’t think so. PODS sued them in the Middle District of Florida, which is PODS’ home territory. They went into court and after a lot of expense and preliminaries, it finally came down to it and the jury did not agree that this term was generic. They thought that this was sort of intentional U-Haul trampling on the smaller competitor. Trampling a smaller competitor is punching down, is generally not a good look. That’s not a legal or expert conclusion. That’s just social. People always favor the underdog. 

U-Haul got hit with a $60 million judgment for this and I can guarantee you that whatever traffic or additional business they got from doing this was in no way worth that. Eventually, there was an appeal and finally, the party settled. It was a huge mess that essentially the web design, web advertising, and marketing got the company into this big, big mess. It’s usually not a good idea. 

I tell people don’t go whacking the hornet’s nest. Try not to be antagonistic to other people if you don’t need to be because it’s really not good to find yourself in that situation. 

Yeah, that’s just the law of karma right there. 

There have been many other cases. I’ve had cases where very commonly, it’s a mistake. Often, someone has a search marketing agency that picks keywords, and Google will happily recommend your competitors branded terms. They’ll say, oh, yeah, try this term. So you throw that term into your campaign and it’s not against any rule to use a competitor trademark to trigger an ad. 

The problem is, when Google recommends to you the competitor trademark, and you’ve got a dynamic keyword insertion ad in that group, now, your competitor’s mark starts appearing in your ad. When they get a screenshot of that, they’re going to be livid. They’re going to go to a lawyer, the lawyer is going to say, let’s go destroy them, and you get this lawsuit. I call it the ‘gotcha lawsuit,’ because often the amount of harm done is tiny compared to the amount of money spent on lawyers fighting about it but it’s still unpleasant to get drawn into that.

Try not to be antagonistic to other people if you don’t need to.

I had a case where one ecommerce website was suing another because something like this had happened. Finally, we got it settled because I pulled up the Google Analytics data and showed, look, there’s only been 3000 pageviews. The average revenue per page view on this website is like a couple of dollars so you’re looking at maybe $6000 worth of harm done here. It’s in no way worth it for you to continue pursuing this lawsuit. And that worked. The parties were able to settle, everyone went home, and that was the end of it.

It can get worse, though, if those pay-per-click keywords are then incorporated into the website as SEO keywords, even if they’re used in a useless place like the meta keywords tag that is further evidence of malicious acts, or seemingly so, by either the company or their agents, their vendors doing the SEO work. Then it ends up maybe in page copy, title tags, and wherever else, and that is very dangerous. This idea of being a good actor and not an evil competitor is very important especially when it comes to trademarks.

Yeah, and now the same thing happens with online reviews. I’ve had a sequence of cases related to fake online reviews. Here’s what happens. You get into a dispute with someone, a business dispute over anything, and one thing they’re going to do is they’re going to go look at your website. They’re going to look for: (a) any signs of blackout SEO, and (b) they’re going to look at maybe your review profiles to see if you’ve been faking your reviews. 

I had a case where a professional had sued a television personality for defamation. He said, “You destroyed my reputation. You broadcast this false stuff. All the details of it don’t really matter, but what I had found when I looked at the reputation of the professional was that a vast number of the reviews were fake. 

They were obviously fake reviews, and we got hold of the information about where all these reviews are posted from. Here you have a professional whose area of operation is just one US city, so all these reviews should be coming out of that city. All these reviews are coming from Sri Lanka. 

Now, how could that be? Any of the IP addresses, they didn’t even bother to use a VPN? They just had fake reviews, bad spelling, silly names, IP addresses obviously indicating synthetic activity. He lost his defamation claim, which maybe he would have even had potentially a viable claim. It completely was undermined by the fact that his reputation, his good reputation, that he claimed to have was actually based on fraud. 

Yeah, so fabrication. 

Yeah. I can think of other cases where people have gone out and hired a subcontractor to do work for them and the subcontractor maybe goes to another subcontractor, and every time you go one step further, the ethical level is 1/10 of the prior level. Each guy becomes much less ethical. 

You go down two levels into that subcontracting chain and you got someone who’s just out there faking all kinds of stuff. They don’t care. They’re just trying to produce a result. Now you, as the legitimate company who are at the top of this chain, suddenly you get held responsible for this. You’re responsible for your subcontractors. And yeah, karma, it bites.

Yes, it does. Can we differentiate, for our listeners, defamation versus slander so they can understand.

Oh, yeah. I went to law school and studied this, and I still don’t remember the difference. To my mind, I don’t worry too much about it because defamation and slander, one is spoken and one is written. For my purposes, I consider them the same because I’m media-agnostic.

Right. If it’s a video, it can be both because then the transcript is the written form and then spoken in the video is the verbal form. 

Isn’t slander spoken? Is that right? Defamation is written?

Yes, I think you’re right about that. Yeah, slander, I think is spoken.

People can come and sue you for no good reason whatsoever. If you have insurance, it's a tremendous stress relief not to deal with legal fees. Share on X

Yeah. It doesn’t matter so much, but this is a good point. I have professional liability insurance for my agency and everyone should. I have two kinds of clients who are defendants. I have happy defendants who have insurance, and their insurance is paying their lawyer, and they’re just like okay, we’ll deal with this. It’s a problem. We’ll work through it. 

Then I have very unhappy clients who are having to pay for their own defense and who were exposed to paying out of pocket the damages because they don’t have insurance. It’s a great idea. If you work on other people’s websites, or if you write content for them, or you do any sort of advertising, you absolutely want to have one of these insurance policies which is not expensive. 

Interestingly enough, my insurance policy is priced based on the fact as if we’re a public relations agency. They consider the main threat that we might write something on someone’s website, which is found to be defamatory, and we could be held liable for that.

Do you have an example of an insurance company that offers this professional liability insurance?

I don’t know all of them. It varies from state to state, but really all you need to do is go to any good business insurance broker, agent, and say hey, I want to have business liability insurance, and you have this sort of physical liability if your air conditioner, drain hose gets clogged, and you spill all sorts of water on the office below you, or you have a car accident while you’re on business. That’s one type. That’s business liability insurance. 

Then there’s professional liability, which is you did something wrong in your profession. Sometimes it’s called errors and omissions, but anyone who’s working on websites, doing publicity, or marketing should really have some coverage for that because despite being ethical and trying to do a good job, no one’s perfect. You will inevitably, at some point, make a mistake or someone will think you’ve made a mistake and they’ll file a claim.

You will inevitably, at some point, make a mistake, or someone will think you’ve made a mistake, and they’ll file a claim.

What other kinds of clauses and protections should you have in order to protect your exposure? For example, I see plenty of contractor agreements, vendor agreements, et cetera that have an indemnification clause where they hold each other harmless. Parties hold each other harmless in various situations and I don’t know if that was helpful at all to U-Haul in passing some of the cost of the litigation and the settlement to the company that ended up doing the work that put all the trademark infringement into the content of the site.

I don’t know about that situation, but in general, I don’t know how much these indemnification agreements really help that much because you’d have to ask a lawyer. In reality, what you really want is you want your own insurance policies because people can come and sue you for no good reason whatsoever. You can get sued, you can get a frivolous claim made against you, but you still have to pay a lawyer to deal with it. If you have insurance, the insurance pays the lawyer, and that’s huge. It’s a tremendous relief of stress for people when they don’t have to deal with those legal fees. 

I’ve got another fun story to share about frivolous lawsuits. This one happened many, many years ago to me. I had an employee who was talking smack about me behind my back. I was young, immature, and a little bit prickly back in those days. When I found out that he was saying bad things about me behind my back, I got livid. This is like the 90s and I was in my 20s, I was not very mature at the time to let that just roll off my back so I fired him, which was totally legal. 

We were in Wisconsin and worked in real estate. I was within my rights and yet he filed a lawsuit against me. I look back at that with gratitude because it was a painful episode in my life at the time, but it was a huge learning lesson and a wonderful gift came out of it in the end, which was we went to court. 

Actually, we ended up settling before we went to the courtrooms, but depositions, all that stuff was very costly and time-intensive. My lawyer said, “You’re going to win this, you will, because he doesn’t have a case. It’s frivolous. It’s a work-at-will state. He doesn’t have anything to stand on, and you’re better off time, cost-wise, et cetera just settling it,” so I did. 

You have to just accept the process, understand how it works, be reasonable, and just try to get out as quickly as you can because that's usually what's going to be best for you. Share on X

He got a settlement from me and we went our separate ways. How this was a blessing was many years later, 15 years later, this guy who I hadn’t thought of in years, who I hadn’t seen, or hadn’t seen his name, he just disappeared from the face of the planet, and we lived in the same city in Madison, Wisconsin, not a huge town for a number of years. I just never heard of him, saw him, nothing. 

Well, 15 years later, I’m at an event. I had just had a big spiritual awakening in India a few months prior, I got touched on the head by a monk who zapped me with energy, and it was like an LSD trip, everything was in technicolor. I felt this deep connection to the Creator and it was just incredible and before that I was agnostic. 

Three months after that, I was in Colorado for an event that was an energy healing workshop type thing. It was run by Donny Epstein, who was a guest on my other podcast on Get Yourself Optimized. Great, great episode so I definitely recommend it if this is interesting to you. He’s an energy healer, very famous founder of Network Chiropractic, et cetera.

I’m blissed out after getting an entrainment, and I think of this guy. I send him blessings. I do what’s called an intent Deeksha, a oneness blessing kind of like what I received in India but without touching the person, because they’re not in my physical presence. I just did that with him and a bunch of other people who came into my mind. I don’t know why he came to my mind, but he did, and guess who calls me on my cell phone? Four days later to apologize after 15 years. 

Wow, that’s amazing. That’s just amazing. 

We’re all connected and it’s just amazing.

Do not hold grudges and learn to let go.

It’s a good idea not to hold grudges against people and just to kind of let go. I look at these cases, there’s tremendous stress involved in them. I try to be extremely accommodating of the people, the clients, because I know they’re going through often an extremely stressful phase in their life. At the same time, I also try to tell them, look, you need to look at this clinically. The person has a claim. Someone feels they’ve been wronged. You’ve got a claim, and you’re trying to get it resolved, or someone else has a claim and they want you to resolve it.

But really what this process is, is it’s all just a negotiation. Every lawsuit ends with a settlement, almost everyone. Even when they go to trial, usually what happens is people get at some point, even after the trial, they get tired of fighting, and they settle, because if they don’t settle, what happens is somebody just appeals. They appeal, and they appeal, and the appeal and they don’t pay, and they evade. Really, what you’re trying to do is to come to a settlement. You’re trying to come to a place where everybody can live with the result and move on. 

I think it’s also good for people to understand. I say to them, look, every 20 years or so you’re going to have to fight a legal battle. Something’s going to happen, you’re going to have business trouble, maybe you’re going to have criminal trouble, maybe you’re going to have a divorce, something’s going to happen, and you’re going to have a dispute. It’s sort of inevitable in a civilized place that we have disputes and this is how we resolve them. We don’t go out and duel anymore. You have to just accept the process, understand how it works, be reasonable, and just try to get out. Get out as quickly as you can because that’s usually what’s going to be best for you. 

I say to people, I’m sorry, you’re involved in a lawsuit. That’s the first conversation I have with them. I’m sorry, you’re involved in a lawsuit. It’s actually tougher on the plaintiffs because they’ve been wronged. They’re wanting to be made whole, and there’s very little chance they’ll be made whole because the legal system doesn’t make you completely whole. 

They are often protracted legal battle, in most cases, especially now during pandemic times where it takes forever to get into a courtroom.

Right. The thing is to try to maintain good relations with everyone—your employer, your employees, your competitors. It’s a good idea to try to be civil to all concerned, to be somewhat respectful. Not to do things to antagonize other people, especially in your marketing, not to be too edgy or sharp about your competition.

If you put up, for example, a product comparison page, you put some false information in there, you exaggerate, they could sue you. They could say, look, you’re making a false comparison and they can make a big fuss over it. 

I tell my clients, don’t talk about your competitors. Don’t even think about them. Don’t worry about them. You just worry about your clients. Do a good job for your customers. The competitors, they have to take care of themselves. They have many opportunities to fail. You just focus on taking care of your customers.

Good advice. Now, in cases where someone has been wronged—the expression is the horse has left the barn—you can’t undo what was released, especially if it’s really personal damaging information. Let’s say I was an ex-lover and it was a revenge porn reputation attack. 

I had one of those cases, and the plaintiff ended up completely losing her mental health as a result of this. The courts weren’t able to help her because she was unable to come in and testify. It was too traumatic and because she couldn’t testify, the courts couldn’t help her. 

Wow, that’s awful. 

It’s horrible. I’ve seen a number of just terrible, terrible things happen, and sometimes there isn’t a way to make things right. Sometimes justice is not there.

What can you do if you’re a victim and it’s going to be too expensive or too much heartache to take it to trial?

What I always tell people is to think of it this way. Tomorrow, you can get up, and you can still go eat ice cream, or whatever it is that you like. You can still go do the things you like. Don’t focus on what you’ve lost, focus on what you still have, and what you can still do. 

Let’s say your reputation has been attacked. You still have friends. You’re going to find out who your real friends are. Someone’s going around saying bad things about you or releasing your pictures or whatever, you’ll see who your friends are, and you can still have a lot of fun. That’s it. The best revenge is living well, go out, still have as much fun as you can, and don’t let what someone else has done define your life. 

And the worst revenge is to hold your unforgiveness inside, let it fester, and torment you for the rest of your life.

You can say, look, someone’s done a terrible injustice to me, it’s horrible. I can’t deal with it. I can’t live with it. How can it be? Well, in some sense, it may be better for you as a person to just let it go and just say, the world is imperfect. I tried to get justice, it wasn’t possible, so I’m just going to let go of this and move on with the rest of my life. I guess it can be hard to do. Maybe it’s easier for me to say that than it is to do it. It’s important not to let disputes and things eat you up.

It’s also important to see the silver lining, even if it doesn’t present itself immediately. Like for me, with that situation, with the frivolous lawsuit with the ex-employee, ended up being a huge gift for me and for him. We ended up having dinner, ended up seeing him after, this thing of him calling me out of the blue, which like I said, wasn’t out of the blue, we’re all connected. 

I started seeing him in public. I was with one of my daughters at a PetSmart, this was just a few months later, and I randomly not so randomly saw him in the PetSmart with his girlfriend at the time.

Isn’t it nicer to go through life and feel better about things? I mean, isn’t that better? Because you could still be bitter, like oh, this guy cheated me out of some money. Money comes and goes and everything comes and goes. Soon we’re all gone. We’re only here for a little while. 

Disputes are tough. It’s tough to work on disputes, but it’s a very gratifying form of consulting because most of the time the case is settled, which means that both parties came to an agreement about a conclusion that they can both live with. Sometimes they don’t, sometimes they need the court’s help with a trial. 

I’ve got a couple of really messy cases this fall that is probably going to go to trial. People are just really livid about things, but it’s a process. Eventually, they expend their energy, they expend their money, and they come to the point where they decide you know what, it’s time to move on. It always happens, except for one client who ended up going over the edge, and he got arrested and indicted for about 10 different crimes, first threatening the other party. That didn’t work out so well. 

Yeah, not good. Much better to forgive. 

Yeah, it’s better to forgive. What’s interesting with that client and that case, it was one of these silly defamation cases. An offer was put on the table right before the jury verdict, which was let’s just shake hands and walk away. You drop your claims, I’ll drop my claims, we’ll all walk away. That’s the end of it. 

The party I was working for refused and ended up having a judgment of almost a million dollars owed and ruined his life. Then he got in trouble for things like violating protective orders and other bad stuff. Now he’s got much more trouble than before and it wasn’t worth it. He should have taken the settlement.

Yeah. I had another legal example here; it happened to me. I owned a website called WritersNet that I had founded back then in the mid-90s. There was some negative stuff about a particular literary agent and it wasn’t unfounded either, but she filed a lawsuit against not just me and my website, but also the science fiction writers of America like Wikimedia Foundation. 

It was pretty wild, who she threw into the mix in, who she’s targeting with this lawsuit. The EFF, the Electronic Frontier Foundation, came in and got Wikimedia Foundation out of it, and got that thrown out. This isn’t so much of a cautionary tale as an example of good fortune or a silver lining in that, that website (WritersNet) ended up being carved out of the acquisitions. 

When Covario bought my company, my agency, all the websites that it owned, all the domain portfolio, and everything, it carved out WritersNet, said we don’t want that because there’s an open lawsuit on this. I’m like, okay, I’ll hold on to it, and shortly after the EFF thing, taking Wikimedia Foundation, the whole rest of the case fell apart, and I was left with this website that I ended up selling for six figures. That’s pretty cool. That was a nice win. Always try to see the hand of God in everything that happens, even if it seems tragic, or very challenging, or difficult.

Yeah, and there’s this old saying, if you don’t have enemies, you don’t have character. If you stand for something, you’re there, you’re visible, you’re likely to get into some disputes. That’s just how it is.

So true. All right, how does our listener or viewer learn more from you, work with you if they have a legal case or they need some guidance, some consulting on sales, marketing, technology, security, any of that?

Just Google me, you’ll find me there. hochmanconsultants.com. I’ve got great associates, too. I have a partner with an MBA. I don’t have the greatest mind in business, but he’s pretty good. We also have a project manager, Julie, who’s really awesome. Very, very good at user interface design and super detail-oriented. She oversees our web redevelopment projects. We don’t do huge amounts of web redevelopment, but we do it when we’re working with someone on marketing and if they need some help, we will do that. 

Awesome. Well, Jonathan, this was a real pleasure. I haven’t seen you for a while in person because of conferences being called off and all that from the pandemic. It was great to reconnect with you virtually here and for you to share all this great wisdom and important information for our listeners so that they can protect themselves and stay safe online. 

Stay safe online. 

All right. 

Thank you very much. 

Thank you and thank you, listeners. We’ll catch you in the next episode. This is your host, Stephan Spencer, signing off.

Important Links

Your Checklist of Actions to Take

Establish protocols and implement procedures that will keep my website secure. Protect my intellectual property in every way I can. 
Always remember the acronym CIA: Confidentiality, Integrity, and Availability. These are the three characteristics of a good security system in a computer network.
Always create a backup, preferably a cloud backup, for all my essential data. Invest in an overly secured cloud storage software and regularly create backups upon backups of my files.
Don’t forget to backup first before making any changes or updates to my website. Avoid losing crucial data when implementing significant changes. 
Monitor my site, online presence, and activity regularly. It’s crucial to implement reputation management. Watch out for other landing pages that could potentially steal my identity and use it to slander my name. 
Acquire insurance for my business to protect my assets. These will come in handy whenever something gets stolen, hacked, or if I get sued.
Respect copyright laws at all costs. Make sure I am not infringing on anyone’s intellectual property by doing due diligence before I publish anything or claim it as my own.
Maintain good relations with everyone. It’s a small world in business. Best to be in harmony with others and not burn bridges.
Focus more on solutions rather than problems. When I remain in this type of mindset, I can think more creatively and discern sound decisions for my business. 
Visit Jonathan Hochman’s website to learn more about his company’s services that involve online business security and marketing.

About Jonathan Hochman

A Yale University graduate with two degrees in computer science, Hochman has worked as a sales, marketing and technology consultant for 30 years. In 2010 he founded a successful Internet security business, CodeGuard, which was acquired by Francisco Partners in 2018. Recently, he founded UNS Project to develop novel technology for verifying user identity online.