 Something I've been thinking a lot about is where the liability lies legally in terms of choosing software and what if something goes wrong with that software. I'm not picking on Kaseya, but I did do a previous video and Kaseya does represent a scenario where it has occurred. It's not theoretical anymore. The company was breached and they're a popular tool used by many IT companies. I don't have the exact install base to know exactly how many they have out there, but let me give you a quick overview. Kaseya is a tool that allows IT companies to manage servers for their clients at scale. And that's what we're seeing a lot of is a lot of tools so we can get insight into all of our clients. So we license the tools, get the software, and then we can manage all the servers for our clients more reasonably. Keep them secure, keep them patched. But what if that software became compromised? When I say what if, well this isn't a what if scenario anymore, it happened. It happened at Kaseya. So I'm using them as an example. It may have happened in other companies that didn't disclose it. It may be happening right now to a company that's unaware of it. These are real problems because the IT companies now have become a big target. We manage a lot of businesses. So now we are a target because getting the keys to our kingdom gives you the keys to all the places we manage. IT companies or the software and tools that IT places use are becoming targets. And we've seen this happen with a few other pieces of software where they refer to it as a supply chain attack by inserting something into a popularly downloaded software or a cleanup tool and then that in turn installs a virus. Now this is where legal liability comes in because we as an IT company recommend software to our clients or we simply make the choices for what software stack we're going to use to administer our clients. And what if there's a problem with that software stack? Well, this is a collection of cases that maybe will be the precedence that is used for this. And it's just thought provoking because you're going to have to understand how the legal system works and the legal system works on a series of case precedences. So you look at cases that are similar and they use that as an idea for how things will go in the future. So it's easy for some people to be dismissive and go, well, it's their problem. I know I chose to choose software and I chose the client. Now my clients hacked. They're going to be angry at me, but I'm telling you it's not my fault. It's because Seya's fault because they got hacked. I don't know how that'll fly. One, besides your brand reputation and your relationship with the customer, they may not go, well, you chose the software. Were they cheap? Did you choose? Did you vet them properly? There's going to be a lot of questions asked. And the bigger questions, of course, becomes the legal things. If it damaged their company and you're unable to repair damages done, then where are all the liabilities? Do you pay for their data breach? What if they're a HIPAA compliant? And now they have to file and notify all their clients that there was a breach. Do you pay that legal fee or today? This is where things can get really convoluted and we haven't had a ton of cases yet, but I pretty much guarantee we will. And the reason I say that is because, like I said, because Seya, I'm not picking on them, but this is an example of it happened. It happened to a tool that she used. It could happen again. I hope it doesn't. But nonetheless, I have a friend who does a lot of legal reading. I did not say lawyer. They are not a lawyer. I mean, this is not an illegal advice. This is just a place for some insight to try to gauge risk and try to assess a little bit and maybe do some thought provoking because in case you ever end up in a situation or when you're vetting these companies, making sure that it's a, you know, well secure company that goes through and does things and really proper methodologies and have gone through proper security auditing is just something thought provoking. So there's a handful of links here into different cases. And this is going to be linked below in the description so you can read, you know, and go through and read all this. And it's some detail that we linked right to the case descriptions, not opinions of the cases, but some of the case descriptions. So you can kind of see how things played out because a couple of the questions are data theft may constitute legal injury. And that is the terms that are going to use to say, all right, that is the risk that you caused the customer so you're liable and then you would then have to upstream that to the other company and what if the company's breach was so bad they go out of business, where does that leave you? Do you need insurance for this? These are things I'm kind of thinking about myself as my company and it's also because this was a mining attack that makes it a little bit different again because as a mining tax created an imminent or speculative risk. There's been cases on that and then basically because this was a crypto miner installed, all that really did was steal some CPU cycles. But you may know if you work in IT that once someone has admin access, even though they may have only chose to do that thing, they had the case of the kingdom, what did they do otherwise and cover their tracks and you just didn't notice. It becomes a really hard case to prove, especially when you're talking about companies that are under legal compliance that no one's data was stolen. Oh yeah, there's a person who did this only installed a crypto miner or did they? Maybe that's what you see running now. That's the big question is did they do something else while they were there? They dumped a bunch of data, closed those tools off so you don't notice they did it. These are a lot of thoughts that are just going on here, some case precedents and some of my thoughts. Getting this article that was written by my friend together. We've had some discussion back and forth because I think this is going to be a really interesting facet of our business that we're going to have to deal with and business as in the IT service industry. This is only going to be ramping up. These attacks never get easier. They get more in depth and once they find one foothold in there, they expand the attack. So we're going to see more of this in the future. I can pretty much guarantee that this is at least one that's happened in the past. So it's not theoretical anymore. It is what happened that I know of. There's no legal cases that came directly from this. Here's the question, did those IT companies that had the breaches even notify their clients or did they quietly just remove it? Is your IT company telling you what they're doing in the back end? That can be a whole other thing because they want to save face so they don't tell you. So this gets really complicated really quick. But I just wanted to get out there and share these links so you guys can kind of see where I'm coming from on this. And I'm curious about feedback on this. Maybe I'm just a little bit too paranoid about things, but I want to make sure that at least someone's thinking about this. And maybe someone has some more insight than I do on it and had some more links that maybe they add to this and keep the discussion going and keep it in the front of your mind when you're choosing software and what the plan might be if things go wrong. Because that's part of it too is these things can't happen. We are using third-party tools. I can't control what everyone does and I can't write all the software from scratch myself. So what do you do in those cases? There's some tough questions. And disaster recovery planning is always the first one for me but there's still, you know, it's still a lot to think about. All right, hopefully this was helpful or at least thought-provoking nonetheless or maybe just scares you out of being an IT. I don't know, share your thoughts below. Oh, and I just want to read it again. This is not legal advice. This is just to be thought-provoking. I'm not a lawyer. This was not written by an attorney. We just linked to some case precedences and hopefully stir up some thoughts related to this. Thank you for watching. If you like this video, go ahead and give us a thumbs up. If you have some feedback, leave it in the comments below. If you'd like to subscribe to our channel, hit that subscribe button. Hit the bell icon to let YouTube know you'd like to know about new releases on videos. You can also find new releases on our website, lauranceystems.com, slash blog where every video automatically gets posted so you can always find our videos whether YouTube notified you or not. Also, if you'd like to hire us for consulting services, go ahead and hit lauranceystems.com. Fill out the contact form. Tell us about the project you would like us to help you with. We work with a lot of businesses. We work with a lot of other IT people who need services done. Also, if you want to help the channel out in other ways, we have a Patreon. We have right below me a Amazon store where you can check out some of the products we've reviewed and as many of them as available on Amazon. You can also check out the Things We Love. And that's an ever-evolving list of discount codes, offer codes and different software and affiliates. You can find that on our website as well in the link below, right to the Things We Love landing page, including the hot sauces we recommend, which is always changing. Alright, once again, thank you for watching and see you in the next video.