State Bar News, 1019 UTBJ, Vol. 32, No. 5. 45
| Position | Vol. 32 5 Pg. 45 |
September, 2019
Bar Thank You
Many attorneys volunteered their time to grade essay answers from the July 2019 Bar exam. The Bar greatly appreciates the contribution made by these individuals. A sincere thank you goes to the following:
Alison A. Adams-Perlac
Miriam Allred
Rachel Anderson
Mark Astling
P. Bruce Badger
Hon. Brent H. Bartholomew
Wayne Bennett
Russell M. Blood
Matt Brahana
Jeffrey Bramble
Kim Buhler-Thomas
Katherine Bushman
Elizabeth Butler
Jared Casper
Gary Chrystler
Michael Colby
Kim S. Colton
Katia Conrad
Victor Copeland
J. Andrew Cushing
Nicholas W. Cutler
Daniel Daines
Abigail M. Dizon-Maughan
J. Joseph Finley
Andrea Frost
Michael Garrett
Steve Geary
Kristin Gerdy Kyle
Alisha Giles
Sarah Goldberg
Tony Graf
Jared Hales
Mark Hales
Michele Halstenrud
Clark A. Harms
Gary Heward
Mark Hindley
Randy Hunter
William Jennings
Blake Johnson
Lloyd R. Jones
Matthew A. Jones
Paul Jones
Amy L. Jonkhart
Michael Karras
David L. Knowles
Alyssa L. Lambert
Derek Langton
Erika Larsen
Susan Lawrence
Skye Lazaro
Gregory E. Lindley
Colleen K. Magee
Ryan Marsh
Vincent Meister
Antonio Mejia
Alicia Memmott
Angela Micklos
Branden B. Miles
Nic Mills
Alexis V. Nelson
Kara H. North
Rachel Peirce
J. RobRoy Piatt
Denise Porter
Ian Quiel
Andrew L. Roth
John A. Sheaffer, Jr.
Mary Zenorini Silverzweig
Douglas E. Smith
Scarlet R. Smith
James Sorenson
Marissa Sowards
Michael Stahler
Charles A. Stormont
Michael Swensen
T.C. Taylor
Diana L. Telfer
David Thomas
Mark Thornton
Axel Trumbo
J. Kelly Walker
David Walsh
Steven T. Waterman
Samantha Wilcox
Public Wi-Fi - Should Lawyers Just Say No?
Mark Bassingthwaighte, Esq., ALPS
Public Wi-Fi networks are practically ubiquitous. They're in airports, hotels, office buildings, coffee shops, restaurants, malls, and many other locations. While accessing one can be convenient when all you want to do is buy a new digital book on your smartphone, check your e-mail on your laptop, or rebook a flight on your tablet, there are associated risks that should never be minimized, or heaven forbid, completely dismissed. Such risks run the gamut from simple eavesdropping to allowing someone to defeat whatever two-factor authentication you had in place with the site you just logged into.
Here are just a few examples of the most common threats everyone faces when accessing public Wi-Fi. (1) A hacker inserts himself or herself into the conversation occurring between two users (e.g. you and your bank) giving him the ability to do anything from simply listening in and capturing part of the exchange to taking complete control of the entire exchange. Not only is this the most common type of attack out there, this is also one way two-factor authentication can be defeated.
(2) You unwittingly log in to a rogue network that appears to look legitimate. It may even look identical to known and trusted networks, such as Starbucks. In reality, however, it's a bogus clone of a trusted site. Fall prey to this type of attack and all of the data in transit is being sent directly to the hacker.
(3) You unknowingly login to a rogue access point, which is something well-meaning employees of various businesses sometimes setup. In short, wireless routers have been added to a network in order to give more customers access to the Internet. Often these routers are not configured properly, which makes them easy to hack into, even though the network itself might be secure.
(4) You become infected with a worm. Unlike computer viruses, computer worms self-propagate and can be programmed to do all kinds of things to include stealing documents, capturing passwords, and spreading ransomware. If you happen to be on a public Wi-Fi network and fail to have robust security in place, a worm could readily jump from another infected user currently on the network to you.
(5) You have allowed your device to discover new and available Wi-Fi networks. As a result, you unintentionally end up connected to an ad hoc network. This means you have just directly connected your device to a hacker's computer giving the hacker free reign to do whatever he wants with your device.
I hope you're starting to get the picture. Pubic Wi-Fi networks are inherently insecure, and some are going to be downright dangerous. That's just the way it is. And unfortunately, it's even worse for those who fail to install robust internet security apps on the devices they use to access public Wi-Fi. Those folks are begging for trouble if you ask me.
Does this mean that lawyers and those who work for them should never access public Wi-Fi? In a perfect world, I might try to argue that one; but I can also acknowledge this wouldn't be realistic. There are going to be times when it's necessary. In fact, I will confess I use public Wi-Fi myself, but only for certain tasks. The better question is, if a lawyer has a need to use public Wi-Fi, how can the associated risks be responsibly addressed?
Let's start with the basics. All mobile devices, to include smartphones and tablets, should be protected with a robust Internet security software suite and kept current in terms of software updates. Next, approach all public Wi-Fi networks with a healthy level of distrust. For example, never connect to an unknown network, particularly if the connection is offered for free or states that no password is necessary. Also, be on the lookout for network names that are similar to the name of the local venue offering a Wi-Fi connection. This is because a network connection that happens to be named Free Starbucks Wi-Fi doesn't mean it's actually the legitimate Starbucks network. If you're not 100% certain, always ask what the proper name of the local network you are wanting to connect to is and connect to that. Most importantly, never connect to public Wi-Fi unless you have the capability to secure your own Wi-Fi session, which means you must use a VPN. VPN stands for virtual private network and allows you to encrypt all of the data you will be passing along through the public network. Finally, while using public Wi-Fi it’s best to avoid accessing online banking services and visiting any websites that store your credit card information or other personal information that might be of interest to a cybercriminal.
I can appreciate that the advice to avoid certain types of websites while using public Wi-Fi may not be received well by some. However, I stand by it because often there is a much safer option available. Simply use your mobile phone as a hotspot and connect to your carrier’s network. If coupled with the use of a VPN, your entire Internet session will be about as secure as you can make it. If you don’t know how to do this, ask your IT support for a quick lesson.
I wish that I could stop here but I can’t, because almost every law firm I know of is comprised of more than one person. Anyone at a firm can naively or unwittingly fall prey to a cybercriminal when logging onto a public Wi-Fi network and this could result in very serious and unintended consequences for the firm and firm clients. Best practices would mandate that everyone who uses a mobile device for work be subject to a written policy regarding the appropriate use of public Wi-Fi. If your firm has no such policy, now’s the time. Of course, any policy is going to be meaningless if there is no training on the risks and/or no enforcement of the provisions so keep that in mind.
Now to my initial question. Should lawyers just say no to the use of public Wi-Fi or try to prohibit anyone in their employ from using it? I don’t necessarily go that far as long as all users have been made aware of the risks and given the appropriate tools that will help them minimize the risks.
That said, let me share one final thought because I do get push back on this topic and can anticipate you will too. Some will say something along the lines of this. “The Starbucks signal is free, I’ve used it many times and never had a problem so why all the unnecessary fuss?” My response is always the same. How do you know you were never a victim? No one is going to send you a thank you note for allowing them to steal your credit card number or place a keylogger on your laptop. We all need to understand that hacking tools are widely available to the masses. This isn’t just about who made the Wi-Fi available, it’s also about what’s happening on the public network while you are using it. Always remember that you are never alone while using public Wi-Fi and you simply have no way of knowing what everyone else’s intentions are.
Pro Bono Honor Roll
The Utah State Bar and Utah Legal Services...
To continue reading
Request your trial