Bar Thank You
Many attorneys volunteered their time to grade essay answers from the July 2019 Bar exam. The Bar greatly appreciates the contribution made by these individuals. A sincere thank you goes to the following:
Alison A. Adams-Perlac
P. Bruce Badger
Hon. Brent H. Bartholomew
Russell M. Blood
Kim S. Colton
J. Andrew Cushing
Nicholas W. Cutler
Abigail M. Dizon-Maughan
J. Joseph Finley
Kristin Gerdy Kyle
Clark A. Harms
Lloyd R. Jones
Matthew A. Jones
Amy L. Jonkhart
David L. Knowles
Alyssa L. Lambert
Gregory E. Lindley
Colleen K. Magee
Branden B. Miles
Alexis V. Nelson
Kara H. North
J. RobRoy Piatt
Andrew L. Roth
John A. Sheaffer, Jr.
Mary Zenorini Silverzweig
Douglas E. Smith
Scarlet R. Smith
Charles A. Stormont
Diana L. Telfer
J. Kelly Walker
Steven T. Waterman
Public Wi-Fi - Should Lawyers Just Say No?
Mark Bassingthwaighte, Esq., ALPS
Public Wi-Fi networks are practically ubiquitous. They're in airports, hotels, office buildings, coffee shops, restaurants, malls, and many other locations. While accessing one can be convenient when all you want to do is buy a new digital book on your smartphone, check your e-mail on your laptop, or rebook a flight on your tablet, there are associated risks that should never be minimized, or heaven forbid, completely dismissed. Such risks run the gamut from simple eavesdropping to allowing someone to defeat whatever two-factor authentication you had in place with the site you just logged into.
Here are just a few examples of the most common threats everyone faces when accessing public Wi-Fi. (1) A hacker inserts himself or herself into the conversation occurring between two users (e.g. you and your bank) giving him the ability to do anything from simply listening in and capturing part of the exchange to taking complete control of the entire exchange. Not only is this the most common type of attack out there, this is also one way two-factor authentication can be defeated.
(2) You unwittingly log in to a rogue network that appears to look legitimate. It may even look identical to known and trusted networks, such as Starbucks. In reality, however, it's a bogus clone of a trusted site. Fall prey to this type of attack and all of the data in transit is being sent directly to the hacker.
(3) You unknowingly login to a rogue access point, which is something well-meaning employees of various businesses sometimes setup. In short, wireless routers have been added to a network in order to give more customers access to the Internet. Often these routers are not configured properly, which makes them easy to hack into, even though the network itself might be secure.
(4) You become infected with a worm. Unlike computer viruses, computer worms self-propagate and can be programmed to do all kinds of things to include stealing documents, capturing passwords, and spreading ransomware. If you happen to be on a public Wi-Fi network and fail to have robust security in place, a worm could readily jump from another infected user currently on the network to you.
(5) You have allowed your device to discover new and available Wi-Fi networks. As a result, you unintentionally end up connected to an ad hoc network. This means you have just directly connected your device to a hacker's computer giving the hacker free reign to do whatever he wants with your device.
I hope you're starting to get the picture. Pubic Wi-Fi networks are inherently insecure, and some are going to be downright dangerous. That's just the way it is. And unfortunately, it's even worse for those who fail to install robust internet security apps on the devices they use to access public Wi-Fi. Those folks are begging for trouble if you ask me.
Does this mean that lawyers and those who work for them should never access public Wi-Fi? In a perfect world, I might try to argue that one; but I can also acknowledge this wouldn't be realistic. There are going to be times when it's necessary. In fact, I will confess I use public Wi-Fi myself, but only for certain tasks. The better question is, if a lawyer has a need to use public Wi-Fi, how can the associated risks be responsibly addressed?
Let's start with the basics. All mobile devices, to include smartphones and tablets, should be protected with a robust Internet security software suite and kept current in terms of software updates. Next, approach all public Wi-Fi networks with a healthy level of distrust. For example, never connect to an unknown network, particularly if the connection is offered for free or states that no password is necessary. Also, be on the lookout for network names that are similar to the name of the local venue offering a Wi-Fi connection. This is because a network connection that happens to be named Free Starbucks Wi-Fi doesn't mean it's actually the legitimate Starbucks network. If you're not 100% certain, always ask what the proper name of the local network you are wanting to connect to is and connect to that. Most importantly, never connect to public Wi-Fi unless you have the capability to secure your own Wi-Fi session, which means you must use a VPN. VPN stands for virtual private network and allows you to encrypt all of the data you will be passing along through the public network. Finally, while using public Wi-Fi it’s best to avoid accessing online banking services and visiting any websites that store your credit card information or other personal information that might be of interest to a cybercriminal.
I can appreciate that the advice to avoid certain types of websites while using public Wi-Fi may not be received well by some. However, I stand by it because often there is a much safer option available. Simply use your mobile phone as a hotspot and connect to your carrier’s network. If coupled with the use of a VPN, your entire Internet session will be about as secure as you can make it. If you don’t know how to do this, ask your IT support for a quick lesson.
I wish that I could stop here but I can’t, because almost every law firm I know of is comprised of more than one person. Anyone at a firm can naively or unwittingly fall prey to a cybercriminal when logging onto a public Wi-Fi network and this could result in very serious and unintended consequences for the firm and firm clients. Best practices would mandate that everyone who uses a mobile device for work be subject to a written policy regarding the appropriate use of public Wi-Fi. If your firm has no such policy, now’s the time. Of course, any policy is going to be meaningless if there is no training on the risks and/or no enforcement of the provisions so keep that in mind.
Now to my initial question. Should lawyers just say no to the use of public Wi-Fi or try to prohibit anyone in their employ from using it? I don’t necessarily go that far as long as all users have been made aware of the risks and given the appropriate tools that will help them minimize the risks.
That said, let me share one final thought because I do get push back on this...