State Bar News, 1019 UTBJ, Vol. 32, No. 5. 45

Position:Vol. 32 5 Pg. 45
 
FREE EXCERPT

State Bar News

Vol. 32 No. 5 Pg. 45

Utah Bar Journal

October, 2019

September, 2019

Bar Thank You

Many attorneys volunteered their time to grade essay answers from the July 2019 Bar exam. The Bar greatly appreciates the contribution made by these individuals. A sincere thank you goes to the following:

Alison A. Adams-Perlac

Miriam Allred

Rachel Anderson

Mark Astling

P. Bruce Badger

Hon. Brent H. Bartholomew

Wayne Bennett

Russell M. Blood

Matt Brahana

Jeffrey Bramble

Kim Buhler-Thomas

Katherine Bushman

Elizabeth Butler

Jared Casper

Gary Chrystler

Michael Colby

Kim S. Colton

Katia Conrad

Victor Copeland

J. Andrew Cushing

Nicholas W. Cutler

Daniel Daines

Abigail M. Dizon-Maughan

J. Joseph Finley

Andrea Frost

Michael Garrett

Steve Geary

Kristin Gerdy Kyle

Alisha Giles

Sarah Goldberg

Tony Graf

Jared Hales

Mark Hales

Michele Halstenrud

Clark A. Harms

Gary Heward

Mark Hindley

Randy Hunter

William Jennings

Blake Johnson

Lloyd R. Jones

Matthew A. Jones

Paul Jones

Amy L. Jonkhart

Michael Karras

David L. Knowles

Alyssa L. Lambert

Derek Langton

Erika Larsen

Susan Lawrence

Skye Lazaro

Gregory E. Lindley

Colleen K. Magee

Ryan Marsh

Vincent Meister

Antonio Mejia

Alicia Memmott

Angela Micklos

Branden B. Miles

Nic Mills

Alexis V. Nelson

Kara H. North

Rachel Peirce

J. RobRoy Piatt

Denise Porter

Ian Quiel

Andrew L. Roth

John A. Sheaffer, Jr.

Mary Zenorini Silverzweig

Douglas E. Smith

Scarlet R. Smith

James Sorenson

Marissa Sowards

Michael Stahler

Charles A. Stormont

Michael Swensen

T.C. Taylor

Diana L. Telfer

David Thomas

Mark Thornton

Axel Trumbo

J. Kelly Walker

David Walsh

Steven T. Waterman

Samantha Wilcox

Public Wi-Fi - Should Lawyers Just Say No?

Mark Bassingthwaighte, Esq., ALPS

Public Wi-Fi networks are practically ubiquitous. They're in airports, hotels, office buildings, coffee shops, restaurants, malls, and many other locations. While accessing one can be convenient when all you want to do is buy a new digital book on your smartphone, check your e-mail on your laptop, or rebook a flight on your tablet, there are associated risks that should never be minimized, or heaven forbid, completely dismissed. Such risks run the gamut from simple eavesdropping to allowing someone to defeat whatever two-factor authentication you had in place with the site you just logged into.

Here are just a few examples of the most common threats everyone faces when accessing public Wi-Fi. (1) A hacker inserts himself or herself into the conversation occurring between two users (e.g. you and your bank) giving him the ability to do anything from simply listening in and capturing part of the exchange to taking complete control of the entire exchange. Not only is this the most common type of attack out there, this is also one way two-factor authentication can be defeated.

(2) You unwittingly log in to a rogue network that appears to look legitimate. It may even look identical to known and trusted networks, such as Starbucks. In reality, however, it's a bogus clone of a trusted site. Fall prey to this type of attack and all of the data in transit is being sent directly to the hacker.

(3) You unknowingly login to a rogue access point, which is something well-meaning employees of various businesses sometimes setup. In short, wireless routers have been added to a network in order to give more customers access to the Internet. Often these routers are not configured properly, which makes them easy to hack into, even though the network itself might be secure.

(4) You become infected with a worm. Unlike computer viruses, computer worms self-propagate and can be programmed to do all kinds of things to include stealing documents, capturing passwords, and spreading ransomware. If you happen to be on a public Wi-Fi network and fail to have robust security in place, a worm could readily jump from another infected user currently on the network to you.

(5) You have allowed your device to discover new and available Wi-Fi networks. As a result, you unintentionally end up connected to an ad hoc network. This means you have just directly connected your device to a hacker's computer giving the hacker free reign to do whatever he wants with your device.

I hope you're starting to get the picture. Pubic Wi-Fi networks are inherently insecure, and some are going to be downright dangerous. That's just the way it is. And unfortunately, it's even worse for those who fail to install robust internet security apps on the devices they use to access public Wi-Fi. Those folks are begging for trouble if you ask me.

Does this mean that lawyers and those who work for them should never access public Wi-Fi? In a perfect world, I might try to argue that one; but I can also acknowledge this wouldn't be realistic. There are going to be times when it's necessary. In fact, I will confess I use public Wi-Fi myself, but only for certain tasks. The better question is, if a lawyer has a need to use public Wi-Fi, how can the associated risks be responsibly addressed?

Let's start with the basics. All mobile devices, to include smartphones and tablets, should be protected with a robust Internet security software suite and kept current in terms of software updates. Next, approach all public Wi-Fi networks with a healthy level of distrust. For example, never connect to an unknown network, particularly if the connection is offered for free or states that no password is necessary. Also, be on the lookout for network names that are similar to the name of the local venue offering a Wi-Fi connection. This is because a network connection that happens to be named Free Starbucks Wi-Fi doesn't mean it's actually the legitimate Starbucks network. If you're not 100% certain, always ask what the proper name of the local network you are wanting to connect to is and connect to that. Most importantly, never connect to public Wi-Fi unless you have the capability to secure your own Wi-Fi session, which means you must use a VPN. VPN stands for virtual private network and allows you to encrypt all of the data you will be passing along through the public network. Finally, while using public Wi-Fi it’s best to avoid accessing online banking services and visiting any websites that store your credit card information or other personal information that might be of interest to a cybercriminal.

I can appreciate that the advice to avoid certain types of websites while using public Wi-Fi may not be received well by some. However, I stand by it because often there is a much safer option available. Simply use your mobile phone as a hotspot and connect to your carrier’s network. If coupled with the use of a VPN, your entire Internet session will be about as secure as you can make it. If you don’t know how to do this, ask your IT support for a quick lesson.

I wish that I could stop here but I can’t, because almost every law firm I know of is comprised of more than one person. Anyone at a firm can naively or unwittingly fall prey to a cybercriminal when logging onto a public Wi-Fi network and this could result in very serious and unintended consequences for the firm and firm clients. Best practices would mandate that everyone who uses a mobile device for work be subject to a written policy regarding the appropriate use of public Wi-Fi. If your firm has no such policy, now’s the time. Of course, any policy is going to be meaningless if there is no training on the risks and/or no enforcement of the provisions so keep that in mind.

Now to my initial question. Should lawyers just say no to the use of public Wi-Fi or try to prohibit anyone in their employ from using it? I don’t necessarily go that far as long as all users have been made aware of the risks and given the appropriate tools that will help them minimize the risks.

That said, let me share one final thought because I do get push back on this...

To continue reading

FREE SIGN UP