Connecting to public Wi-Fi networks is a risky practice that many carry out on a near-daily basis. The risk is even more elevated for lawyers, who probably have sensitive client information on their computers or mobile devices.
What Are the Risks?
The worst-case scenario when using public Wi-Fi is that anyone with the wherewithal can intercept the information you send while using that connection. This includes what websites you access, what you do on those websites, and any passwords you use to log in. If you aren’t using a security or anti-malware product, your risk is even greater.
Using an encrypted public Wi-Fi network is a step up, but not a huge one. Even if the Wi-Fi at Starbucks is password-protected, what’s the likelihood that the encryption is strong, or that the password is changed regularly? It’s probably not great.
Especially for lawyers, who carry a higher risk set than average users, it’s best to err on the side of caution when it comes to networks you haven’t verified and find an alternative way to connect.
What About My Home Network?
The biggest privacy risk you face while using your home network (assuming it’s adequately protected with a strong password that you change regularly) comes from none other than … your own internet service provider! ISPs make money by collecting user metadata, anonymizing it and selling it to interested parties. This isn’t necessarily a malicious practice, but unless you’re willing to place boundless trust in the Comcasts of the world, it’s unnerving at best.
What About Cellular Data?
On a typical 4G or LTE cellular connection, your data is encrypted, and your identity is authenticated and protected. There are security weaknesses inherent in these connections but exploiting them requires a lot of effort and skill, and such attacks would probably only be aimed at high-profile individuals. This might describe some lawyers, though, so it’s up to you to make this call.
I Paid $800 for a New iPad, and You’re Telling Me I Can’t Use It in Public?
No! You just need to be mindful about how you connect to the internet. If you have any doubt about the security of a network, your best bet is to use a virtual private network (VPN). A VPN uses an existing internet connection to route your traffic through an encrypted tunnel to a server managed by the provider. Your traffic exits to the web through the VPN’s server, so you appear to have an IP address at the server’s location. This protects against hackers, data mining (e.g., Comcast) and identity theft.
Sounds Complicated, and I Don’t Like Complicated
The background information is complicated, yes. But using a VPN doesn’t have to be complicated. TunnelBear is a great VPN provider for first-time or general users. There are a handful of reasons why it’s a strong platform, but its ease of use is at the forefront. It certainly doesn’t hurt that its branding centers around a fun ferocious bear that protects you from malicious attacks.
A free version of TunnelBear is available, but you only get 500MB of data in a month. This goes quickly, so you’ll want to go with a paid version if you find yourself using public Wi-Fi frequently. You can get unlimited subscriptions for $9.99 per month or $59.88 per year (billed at $4.99 per month) — not a steep price for great security.
Once you’ve installed the desktop or mobile app, using it is simple. When you open the app, you see a map of the world with yellow tunnels emerging in various countries. Your current location is marked by a sheep. When you switch the VPN on (by literally just flipping a switch), the sheep turns into a bear, and the bear starts digging a tunnel to Canada (by default, but you can connect to servers in other countries too). Once your connection is secure, the bear pops up in that country’s tunnel. The VPN is on, and all your information is now protected.
The Bear’s Not for You? Here’s What to Look For
If you’re not charmed by the bear imagery, here are some key considerations when shopping around for a VPN.
- Speed of connection. When some VPNs are activated, they slow down the speed at which you move around the internet.
- Geographic considerations. Where the company is based has important implications for privacy related to data retention laws. If law enforcement sends your VPN provider a subpoena, what will the results be based on the country’s laws?
- Data collection. What information is the VPN collecting as you use it? Some store your originating IP address, and some collect information about your online activity.
- How do they make money? This is related to data collection. Some VPN providers might make money with ad targeting or data mining.
For more guidance, this PC Mag article is in-depth and helpful.
Don’t Forget Your Staff
Following personal best practices is all for naught if your colleagues don’t follow suit. If staff members have access to any firm information on their personal devices, you need to make sure they’re using secure protocols. Train, train, train!
Watch Anne Haag’s video on using a VPN to safely browse the internet on the Chicago Bar Association video library here.
More Tech Tips From Attorney at Work
What can you do to make a hacker’s job harder? Read “Cybersecurity Tech TIps: Stay Vigilant Out There” for advice from Heidi Alexander, Sheila Blackford, Andrea Cannavina, Tom Lambotte, Sharon Nelson and John Simek, Lee Rosen and Emily Worley.
Subscribe to Attorney at Work
Get really good ideas every day for your law practice: Subscribe to the Daily Dispatch (it’s free). Follow us on Twitter @attnyatwork.