Fall 2020 Gavel-FINAL | Page 16

Public Wi-Fi – Should Lawyers Just Say No ?

By Mark Bassingthwaighte
Public Wi-Fi networks are practically ubiquitous . They ’ re in airports , hotels , office buildings , coffee shops , restaurants , malls , and many other locations . While accessing one can be convenient when all you want to do is buy a new digital book on your smartphone , check your e-mail on your laptop , or rebook a flight on your tablet , there are associated risks that should never be minimized , or heaven forbid , completely dismissed . Such risks run the gamut from simple eavesdropping to allowing someone to defeat whatever two-factor authentication you had in place with the site you just logged into .
Here are just a few examples of the most common threats everyone faces when accessing public Wi-Fi .
1 ) A hacker inserts himself into the conversation occurring between two users ( e . g . you and your bank ) giving him the ability to do anything from simply listening in and capturing part of the exchange to taking complete control of the entire exchange . Not only is this the most common type of attack out there , this is also one way two-factor authentication can be defeated .
2 ) You unwittingly login to a rogue network that appears to look legitimate . It may even look identical to known and trusted networks , such as Starbucks . In reality , however , it ’ s a bogus clone of a trusted site . Fall prey to this type of attack and all of the data in transit is being sent directly to the hacker .
3 ) You unknowingly login to a rogue access point , which is something well-meaning employees of various businesses sometimes setup . In short , wireless routers have been added to a network in order to give more customers access to the Internet . Often these routers are not configured properly , which makes them easy to hack into , even though the network itself might be secure .
4 ) You become infected with a worm . Unlike computer viruses , computer worms self-propagate and can be programmed to do all kinds of things to include stealing documents , capturing passwords , and spreading ransomware . If you happen to be on a public Wi-Fi network and fail to have robust security in place , a worm could readily jump from another infected user currently on the network to you .
5 ) You have allowed your device to discover new and available Wi- Fi networks . As a result , you unintentionally end up connected to an ad hoc network . This means you have just directly connected your device to a hacker ’ s computer , giving the hacker free reign to do whatever he wants with your device .
I hope you ’ re starting to get the picture . Public Wi-Fi networks are inherently insecure and some are going to be downright dangerous . That ’ s just the way it is . And unfortunately , it ’ s even worse for those who fail to install robust internet security apps on the devices they use to access public Wi-Fi . Those folks are begging for trouble if you ask me .
Does this mean that lawyers and those who work for them should never access public Wi-Fi ? In a perfect world , I might try to argue that one ; but I can also acknowledge this wouldn ’ t be realistic . There are going to be times when it ’ s necessary . In fact , I will confess I use public Wi-Fi myself , but only for certain tasks . The better question is , if a lawyer has a need to use public Wi-Fi , how can the associated risks be responsibly addressed ?
Let ’ s start with the basics . All mobile devices , to include smartphones and tablets , should be protected with a robust Internet security software suite and kept current in terms of software updates . Next , approach all public Wi-Fi networks with a healthy level of distrust . For example , never connect to an unknown network , particularly if the connection is offered for free or states that no password is necessary . Also , be on the lookout for network names that are similar to the name of the local venue offering a Wi-Fi connection . This is because a network connection that happens to be named Free Starbucks Wi-Fi doesn ’ t mean it ’ s actually the legitimate Starbucks network . If you ’ re not 100 percent certain , always ask what the proper name of the local network you are wanting to connect to is and connect to that . Most importantly , never connect to public Wi-Fi unless you have the capability to secure your own Wi-Fi session , which means you must use a VPN . VPN stands for virtual private network and allows you to encrypt all the data you will be passing along through the public network . Finally , while using public Wi-Fi it ’ s best to avoid accessing online banking services and visiting any websites that store your credit card information or other personal information that might be of interest to a cybercriminal .
ALPS Risk Manager Mark Bassingthwaighte , Esq ., has conducted more than 1,000 law firm risk management assessment visits , presented numerous continuing legal education seminars throughout the United States , and written extensively on risk management and technology . Check out his recent seminars to assist you with your solo practice by visiting our on-demand CLE library at alps . inreachce . com . Bassingthwaighte can be contacted at mbass @ alpsnet . com .
16 THE GAVEL