A Little StoryAn attorney, his spouse, and their child stayed a few nights at a hotel for spring break. The attorney ─ let’s call him Tommy ─ pulled out his work laptop on the second night and reminded his family that he had to attend an online orientation. Tommy was recently hired to teach an evening online class for the local community college’s paralegal program, and new instructors were required to attend the orientation. Tommy’s spouse ─ let’s call her Tuppence ─ did not remember him mentioning this meeting and cautioned him that the hotel’s Wi-Fi network wasn't secure. He responded that he was only going to log into Zoom. Tuppence and their child left the room so Tommy could attend the orientation in quiet. An hour and a half later, they returned and found Tommy done with the orientation but checking his work email and doing other work on the internet. Tuppence let out a big sigh of resignation at her husband’s failure to appreciate his own risks and said, “You know you’re taking your clients through an insecure tunnel, right?”
Tommy’s use of his laptop on the hotel’s public Wi-Fi may seem harmless and very relatable to many of us. At one time or another, we all have been at hotels, airports, coffee shops, and restaurants and used their public Wi-Fi to check our email and use the internet on our laptops, tablets, or smartphones. But the risk of exposing our client and personal data is not a trivial or benign matter. In light of lawyers’ ethical obligation to protect client confidentiality, Tommy’s action is a serious issue.
More Than a Little Story
Like many lawyers, Tommy tends to underestimate or simply doesn’t grasp the severity of the cybersecurity threats he faces when he's online. Unlike Tuppence, Tommy doesn’t understand that the open nature of a public Wi-Fi network allows other people who are also using that network to see what he’s doing online and to capture and potentially exploit his passwords, banking information, credit card number, and other information about him or his clients. Tommy is not unusual. He reflects the legal profession as a whole, which trails other industries in adoption and implementation of data security measures.
Creating a Secure Tunnel for TommyTommy doesn’t have to be a cybersecurity expert to protect himself, his clients, and his business against online threats. The PLF regularly reminds lawyers to create strong and unique passwords, enable two-factor authentication where it’s available, encrypt data including the computer’s hard disk, and employ other tools and technologies to protect against data breach, cybercrime, or other security incidents that could expose or compromise sensitive and confidential information.
One tool we haven’t stressed enough is a virtual private network (VPN). Tommy can use a VPN to ensure that his online activities ─ including checking emails, accessing his practice management program, or managing his bank account ─ are protected when he uses a public or unsecure Wi-Fi network. A VPN encrypts Tommy’s data transferred over that public or unsecured network so no one can view or intercept it.
A VPN is essential for any lawyer or law firm who conducts business online, and Tommy is no exception. It creates a virtual secure tunnel between his computer and a remote VPN server. This server connects Tommy’s laptop to the internet, and his internet traffic is then routed through that encrypted tunnel. No one can see through the tunnel to view or steal his sensitive data.
A VPN also helps Tommy remain anonymous and preserve his privacy when he’s online. It blocks internet surveillance and online tracking by his web browser, the websites he visits, his internet service provider (ISP), and other big tech companies. It does this by hiding his browsing history, IP address and location, web activity, and other information about his devices from those entities. In his offline life, Tommy doesn’t let a corporation put a tracking device on his body to trace his every movement. But using the internet without a VPN is the digital equivalent of a physical tracking device. A VPN is a privacy and security tool that allows Tommy to safeguard his personal information, limit corporate access to and monetization of that data, and thwart cybercriminals. VPNs are not foolproof and don’t offer absolute protection 100% of the time, but they’re better than having no defense at all.
Tommy Can Go Incognito
After doing his own research on VPNs at the urging of Tuppence, Tommy finally understood her concerns about taking his clients through an unsecure tunnel.
Light at the End of the Tunnel
Tommy doesn’t have to wait until he’s at a hotel or someplace with public Wi-Fi to use his VPN. He can use it at home even on his secure home Wi-Fi connection to ensure his online privacy and anonymity.
Setting up a VPN is fairly easy and involves a few simple steps:
Choose which program to purchase. Some providers include: CyberGhost, ExpressVPN, IPVanish, NordVPN, ProtonVPN, Surfshark, and TunnelBear.
Download and install the software on your devices. You may be able to use the software on multiple devices, depending on which program you choose.
Run the software and sign in.
Connect to a remote VPN server. Many VPN providers offer a “Connect” button you can click to automatically connect you to a VPN server selected by your VPN provider. Alternatively, you can select your own VPN server from anywhere in the world by clicking on the name of a country or its location on a map. (See image below.)
Once you’re connected to a remote VPN server, you can send emails, browse the internet, and conduct other online activity as usual.
- Review of VPNs for lawyers – Lawyerist.com: https://lawyerist.com/blog/best-vpns-lawyers/
- Protecting Attorney-Client Privilege with a VPN – Forbes.com: https://www.forbes.com/sites/forbestechcouncil/2019/09/04/protecting-attorney-client-privilege-with-a-vpn/?sh=428629275f1e
- VPN: A Simple Step Toward Cybersecurity – Attorney at Work: https://www.attorneyatwork.com/vpn-simple-step-toward-cyber-security/