Imagine you’re planning a trip around the world in a sailboat. You don’t know exactly where you’re going, but you have a general sense that you’ll be at sea in a small craft that will need to be provisioned for basic needs. It will also need provisions for emergencies.
Being highly mobile, which is what we’re talking about, requires simplicity. You can’t haul around a bunch of stuff and be highly mobile. Those are inherently conflicting goals.
When Hurricane Katrina hit I was thrown out of my home city, and forced to lead a highly mobile life for about 6 weeks. Fortunately, the tools I needed to practice law were not bulky: cellphone, laptop computer, some power cords and clothes etc.
I needed the Internet too, but I didn’t have to carry that with me. It was just there, and all I had to do was connect to it via my computer or my laptop. If I found a coffee shop with free WiFi I was good to go.
That was then.
Today, I wouldn’t use free WiFi at a coffee shop to do anything related to client matters. Maybe I shouldn’t have back then, but in 2005 we didn’t have as many hacking incidents as we do now. When you see hackers attacking major companies like Sony and Sega, and even major governmental agencies like the Department of Defense, then you become aware that it’s a little dangerous to be cavalier about how you use the Internet.
What’s a mobile simplicity-seeking lawyer to do?
First, we have to realize that increasing security is going to move us away from simplicity. No getting around that. The question is how much complexity do we need to attain a reasonable level of security? Probably, that depends somewhat on what your business is like. Some circumstances require greater security, or different types of security.
It’s very hard to prescribe a “one size fits all” approach when it comes to security. Hackers are always looking for ways to attack large scale systems with predictable patterns. For them, this is the low hanging fruit. So, the more you use a system that’s widely used by others the greater the likelihood you’ll encounter a hacker problem.
But there are some “no brainer” things that you can do that won’t make your life more complicated, and which will immediately take you away from a large scale predictable pattern that puts you at risk of getting hacked.
First, don’t use free WiFi in coffee shops or airports if you can avoid it. And if you do use it in those places, only use it to visit sites that don’t require a password.
Better yet: realize that, if you depend on having the internet always at your disposal, then maybe you need to spring for a broadband card (e.g. a MiFi from Sprint, AT&T or Verizon). Sure, it’s going to run you $60/month but how much financial damage and chaos can a hacker inflict on you? Using one of these cards and avoiding free WiFi will immediately put you in a place that is much harder to hack.
Finally, but most importantly, you need to have a system for creating strong passwords. And you need to have a different password for every important online site that you use. So for your main bank, you’d want a password that looks like this: gJ84v3O93gVR1. You simply can’t use passwords like this anymore: crazyjoe123.
If the bank you use gets hacked and your password gets stolen (even if it looks like gJ84v3O93gVR1) then the hackers will have access to every other important site you use. That’s why you need different passwords for every important site.
I know what you’re thinking: my life is about to get really complicated creating these strong passwords and then trying to remember them or keep track of them. And the answer is “no;” your life can actually get easier. But you need to use a password manager.
Which password manager? This one, maybe that one. I don’t know which one you want to use, but you need to pick one and then commit to learning it and using it. I use 1Password, which works with Macs and PCs. It creates the strong passwords and then remembers them, and will quickly autofill your login information. So, actually, you don’t have to remember all the strong passwords you’ll be creating. You only have to remember the password you need to use to unlock the 1Password program. And, obviously, you should pick a strong password for that.
The 1Password file lives on your computer and is encrypted so that, even if someone got access to the file itself, it’d be very hard to hack into it. I’m not saying “impossible,” just hard. But remember: the point is to make it as hard as you can for the hacker without making it harder on yourself. And what I’ve described so far is easier, not harder.
These password managers can make your life easier in other ways, such as remembering your credit card numbers and personal information. So, when you buy something online you just click a button and your name, address etc. is all filled in quickly. Same with your credit card information. Easier than what you’re doing now, I’m pretty sure.
The only downside to achieving this simpler and more secure way of accessing your internet sites is that you have to download the program, install it and then use it.
And after you install it go listen to this podcast by two very tech-savvy lawyers. Their show is geared towards Mac users, and may have been recorded before 1Password had a Windows version. But everything they say now applies to the Windows version, and they will literally walk you through all the aspects that you need to be aware of. So, that’s pretty much all you have to do to become much more secure.
Sure, giving up use of the Internet altogether might be simpler, and would provide greater security. But you’re not going to do that are you.
Discover how to transform your law practice with the 5 Tech Pillars.
Thanks for the article, Ernie and commenters (esp. Bryan Griffith). Good to see what I’m doing right and fix what I’m doing wrong.
Read Erik Mazzone’s review of LastPass in our SmallLaw publication.https://blog.technolawyer.com/2011/01/smalllaw-lastpass-review.html
Ernie, I agree that for the average low-tech attorney, it is probably better they don’t use public wifi. However, for these people leaving their computer screen visible to the public in a coffee shop, or allowing their computer to be stolen would be the biggest risk.
Cellular data is not necessarily more secure than public wifi. Computer networks work the same in your home, coffee shop, and at Sprint. Once you make a connection your data packets become visible to others on the same network. So, hackers can also buy cellular data plans and then connect to the same tower and then watch your data traffic. Even on a cellular data connection, you should still avoid sending sensitive information across insecure platforms.
Using a cellular data connection helps you rise above the low hanging fruit, but if you are an attorney working on sensitive matters, then you need to do more than avoid being low hanging fruit, you need to be able to defend directed attacks. In that case, it doesn’t matter whether you are on SSL or cellular, you probably need a really good VPN and education on how to validate your SSL connections.
You can check SSL with this website: https://www.ssllabs.com/ssldb/analyze.html?d=buckeyeinteractive.com
And of course insecure e-mail is the biggest risk for everyone, because nobody is encrypting their e-mail. Good e-mail services encrypt the message between your computer and the server, but then it is unencrypted for delivery to the recipient. I am frustrated that good public key encrypted e-mail has not caught on.
A service like 12vpn.com is only good if you trust the people running 12vpn.com. If you want security try Tor, which is free.https://www.torproject.org/about/overview.html.en
So what’s the deal with using a VPN 12VPN.com or PrivateWiFi.com? They claim encryption on the public network, anonymity, etc. I’m using 12VPN and it’s working great. But, what does working really mean? Do you know? Am I really secure? For $80 bucks a year I can use public wifi and save buying a data card.
Thoughts?