X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
It’s become very easy to toss out computer cables. Law departments have set up wireless “hot spots,” or zones, in company conference rooms, libraries, and break rooms. On the road, attorneys use WiFi, or “wireless fidelity,” connections in coffeehouses and bookstores, in airport lounges, hotel lobbies, and even in parks. At home, families often have more than one computer that taps into the same wireless network. Lawyers working at home even use their WiFi connections within shouting distance of neighbors who are also WiFi’d. And with second-generation 802.11g wireless equipment that connects at faster speeds, these untethered networks have soared in popularity. A good thing? Certainly, if your mantra is: “Practice anytime, anyplace.” But just think of the bits and bytes of confidential client information and private company data being beamed about in the ether. The possibility for malicious interception at worst, and relatively harmless mischief at best, are real threats. Sure, the unwired corporate counsel may connect through secure Internet-based remote access systems. But the remote access systems — whether VPNs (virtual private networks) or other approaches — may not be as secure as they seem. Imagine your outside counsel, to whom you have entrusted your corporate secrets, sitting at a Starbucks quaffing a skinny double-shot latte while wirelessly working on a secret corporate merger agreement. He’s got Word documents outlining strategy and spreadsheets with confidential financial data. Does he know that the guy sitting at a table near the window is tapping into documents on his hard drive, and he’s reading those files outlining your secret merger strategy? That Starbucks hacker could simply download free “packet sniffing” software, such as Netstumbler (netstumbler.com), that seeks out nearby WiFi signals. The odds are high that the outside counsel’s laptop has no software firewall protecting it and that his wireless network has few if any security functions active. Even with wireless security supposedly turned on — it’s usually based on some easy-to-crack encryption — a reasonably skillful hacker can tap into a wireless network. Many hackers just want to be able to piggyback on wireless networks to get Internet access for free. They’re called “wardrivers.” But others don’t have such benign intentions. These intruders can tap into an unsuspecting lawyer’s hard drive and get to examine files that contain confidential data. As frightening as that seems, though, it’s actually worse. If the lawyer has a secure connection to her office network, so does her new invisible enemy. He’s now on the law firm or corporate network, with the access rights that she has. In fact, he’s piggybacking on the lawyer’s logon, so any action he takes looks as though our unsuspecting lawyer’s done it. Confidential client information is compromised; company data is exposed. Neither the lawyer nor her general counsel would know it happened. The potential exposure to malpractice claims based on disclosure, as well as ethical violations, is very real. What can you do to protect yourself from wireless intrusion? BUILDING A FIREWALL No security approach is perfect, but these will make intrusions by wardrivers, benign or otherwise, less likely: Wireless laptops absolutely must have software firewalls (such as the Symantec Corp.’s Norton Internet Security or Zone Lab’s ZoneAlarm Pro) installed and properly configured. It sounds obvious, but make sure that you lock down your computer’s hard drive by requiring a password to access the PC. Combine letters, both uppercase and lowercase, and numbers in any password. Make sure that the security functions of the wireless access point (WAP), or router, through which you connect are turned on. Most routers ship with these security functions turned off by default. To do this, first change the SSID (service set identifier, or the wireless network’s name) from the factory default to something unique. You — or your IT staff for the office network — can change the settings via a Web browser page that is “broadcast” by the router to nearby computers. After you do this, set an administrator’s password, which bars intruders from changing your network’s settings. Encrypt the network. The more common kind of encryption — 128-bit WEP (wired equivalent privacy) — isn’t foolproof, but it’s better than nothing. Then set the network so it is allowed to access only certain computers. You’ll have to look up the computer’s unique MAC address (a 12-character identifier that comes with every PC with a network card). To do this, look in your network settings control panel to find the addresses. Furthermore, shut down the innocuous sounding “SSID broadcasting.” Normally, wireless networks broadcast a message to wireless computers within their range, “My name is XYZ wireless network. Connect here!” Turning this feature off makes it harder for intruders to find your wireless connection, but doesn’t affect authorized users who know what network name to look for when they try to connect to the network. Also, don’t hook up a wireless network signal booster, which increases a WiFi network’s range and signal strength. You only want permitted network users to be in close range. Boosters can allow access to folks from across the street, in that parked car. Or in the next apartment or office suite. Once you’ve set up your firewall, and made sure that your security is as tight as can be, it’s time to do some hacking. First, try using Netstumbler (or look around on your Mac’s network panel) to see if you can detect the wireless network. The ultimate safeguard is to employ a security expert to audit the wireless company, law department, and home connections — and require all outside counsel to take the same precautions. Here’s the bottom line: Wireless law practice is here to stay. It’s just too convenient. There are risks, but by being aware of them and practicing safe networking, you’ll keep your company secrets safely hidden. Just make sure you don’t spill that latte on the keyboard. Ross L. Kodner is the founder of Milwaukee’s MicroLaw Inc., a legal technology consultancy that works with corporate law departments and law firms. This article first appeared in the ALM monthly magazine Law Technology News .

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.