One of the most important things that we do as lawyers is to protect. We protect our clients from the harms of others, from the government, from competitors. We frequently protect our clients from themselves.
Unfortunately, based on recent surveys, we don’t usually consider our own actions to be much of a threat to our clients, or we’d be doing more to protect our clients from us. Well, we’re certainly not harboring ill intentions – that’s part of the problem.
We have an ethical duty to protect our clients, and more specifically, the confidential information that they entrust us with. What’s one thing you could do, today, to dramatically improve the protection you give to your client’s confidential information? Start using a VPN on your computer and mobile devices.
What is a VPN?
A VPN is a “Virtual Private Network.”
In its most basic form, a VPN creates a secure, encrypted connection between your computer or device and the server owned or operated (or in some cases merely rented) by your VPN. The effect of this connection is that it’s as if you were accessing the internet from the location of your VPN’s server. Between your actual computer and the VPN server, the traffic is encrypted, so nobody can see what information is being passed along the connection.
In Howard Hawk movie-parlance, it’s basically like switching cabs to avoid being followed.
VPNs are an important security tool for pretty much anyone who uses the internet today, but much more important for anyone who regularly traffic in protected or confidential information. (No, that wasn’t a subtle hint!)
Do You Need a VPN?
Even if your office has a secure connection to allow you remote access to your firm’s network, there are several reasons why you need a VPN. Whenever you’re accessing the internet from your computer or a mobile device, particularly when you’re accessing free or public WiFi, or massive networks like that of a hotel, you should use a VPN.
Here are 6 Reasons Lawyers Need to Use a VPN:
Even if your office has a secure connection between your network and your laptop, phone, and tablet, you still need to have a VPN. Why? Because your computer and devices do an awful lot of communicating with places that aren’t your office.
1) You have a duty to protect your clients’ confidential information.
But wait, if I’m only accessing my client’s confidential information through my law firm’s secure communication portal, then why should it matter?
Because of reasons 2-6:
2) Your office’s VPN doesn’t protect your regular internet use.
You might already have a secure network set up on your computer or your device to connect to your office. That’s fantastic. But don’t forget all the other places you routinely access company information – particularly in the form of emails – through the public internet.
When you access your email on your phone, your device is transmitting your username and password back to your server, probably without even requiring you to use your server’s VPN (assuming you even have one). When you’re not using a VPN, that information – even if it has an encrypted signal – is being transmitted out in the open. While the content of your email might not be immediately readable, everything else about it (the who, what, when, from where, etc.) could be.
But beyond the direct connection to your office, in today’s BYOD world, it’s a virtual guarantee that you’re using your phone for both work and personal purposes. Even when you’re not using your phone, our devices are set to download emails, receive push notifications, and otherwise communicate over the internet with other systems. It’s highly unlikely that your law firm’s network VPN is going to be actively protecting you all that time.
3) A VPN encrypts everything coming from, and going to, your computer
You might have heard about a concept called end-to-end encryption. It’s pretty critical for ensuring that your information is kept confidential. Trouble is, too many encrypted services don’t actually offer true end-to-end encryption.
And where most of them fall down is when your data is when your data is “in transit.”
See, it’s easy for them to secure your data once its arrived on their servers or into your cloud storage. However, during the entire time it takes to get there (and, contrary to our human perception, it’s not instantaneous), your data is open and readable.
By using a VPN, particularly when sending and receiving emails or saving data to a remote location (such as your server or the cloud), you’ve ensured that it’s encrypted while in transit.
4) A VPN protects you when you’re using someone else’s network.
Too freaking many.
That’s the answer to how many attorneys told the ABA that they regularly use free public or coffee shop-based WiFi on a regular basis. Using their work computers or devices. Why is that bad? Two major reasons:
The WiFi you’re using is unprotected.
A hacker could gain access to that WiFi router and be in a position to observe all of the data that goes through that point. Are you accessing your Gmail? Cool, the hacker is able to pull your username and password out of the transmitted data. Oh, and just for good measure, they’ve snuck a trojan horse onto your device, too.
You didn’t notice, though, because you’re used to the firewall – which doesn’t exist in the coffee shop – telling you when something bad is happening.
The WiFi you’re using isn’t what it seems.
Routers are increasingly a target of hackers for the exact reason you saw above. However, some hackers bypass that entirely and use a mobile hotspot in places people expect to find free WiFi. And in case you haven’t noticed, there’s no rules or anything about what their router has to be called!
Even if you’re not particularly privacy or security conscious about your personal browsing over free WiFi, you should still be using a basic VPN, at least.
Using a VPN will encrypt your data going through a public or unsecured WiFi network, so even if it’s been hacked, the hacker would need to be able to decrypt your VPN transmission in order to access your data.
By the way, it’s not just the data you’re transmitting over unsecured WiFi you should be worried about. Malware that gets onto your device or computer as a result of that WiFi will then be in a position to jump to other computers or devices that share a network.
Your office’s network is only as secure as the devices it’s connected to, which includes the iPad you just took with you to Starbucks.
5) VPNs allow you to be anonymous… when you need to be.
So you know how ad companies are looking to follow you everywhere, right? VPNs are a great way to limit your visibility to advertisers, and other people too!
Ever had a situation where you needed to make sure other people on the internet didn’t know it was you? Most of you are thinking about shady stuff right now, which is fine, but don’t let that feeling blind you to the fact that there are a LOT of reasons a person, particularly a lawyer, might need to be anonymous over the internet.
5a) A VPN can protect attorney-client privileged and confidential material from being spied on.
So most of you are thinking that this isn’t important – that your conversations are protected, and that even then, for the most part, they’re not going to be important enough for the government to try and spy on.
You’re wrong. And incredibly naive.
From even basic stories about law enforcement eavesdropping on privileged communication with very limited value, up through the NSA’s conduct, it’s clear that law enforcement has little to no respect for attorney-client privilege. Or, at least enough respect to acknowledge that they shouldn’t be eavesdropping.
Using a VPN can have the effect of rendering you anonymous just based on the content of your communications. It can also have a similar effect by making it look like your online activity is originating from next door, two states over, or even the other side of the globe.
As a side note: if you think your confidential communication won’t be accessed by local law enforcement, have you seen what a Stingray is capable of? And how many times they’ve been deployed without warrants? Of course not, because the police would rather dismiss criminal cases entirely than discuss anything about how they use these devices!
6) A quality VPN keeps you safe when you travel.
The right VPN is essential for accessing confidential information while you’re on the road, especially when you’re out of the country.
And I’m not just talking about accessing your office network – that should be set up through your enterprise VPN connection (again, if you have/can afford one). One thing that we don’t get used to here in the United States is geo-blocking. Mostly because the content being blocked is content that’s from here.
However, even being able to watch a particular sporting event frequently comes down to your location. That event, though, is much less important than finding yourself unable to access certain websites, from Netflix (which is hard now even with a VPN) to the New York Times, Google, Twitter, and any number of websites that have been blocked in different countries for various reasons.
In part 2, find out how to choose the right VPN for you, and my review of several top consumer and business-level VPN options.
About the Author
Brian Focht is a civil litigation attorney and technology enthusiast. In addition to being the author of The Cyber Advocate, he is also the producer and host of the Legal Technology Review podcast, and co-founder of B&R Concepts, a small business technology consulting company.