June 06, 2011

User Beware: The Risks of Unsecured Wi-Fi

Tonya Johnson

A number of media outlets including ComputerWorld recently reported on a Firefox web browser add-in, Firesheep, that identifies users in the immediate area who are accessing the Internet using an unsecure Wi-Fi network. Once these users are identified, the person using Firesheep can hijack the social media accounts of those on the unsecure network. Firesheep developer Eric Butler says he created the add-in to draw attention to the problem of unencrypted sites and public networks

While new threats like Firesheep crop up daily, the dangers of Wi-Fi have long been with us. The November 2003 article “The Seduction of Wireless Networking: Resist the Temptation” by litigation technology consultant Jeff Flax addressed the risks of open, unsecured Wi-Fi connections in consideration of the ABA Model Rules. He notes that most Wi-Fi hotspots aren’t encrypted, and it isn’t economically feasible to encrypt public networks such as those from hotels, airports and other providers. Thus, “free” wireless access can really end up costing you down the line. But fear not—secure, convenient and increasingly affordable options abound to keep you secure while also keeping you connected.

Virtual Private Networking provides a secure tunnel between your remote connection and the office network. This ensures that everything a user sends and receives is encrypted, and makes her web surfing much safer. VPN has been around for awhile, as attorney Sean La Roque-Doherty explains in the article “Virtual Private Networks over the Public Internet.” A lawyer’s network administrator or consultant should be able to set up a VPN. Cloud-based or -hosted VPN options, such as PublicVPN.com, referred to by presenters David Ries and Reid Trautz at ABA TECHSHOW 2008, and Witopia, reviewed by TechRepublic, provide similar security without requiring IT staff overhead.

Mobile broadband, accessed through a USB device or data card, is encrypted by one’s mobile service provider. Carriers such as Verizon, AT&T, Sprint and T-Mobile provide a variety of mobile broadband offerings and service plans on a monthly, weekly, daily or prepaid basis. See the article “Mobile Broadband Wireless for Laptops and Smartphones” for more information about this technology.

Mobile hotspots, popularly referred to as Mi-Fi, are portable wireless routers that allow several devices to simultaneously and securely share an Internet connection. Available through several mobile service carriers, the Mi-Fi brand, developed by Novatel Wireless, supports Wi-Fi with WEP/WPA/WPA2 encryption and through a VPN pass-through configuration. Lawyer and practice management consultant David J. Bilinsky published an informative review of the Novatel MiFi. Similar devices include Sprint’s Overdrive 3G/4G Mobile Hotspot and The Rover Puck by Clearwire.

SSL encryption secures the data shared by users on websites. A small lock icon displayed on the address line of a web page's URL signifies SSL encryption. Additionally, secure web page addresses will begin with “https://” instead of “http://”. SSL encryption even provides secure communication on the Internet when one uses an insecure Wi-Fi connection. Use an SSL encrypted web pages whenever possible, but especially when viewing or entering sensitive data, such as user names, passwords, account numbers, credit card numbers and Social Security numbers. The articleTen Best Practices for Securing Your Practice’s Databy Clio President Jack Newton discusses SSL and other means of securing one’s data.

Other helpful resources on Wi-Fi security:


This article first appeared in YourABA e-newsletter, a monthly publication distributed via email to all ABA members.  Learn more about the benefits of belonging to the American Bar Association.

Tonya Johnson