We have the tools and the proclivity to work from anywhere today, but we don’t always have the necessary security to do so. It’s so convenient to use public WiFi for checking email or accessing our online practice management system, but those networks are unlocked, unprotected, and unsecured, meaning the confidential information you’re sending and accessing could be at risk of inadvertent disclosure. That’s why it’s critical to use a virtual private network (VPN).
VPN software is a necessary professional expense to protect your work product and privileged online communications with your clients. This is true whether you’re using a Mac, iPhone, iPad, or any other computing device. Here are the basics you need to know in order to start incorporating a VPN into your practice and how to competently protect the client information that has been entrusted to you.
A Very Present Nemesis
Think of a VPN as simply an encrypted tunnel for any data that you’re transmitting from your computer through a wireless network. There are several ways that a VPN can work, but this is the primary use for legal professionals.
People use VPNs for many purposes, from the quasi-nefarious desire to stream movies from a different country to the quasi-necessary function of bypassing unwarranted censorship. But the main reason most lawyers need a VPN is to ensure the safety and confidentiality of the information that has been entrusted to them when using public WiFi or another wireless network that they do not fully trust.
Hide-and-Seek IP Addresses and Encryption
The first thing a VPN does is mask your Internet Protocol (IP) address. Anytime you access the Internet from your Mac or iPhone, you’re assigned an IP address that can generally reveal your geographic location. That’s why you sometimes see advertisements for stores or products that are eerily close to you—it’s just how the Internet works. But when you turn on your VPN software, you’re actually connecting through one of the VPN servers, which means your IP address appears as if it is originating from that server . . . wherever it’s located.
But more importantly for legal professionals, a VPN encrypts all the cyber traffic that is being transmitted to and from your computer or mobile device. That means all the data that is invisibly zipping between your computer and the WiFi router is securely encrypted and protected from any potential prying eyes.
Think about sitting at your favorite coffee shop in front of your computer, ready to log on to your online bank account. If you don’t have a VPN, it’s as if you’re shouting out your login and password one letter/numeral at a time while there’s someone in the corner writing down everything you say. But when you enable your VPN software, you could still shout out your login information, but it would be in a secret code that only your computer could decipher. The person in the corner could still be writing everything down, but it would look like gibberish, and your bank account would be safe.
In a similar way, your VPN software is encrypting every dribble of data that’s floating between your computer and the public wireless network. People can see the data, but they can’t make any sense out of it. They might see that you’re sending and receiving confidential emails, but they can’t read them. They might notice you’re typing what looks like a login password, but it’s gobbledygook to them. You could be downloading confidential documents to your computer, but no one else can read them. If you’re using an open, unsecured, public WiFi network, it is absolutely essential to utilize a trusted VPN.
WiFi with or Without a Password
When you’re connected to WiFi at your home or office, hopefully it’s secure because you’ve changed the name of the network and you require a strong password in order to connect to it. If a stranger doesn’t know that strong password, he or she can’t connect to your network and, therefore, can’t access data flowing through that network. If you’re using a trusted and secure wireless network, you don’t necessarily need to enable your VPN.
But when you leave that trusted wireless environment and visit your local coffee shop, client site, or airport and connect to the public WiFi that doesn’t require a password to join, all the information you type and access is at risk unless you enable a VPN.
Personally, I don’t have my VPN software running when I’m working at home or the office because my computer and devices are connected to a secure wireless network (my devices typically “remember” the password and connect automatically). And there are a handful of other locations that I regularly visit, such as clients or law firms, where I trust the security of their wireless network and don’t turn on my VPN (they’ve supplied me with the strong password to use). But the moment I walk down the block and sit with a piping hot latte, I immediately turn on my VPN when I connect to the publicly available WiFi. This is true for my Mac as well as my iPhone and iPad.
A Variety of Potential Nominations
Which VPN is the right one for you? Fortunately, there are several excellent options available for Mac and iOS users, and you’ve probably already encountered some of these through advertisements or other recommendations. Here’s a short list to consider:
Yes, you need to pay for a VPN—it’s a professional expense and a necessity for any legal professional conducting work on an unsecured wireless network (e.g., public WiFi). You can pay month-to-month or reduce the cost by paying annually or a couple of years at a time. A good VPN will cost between $50 and $80 a year for unlimited data.
All four options above are excellent and highly rated, but I personally opted for the cutest VPN around, called TunnelBear. I wanted a service that is simple, effective, and reliable, and TunnelBear checks all those boxes. TunnelBear is friendly and approachable for anyone who hasn’t dipped their toe in the VPN waters, and it features a cartoon bear that digs a secure tunnel on your screen when you turn it on. Even better, TunnelBear offers a limited 500 MB per month free tier, so you can kick the virtual tires. You can blow through 500 MB in a matter of minutes on Zoom or YouTube, but it’s a great way to introduce yourself to the world of VPNs.
VPN at Work and Virtual Downsides
Regardless of which VPN you choose and use, the first thing the software will ask is what country you’re located in and what connection you prefer. Frankly, for me, it’s just easier to let the VPN select the fastest and most appropriate option based on my current location (which it knows because of my IP address before it masks it).
With TunnelBear, there is a tiny open tunnel icon in my Mac’s menu bar. When a little bear pops up in the open tunnel, I know that my TunnelBear VPN is turned on and encrypting all my sensitive data. I’ve also installed TunnelBear on my iPhone and iPad (no additional charge based on my subscription, but make sure you check if this is allowed with other services). The first time you launch a VPN on your iOS device, it will request permission to install a VPN profile. Once you allow that and launch the VPN app, you’ll see the letters “VPN” in the upper right corner of your iPhone or iPad to indicate it’s running.
While I’ve touted the responsibility and indispensability of using a VPN, there are a couple of potential downsides you should be aware of. First, a VPN could potentially slow down your Internet connection, although it would only do so incrementally—you would probably not even notice for checking email and general web surfing. I’ve held plenty of Zoom and Teams calls with my VPN running without an issue.
Next, there could be rare instances where you might encounter a website that requires your non-masked IP address for access, and that website may not allow you to enter when a VPN is running. You might need to temporarily turn off your VPN, access the site, and then turn back on your VPN as soon as possible.
Is a VPN the perfect security solution? No, nothing is perfect, but using a VPN is absolutely a reasonable precaution that you can take to protect the confidential information that has been entrusted to you according to the American Bar Association Model Rules of Professional Conduct. A VPN isn’t going to stop someone who is absolutely bound and determined to access your data, but it will deter someone who might move on to the next poor individual who neglects to use a VPN while using public WiFi.