| You can find them in airports, coffee shops, courtrooms, and at least one Major League ballpark - these days, wireless networks are just about everywhere. The technology for wireless local area networks (WLANs, also commonly referred to as Wi-Fi) has matured, allowing even the "Average Joe" to setup and install a high-speed Internet connection without any cords, and without much cost. |
 |
| However, many law firms are understandably skittish about joining the wireless revolution. Ensuring confidentiality of client information is a critical business requirement in the legal profession. Fortunately, encryption technologies and sound security policies can make wireless networks just as secure as their wired LAN cousins. |
|
Ready to jump on the wireless bandwagon? |
|
|
| Notebook PC computers and handheld devices have become indispensable tools for lawyers and other high-octane mobile professionals. The need to stay in touch with clients and with the office while working from home or on the road is a critical "must-have" for most law firms. Chances are you already have a cell phone, handheld device, Notebook PC or tablet PC that has some type of wireless capability. Plugging into the wireless Internet to check your email or send/receive documents is just a few mouse clicks and a wireless access point away. |
|
Look before you leap |
|
|
| With all that data flying through the air and the ever-present threat of hackers, securing wireless Internet connections is an evolving industry. For business users, such as lawyers, there are two primary fronts that must be protected from the bad guys at all times: |
|
|
• |
Network Access Point (NAP or AP) - this is a stationary device that picks up and transmits a signal from a wireless PC or handheld device to an Internet access provider. Wireless NAPs are also referred to as routers, hubs or gateways. Some NAPs come bundled with a high-speed modem. NAPs broadcast up to 300 feet or more. Unless you have the appropriate security in place, your wireless Internet connection could be left wide open for your next-door neighbor or the guy down the hall to use your Internet connection free of charge. |
|
|
• |
Data - by default, information that travels to/from your wireless device to the Internet is not secure. Rather, data is sent "in the clear." This means that it is relatively simple for someone who has the time and the desire to hijack your email, documents and other critical data while it is in transit. |
|
|
Protecting your digital assets |
|
|
| Fortunately, the technology for securing wireless networks is getting better all the time, although it is still far from perfect. Most experts agree that it is relatively simple to break the Wireless Encryption Protocol (WEP) that is built in with many of today's wireless products. Newer security protocols such as Wi-Fi Protected Access (WPA) have been designed to overcome some of these flaws. |
|
| Although WEP might be a weak encryption protocol to the pros, using WEP will deter the casual freeloader from piggybacking onto your network access point and should always be used as a minimal level of protection. WPA is even better because it is more difficult (although not entirely impossible) for a hacker to break the encryption code. Think of WEP and WPA as having a lock on your front door - even though a determined burglar can still break into your house, you don't want to make it easy for just anyone to walk in and sit on your couch. |
|
| With WEP and WPA, a series of "secret" alphanumeric characters are required for the wireless PC to identify itself as an authorized user of the NAP. This process of providing credentials to a device to verify your identity is called authentication. In addition to WEP and WPA, industry-standard methods of authentication such as RADIUS (remote authentication dial-in user service) can be used to establish a strong trust between the user and the network and deter interlopers from sneaking a ride onto your wireless connection. RADIUS is recommended for office networks because it is much more difficult for a casual hacker to break the encryption code. |
|
But wait, there’s more... |
|
|
| WEP, WPA and RADIUS are the alphabet soup of technology that is required to secure your network access from freeloaders. However, these security protocols do not provide data-level security for your information as it travels through the atmosphere. |
|
| To protect your data while it is in route, Virtual Private Networks (VPNs) offer strong encryption that scrambles the data information packets before they hit the airwaves then descrambles the packets when the data reaches its destination. Having a VPN is like putting your information into a safe that uses a combination lock and has become today's standard for remote network access over the Internet. VPNs can also be used in conjunction with WEP, WPA, RADIUS and application level security to provide a robust platform for protecting sensitive data such as documents that are located on the office network and e-mail. |
|
What about wireless e-mail? |
|
|
| Even with WEP and VPN technology, certain applications such as e-mail and web-based applications still require their own level of security. Although it is illegal for someone to intercept your e-mail, hackers are vandals who don't give a darn about the law. Encrypted e-mail remains the single best way to ensure that emails and attachments are delivered in a secure manner. Although e-mail encryption is built in to most of today's e-mail applications, or can be implemented through third party applications, many law firms do not bother with secure e-mail, because implementing an end-to-end secure e-mail solution can be painful and costly. Fortunately, there are third-party vendors, such as Good Technology, ZixCorp and Sigaba, who provide some much needed relief to solving the complexities of e-mail security between lawyers and their clients. |
|
| To secure web-based applications, Secure Sockets Layer (SSL) encryption provides strong end-to-end encryption for data as it travels over the Internet between the local computer and the web host. Banks, insurance companies, hospitals and e-commerce web sites use SSL security to establish an encryption tunnel directly with the user. You can spot a secure web site if the URL begins with "https:" SSL encryption prevents unauthorized access to sensitive information such as bank accounts, credit cards and medical records while the data is in transit. These days, legal applications, such as InterWoven WorkSite™, CT Summation®, Lexis-Nexis Concordance® and Thomson-Elite™, offer web-enabled versions of their software that provide users with the simplicity of a web browser while taking advantage of the strong encryption protocols found in SSL to protect client documents and other sensitive data found on law firm networks. |
|
Blending the right mix of security |
|
|
| Wireless networks allow attorneys and other mobile professionals to stay connected and productive. Wireless technology is gaining in popularity both at home and in the workplace, and may some day completely replace traditional wired networks. There is no mystery to securing wireless networks, and there is no excuse for not exercising due diligence to protect your data - the technology is readily available and fairly easy to use. Applying a security model and the right mix of encryption technology will help you stay one step ahead of the bad guys and help your firm realize the efficiencies of practicing without wires. |
Printable version
