Author Archives: Audrey Merckling

The Hidden Dangers of Public Wi-Fi for Attorneys

Posted on by

Would you hand your briefcase full of confidential client files to a total stranger at Starbucks?
Probably not.

But every time you hop on public Wi-Fi without protection, that’s basically what you’re doing — without even realizing it.

The Illusion of “Free” Wi-Fi

Public Wi-Fi networks at airports, hotels, and coffee shops seem harmless — even convenient. But here’s the truth: these networks are wide-open doors for cybercriminals.

Hackers can launch what’s known as a “man-in-the-middle” attack, which means they slip between you and the internet, secretly watching everything you send — emails, client documents, and even your login credentials.

It’s like passing your case files through a stranger who reads every page before forwarding it along.

Why Attorneys Are Prime Targets

As an attorney, you handle some of the most sensitive information imaginable — from real-estate transactions and business deals to medical records and trust accounts. A single intercepted email could lead to:

  • A breach of client confidentiality
  • Wire fraud involving client trust accounts
  • Or even a malpractice claim

And let’s face it — your reputation is everything. One careless connection on public Wi-Fi could cost you clients, your credibility, and potentially thousands in damages.

How to Protect Yourself (and Your Clients)

The good news? Protecting yourself doesn’t have to be complicated. Here are three quick ways to stay secure when working remotely:

1. Use a VPN (Virtual Private Network)

A VPN encrypts your connection, locking your data in a secure “briefcase” before it travels online. Even if someone intercepts it, they can’t read it.

2. Use Your Phone’s Hotspot

When possible, connect through your mobile data instead of public Wi-Fi. Your phone’s network is far more secure than that “free coffee shop Wi-Fi.”

3. Double-Check the Network Name

Hackers often set up fake Wi-Fi networks with names like “Free Hotel Wi-Fi” or “Airport Guest.” Always verify the exact network name before connecting — or ask an employee to confirm it.

These small steps make it dramatically harder for cybercriminals to snoop on your information.

Cybersecurity Is Client Protection

Cybersecurity isn’t just about safeguarding your computer — it’s about protecting your clients, your firm, and your reputation.

So the next time you’re working outside the office, take a moment before you connect. A little caution now can save you a massive headache later.

Optional Add-On (for Don’s Book Mention)

For even more cybersecurity tips tailored to law firms, check out Don Ivol’s book, Game Over? Not Today! — your guide to understanding the cyber risks every attorney needs to know.

Real-Life Cyber Claim Examples With Don Ivol

Posted on by

Lawyers often ask for proof that cyber events and data mistakes really hit small firms—and what those losses look like in dollars. Below are two real-world claim scenarios to help you see how quickly costs add up and which safeguards (and coverages) matter most.

#1: Shared Office, Shared IT… Total Data Loss

The setup:


A three-lawyer firm subleased space from a larger firm and piggy-backed on the larger firm’s IT. To “separate” data, the small firm was given its own file server (originally used for email).

What went wrong:


The larger firm’s IT admin backed up email, formatted the shared server, and reinstalled software—but forgot to back up the small firm’s files. Result: complete data loss and an operational shutdown while the firm tried to rebuild.

Documented impact:

  • Data restoration expenses: $23,000
  • Lost billable hours: roughly $98,900 (about “$99k” in the narrative)

Why this matters:


Not every disaster is a hacker. Plain old human error and poor segregation of systems can be just as destructive.

How to prevent this (practical steps):

  • Own your backups (don’t rely solely on a landlord’s/host firm’s IT). Use a 3-2-1 backup strategy and test restores.
  • Put clear, written data-segregation and change-management terms in your office/IT agreement.
  • Keep off-network backups (immutable/cloud snapshots) and run recovery drills twice a year.
  • Maintain a simple RPO/RTO target (how much data you can afford to lose/how fast you must be back).

Where insurance can help (policy-dependent):
 Cyber policies with data restoration and business interruption coverage can respond to accidental data loss; some tech E&O or malpractice policies may also come into play depending on facts. Terms vary—review your policy.

#2: Cloud Downgrade → Confidential Case Exposed

The setup:


A firm used a cloud storage provider with two tiers: free and premium. The premium tier kept data private; the free tier made content searchable/downloadable by others.

What went wrong:


The firm missed the renewal. The account reverted to the free tier, quietly exposing the firm’s files online for months. During that window, third parties downloaded details of a sensitive whistleblower matter.

Documented impact (one case):

  • Notification costs: $27,000
  • Defense expenses: $35,000
  • Damages: $2,150,000
  • Fines & penalties: $120,000
  • (Additional client lawsuits were pending and not included in these totals.)

Why this matters:


Most breaches aren’t Hollywood hacks—they’re misconfigurations, missed renewals, or lax vendor settings.

How to prevent this (practical steps):

  • Use auto-renew with multiple payment methods and billing alerts for critical SaaS tools.
  • Enforce least-privilege access, MFA, and default private sharing settings; require approvals for any public link.
  • Turn on configuration monitoring and data-loss prevention (DLP) alerts for exposure of sensitive matter names/IDs.
  • Keep a data map: what you store, where it lives, who can access it, and how long you keep it.

Where insurance can help (policy-dependent):


Cyber policies commonly address privacy liability, regulatory investigations (where insurable), breach response (forensics, notifications, PR), and defense. Coverage for fines/penalties depends on jurisdiction and policy language. Some professional liability (LPL) policies may also respond to alleged ethical violations—review both with your broker.

What These Stories Prove

  • It’s not just “hackers.” Human error and billing lapses can trigger seven-figure exposure.
  • Shared or “free” is risky. If you don’t control the system, you don’t control the risk.
  • Time is money. Even “small” incidents bleed billable hours and momentum.

Insurance is a backstop, not a substitute for sound IT practices.

10-Point Cyber Hygiene Checklist for Small & Mid-Size Firms

  1. 3-2-1 backups with quarterly restore tests
  2. Vendor billing safeguards (auto-pay + backup card + calendar reminders)
  3. MFA everywhere (email, practice management, cloud storage, VPN)
  4. Least-privilege access and quarterly access reviews
  5. Encrypted, private-by-default cloud repositories; ban public links
  6. Patch/update cadence for OS, apps, and network devices
  7. Incident Response Plan with breach-coach contact and a tabletop twice a year
  8. Data map & retention policy (limit what you store; purge on schedule)
  9. Security awareness training (phishing, sharing, and file-handling)
  10. Annual policy review (cyber + LPL) to close obvious gaps

These aren’t edge cases—they’re everyday risks for modern law practices. A few process tweaks plus the right blend of cyber and malpractice coverage can be the difference between an expensive lesson and a swiftly managed incident.