MTC: Summer Vacation Cybersecurity for Lawyers: Essential Tech Tips to Protect Client Data on the Go 🌴💻

/ The Tech-Savvy Lawyer.Page/

Lawyers: Never Skip Your VPN — Even on Vacation!

For many lawyers, “summer vacation” now means answering client emails from the beach house, reviewing drafts on the cabin deck, and jumping into Zoom hearings from hotel rooms. 🌞📶 Work rarely stays at the office, and our laptops and phones have become permanent carry‑ons even when we swear we are taking real time off. That always‑on reality turns every summer trip into a rolling cybersecurity and ethics test.

When you travel with devices that touch client matters, you are also traveling with privileged information, trade secrets, and personal data that fall squarely under ABA Model Rules 1.1 and 1.6. Competent representation now includes understanding the benefits and risks of the tech you use, and reasonable efforts to protect client confidentiality do not pause when you turn on your out‑of‑office message. The goal is not to shame lawyers for working on vacation; it is to make sure that when you inevitably do, your tech setup supports both your ethics and your relaxation. 😎

Pack Light: A “Minimum Data” Mindset for Vacation

The safest client data is the data that never leaves your office or your secure cloud in the first place. 1Password’s travel guidance and broader cybersecurity advice emphasize carrying only what you truly need when you hit the road. For summer trips, this translates into a deliberate “minimum data” mindset.

Before you leave, decide which matters genuinely might need your attention while you are away and which can safely wait until you return. Archive or unsync closed files and non‑urgent matters from your travel devices so they are not riding along to the resort, rental home, or national park lodge. For some practices, this may not be feasible when your current work may rely on prior drafts in similar cases.  But when feasible, consider using a “travel profile” or even a separate, cleaner laptop with access only to essential tools and a limited subset of client documents.

This approach directly supports your duty under Model Rule 1.6(c) to make reasonable efforts to prevent unauthorized access to client information by reducing the amount of sensitive material that could be exposed if a device is lost, stolen, or inspected. It also makes vacation feel less like moving your entire office to a different ZIP code, allowing you to focus on what really needs to be done and hopefully enjoy your vacation a little more.

Smart Lawyers Activate Travel Mode Before Every Flight.

Password Managers and Travel Mode: Your “Vacation Vault”

Strong, unique passwords are non‑negotiable for lawyers, and summer vacation does not change that. 1Password and similar tools exist precisely so you do not reuse easy‑to‑type passwords while you juggle boarding passes, sunscreen, and kids at the gate. (Note: I am a paying user of 1Password and have used their product for many years!  Also, I may earn a commission on any link used from this blog.)

Use a reputable password manager to generate and store complex, unique passwords for all your accounts—email, practice management, cloud storage, airlines, hotels, and rental car services. Store digital copies of your ID, bar card, and key travel documents in a secure vault instead of leaving them scattered across your inbox or photo roll. That saves time on the road and keeps sensitive personal and professional information encrypted.

For summer travel, 1Password’s Travel Mode is particularly valuable. You can mark certain vaults as “safe for travel” and remove more sensitive vaults from your devices with a single toggle before you leave. If your phone or laptop is inspected at a border or compromised in a crowded tourist spot, the most sensitive client logins and documents are simply not there. From an ethics perspective, that is a concrete, defensible step toward preserving client confidentiality.

Vacation Wi‑Fi, VPNs, and Hotspots: Don’t Trust the Beach House Network

The Wi‑Fi at your beach rental, resort, or lakeside Airbnb may be convenient, but it is rarely secure. Past guests often know the password, routers may be poorly configured, and attackers sometimes target popular tourist areas with rogue access points. For lawyers who are logging into email, document systems, or court platforms from these networks, that is a serious problem.

Secure Client Data Anywhere — Use Your Phone's Hotspot!

A Virtual Private Network (VPN) should be standard equipment for any lawyer working on vacation. A good VPN encrypts your traffic between your device and the VPN provider, making it much harder for eavesdroppers or compromised networks to capture sensitive information. Legal tech sources and security professionals consistently recommend that lawyers use reputable VPN providers with strong encryption and clear no‑logs policies.

In practice, treat any shared vacation Wi‑Fi as hostile. Turn on your VPN before accessing client email, cloud storage, or remote desktop tools. Better yet, follow The Tech‑Savvy Lawyer’s advice and rely on your smartphone’s hotspot for truly sensitive work; modern cellular networks often provide stronger encryption and a more reliable, if not many times faster, performance than hotel or rental Wi‑Fi. This level of care is rapidly becoming part of what “reasonable efforts” and basic technology competence mean for a traveling lawyer.

Device Hardening for Summer Travel: Encryption, Passcodes, and Biometrics

Summer travel is chaotic. Devices slide between airplane seat cushions, get forgotten in rideshares, or are grabbed from café tables. Full‑disk encryption and strong authentication are your last lines of defense when something goes wrong.

Know Your Rights when crossing international boarders: Encrypted Devices Protect Client Privilege

Make sure full‑disk encryption is enabled on every device you bring—FileVault on macOS, BitLocker on Windows, and built‑in encryption on modern iOS and Android devices. Use a long, alphanumeric passcode rather than a short PIN, and configure automatic locking after a brief period of inactivity so a phone left by the pool does not stay unlocked.

When you are approaching international borders, consider temporarily disabling biometrics so that unlocking your device requires a passcode instead of a fingerprint or facial scan. 1Password’s Travel Mode can again help by ensuring that the most sensitive client vaults are not present on the device at all if a border search occurs. If agents request access, clearly state that the device contains privileged material and that you are an attorney, in line with guidance that privilege should trigger additional care. These steps show you are actively trying to protect client confidentiality, not ignoring the issue.

Two-Factor Authentication and Account Hygiene on Holiday

Account compromise can ruin a vacation as quickly as a lost suitcase. Enable two‑factor authentication (2FA) on your critical accounts—email, practice management, document repositories, and your password manager—before you leave. App‑based authenticators and hardware keys are generally more reliable and secure than SMS codes, especially when you are roaming internationally or in areas with spotty service.

Review account recovery options in advance so that a locked‑out account does not turn into an emergency while you are halfway around the world. Monitor sign‑in alerts from your major accounts during and after the trip so you can quickly respond to any unfamiliar activity. This sort of “account hygiene” supports your duties of competence and confidentiality and gives you practical peace of mind while you try to enjoy some downtime.

A Simple Summer Travel Checklist for Lawyers

For lawyers with limited to moderate tech skills, the key is a repeatable routine rather than a complex security project. A short checklist before each summer trip can go a long way:

Every Traveling Lawyer should use a Pre-Trip Security Checklist!

  • Backup all devices, apply pending updates, and confirm full‑disk encryption is enabled.

  • Clean your devices by removing non‑essential client data and logging out of unused accounts.

  • Configure your password manager, mark travel‑safe vaults, and turn on Travel Mode if available.

  • Install and test your VPN, and verify you know how to enable your phone’s hotspot.

  • Confirm 2FA works from where you will be, especially if traveling abroad.

This checklist supports the ABA’s technology competence expectations and makes your vacations less stressful because you are not improvising security on hotel Wi‑Fi at midnight. It respects the reality that today’s lawyers must often take their work—and their devices—with them, while still honoring their core obligations to clients.

Summer is supposed to be restorative. With a bit of planning, smart use of tools like VPNs and 1Password’s Travel Mode, and an eye on your Model Rule duties, you can protect client data and your own peace of mind at the same time. 🌴🔐

Save Travels!!! 🌴💼✈️

MTC

TSL.P EP# 132 (Special Episode): AI, Deepfakes, and Metadata: Guest-Hosting Capital University Law School’s First Law Library Podcast Club with Professor Jennifer Wondracek 🎙️⚖️

/ The Tech-Savvy Lawyer.Page/

🎙️ This week, we have something special for you. Your The Tech-Savvy Lawyer.Page blogger and podcaster, Michael D.J. Eisenberg, was invited back to his alma mater, Capital University Law School, to guest host their very first Podcast Club — a live, recorded podcast conversation featuring real law students, real questions, and real talk. Moderated alongside Professor Wondracek, this is an unscripted, in-the-moment discussion — not a produced studio episode, not a rehearsed explainer — just an honest, practitioner-led conversation about the issues shaping the legal profession today. 🎓 We think that's exactly what makes it worth your time. 🛡️⚖️

In our conversation, we cover the following:

  • [00:00] 🎬 Welcome & Introductions — Professor Raik introduces Michael D.J. Eisenberg; Michael shares his background representing veterans before the VA and his work at The Tech-Savvy Lawyer.Page, including his Amazon #1 bestselling book The Lawyer's Guide to Podcasting

  • [01:00] 🕵️ What Is a Deepfake? — Defining deepfakes and the real-world Bethesda incident where a fabricated video triggered a police raid and wasted critical law enforcement resources

  • [02:30] ⚖️ Deepfakes in Legal Practice — The serious professional responsibility consequences when attorneys introduce fake or AI-generated evidence into a trial or negotiation — and why "I didn't know" won't always protect you

  • [03:00] 📋 ABA Model Rule 1.1 — Competence & Comment 8 — Why technology competence is an ethical obligation, not optional — and what "competent use of technology" actually means for your daily practice

  • [05:00] 📶 Public Wi-Fi & VPN Security — The real dangers of using public Wi-Fi at airports, coffee shops, and on planes without a VPN, especially when accessing client portals, trust accounts, or confidential client communications

  • [05:45] 🔐 VPN Recommendations — NordVPN vs. ExpressVPN; why the right VPN matters for protecting your clients and your license

  • [07:00] 🔍 How to Detect Deepfakes in Evidence — Reviewing file metadata, spotting visual anomalies, and the Mendones v. Cushman & Wakefield case (Cal. Super. Ct. 2025) where Judge Victoria Kolakowski spotted deepfake videos — and imposed terminating sanctions

  • [08:30] 📜 ABA Model Rule 3.3 — Candor to the Tribunal — Your duty of honesty to the court and the compounding risks of unknowingly submitting falsified AI-generated evidence

  • [09:30] 🧑‍⚖️ ABA Model Rule 8.4 — Dishonesty, Fraud, Deceit & Misrepresentation — How these rules can stack with Rule 3.3 to multiply your ethical exposure

  • [10:30] 🖼️ Live Demo: Accessing File Metadata — A real-time screen share showing how to right-click and access image properties, including GPS coordinates, camera settings, file timestamps, and modification history — using a photo taken right at Capital University Law School

  • [14:00] 🗂️ Metadata Scrubbing — Why some law firms strip metadata from outgoing emails and documents, and why "scrubbed" evidence should raise red flags during discovery

  • [17:30] 🛡️ Five Basic Safeguards for Legal Professionals in the AI Era:

    • Invest in ongoing education — CLEs, podcasts, blogs

    • Know and follow your office's technology protocols

    • Be transparent with clients about your use of AI — in your engagement letters and contracts

    • Update your engagement letters and retainer agreements now

    • Stay alert to the rapidly changing AI landscape — ignoring it is not an option

  • [20:00] 💬 Student Q&A — George's question: Does the ethical obligation to review metadata create a resource gap between large firms and solo practitioners? What AI tools can help level the playing field?

  • [22:00] ⚠️ United States v. Heppner (S.D.N.Y. 2026) — The landmark federal ruling that AI-generated documents used with consumer AI tools are NOT protected by attorney-client privilege or work product doctrine — and why your choice of AI platform is now an ethics decision

  • [23:30] 🔒 Consumer AI vs. Secure Legal AI Platforms — The critical difference between free and low-cost consumer AI accounts and enterprise-grade legal AI tools with zero-data-retention contracts

  • [25:30] 📚 LexisNexis Protégé & Secure AI — How LexisNexis's zero-retention, end-to-end encrypted AI platform — including access to ChatGPT and Claude — lets attorneys use AI ethically without jeopardizing client data

  • [27:00] 💾 Prompt Discoverability — Why your AI prompts may be subpoenaed in malpractice claims or bar investigations, and why documenting and downloading your AI usage history matters

  • [28:30] 📁 Cassia's Question — Documenting AI research and adopting a random sampling strategy for metadata review: practical approaches to demonstrating "reasonable" due diligence

  • [30:00] 🗃️ eDiscovery Tools for Metadata at Scale — Relativity, Disco, and how these platforms help even resource-limited firms surface metadata anomalies across large document sets

  • [33:00] 📰 Current Awareness Resources — Where to stay current on legal tech: law.com, bar association newsletters, The Tech-Savvy Lawyer.Page blog and podcast, CLEs, and legal listservs

  • [33:30] 🚨 Hallucinated AI Citations & Real Consequences — Mata v. Avianca, Wadsworth v. Walmart (Morgan & Morgan pro hac vice revoked), the Chicago firm dissolution case — and why citation-checking is now a non-negotiable litigation skill

  • [37:00] 🎲 Book Giveaway — Rolling the virtual dice; congratulations to the winner of Michael's book, The Lawyer's Guide to Podcasting!

  • [38:00] 🗓️ Upcoming Events — Michael joins the Capital Law Spring Summit/Bootcamp in April; dinner with students at The Red Door Tavern

Resources

Connect with Professor Jennifer Wondracek:

  • E-Mail: jwondracek@law.capital.edu 

  • LinkedIn: https://www.linkedin.com/in/jennifer-wondracek

📌 Mentioned in the Episode

🏛️ ABA Model Rules

⚖️ Case Law

🤔 Other

💻 Hardware Mentioned in the Conversation

☁️ Software & Cloud Services Mentioned in the Conversation

🎙️ Ep. 122: Cybersecurity Essentials for Law Firms: Proven Strategies from Navy Veteran & Attorney Cordell Robinson

/ The Tech-Savvy Lawyer.Page/

My next guest is Cordell Brion Robinson, CEO of Brownstone Consulting Firm and a decorated US Navy veteran who brings an extraordinary combination of expertise to cybersecurity. With a background in Computer Science, Electrical Engineering, and law, plus experience as a Senior Intelligence Analyst, Cordell has created cybersecurity programs that comply with the National Institute of Standards and Technology, the Federal Information Security Management Act, and the Office of Management and Budget standards for both government and commercial organizations. His firm specializes in compliance services, performing security framework assessments globally for commercial and government entities. Currently, he's innovating the cybersecurity space through automation for security assessments. Beyond his professional accomplishments, Cordell runs the Shaping Futures Foundation, a nonprofit dedicated to empowering youth through education, demonstrating his commitment to giving back to the community.

Join Cordell Robinson and me as we discuss the following three questions and more! 🎙️

1. What are the top three cybersecurity practices that lawyers should immediately adopt to secure both client data and sensitive case material in their practice?

2. From your perspective as both a legal and cybersecurity expert, what are the top three technology tools or platforms that can help lawyers streamline compliance and governance requirements in a rapidly evolving regulatory environment?

3. What are the top three steps lawyers can take to overcome resistance to technology adoption in law firms, ensuring these tools actually improve outcomes and efficiency rather than just adding complexity

In our conversation, we cover the following: ⏱️

- 00:00:00 - Introduction and welcome to the podcast

- 00:00:30 - Cordell's current tech setup - Windows laptop, MacBook, and iPhone

- 00:01:00 - iPhone 17 Pro Max features including 48MP camera, 2TB storage, and advanced video capture

- 00:01:30 - iPhone 17 Air comparison and laptop webcam discussion

- 00:02:00 - VPN usage strategies - Government VPN for secure client communications

- 00:02:30 - Commercial client communications and secure file sharing practices

- 00:03:00 - Why email encryption matters and Mac Mail setup tutorial

- 00:04:00 - Bonus question: Key differences between commercial and government security work

- 00:05:00 - Security protocols comparison and navigating government red tape

- 00:06:00 - Question 1: Top three cybersecurity practices lawyers must implement immediately

- 00:06:30 - Understanding where client data comes from and having proper IT security professionals

- 00:07:00 - Implementing cybersecurity awareness training for all staff members

- 00:07:30 - Practical advice for solo and small practitioners without dedicated IT staff

- 00:08:00 - Proper email practices and essential security awareness training skills

- 00:08:30 - Handling data from average clients in sensitive cases like family law

- 00:09:00 - Social engineering considerations in contentious legal matters such as divorces

- 00:10:00 - Screening threats from seemingly reliable platforms - Google Play slop ads as recent example

- 00:10:30 - Tenable vulnerability scanning tool recommendation (approximately $1,500/year)

- 00:11:00 - Question 2: Technology tools for streamlining compliance and governance

- 00:11:30 - GRC tools for organizing compliance documentation across various price points

- 00:12:00 - SharePoint security lockdown and importance of proper system configuration

- 00:12:30 - Monitoring tools discussion - why no perfect solution exists and what to consider

- 00:13:00 - Being amenable to change and avoiding long-term contracts with security tools

- 00:14:00 - Question 3: Strategies for overcoming resistance to technology adoption

- 00:14:30 - Demonstrating efficiency and explaining the full implementation process

- 00:15:00 - Converting time savings to dollars and cents for senior attorney buy-in

- 00:15:30 - Mindset shift for billable hour attorneys and staying competitive in the market

- 00:16:00 - Being a technology Guinea pig and testing tools yourself first

- 00:16:30 - Showing real results to encourage buy-in from colleagues

- 00:17:00 - Real-world Microsoft Word example - styles, cross-references, and table of contents time savings

- 00:17:30 - Showing value add and how technology can bring in more revenue

- 00:18:00 - Where to find Cordell Robinson - LinkedIn, www.bcf-us.com, Brownstone Consulting Firm

- 00:18:30 - Company description and closing remarks

Resources 📚

Connect with Cordell Robinson:

Government & Compliance Frameworks:

Software & Tools: