Even lawyers can be scammed: from wireless networks to phony IRS agents, attorneys must be vigilant.

Lawyers know they have a duty to keep their clients' information private, but in today's high-tech world, pitfalls lurk like bogeymen behind bushes.

J.R. Phelps, director of The Florida Bar's Law Office Management Assistance Service, shares three horror stories: client files accessed by a stranger with a laptop and wireless card, theft by a phony IRS agent, and paying a settlement to an identity thief.

Consider the recent nightmare of a lawyer in Alberta, Canada, who was shocked speechless to learn his unprotected computer server allowed access to hundreds of client files filled with personal information, such as driver's licenses, social insurance numbers, work histories, and criminal records.

It could be an identity thief's dream.

The lawyer's system was accessed by a man who had just started a job in a nearby downtown building and brought his laptop to work while his new boss set up his work computer. The laptop had a wireless card, allowing it to connect to any nearby wireless access point. Most are password-protected, requiring a secret password, but that's not what happened. After getting into the system, it invited the man to log onto one of the lawyer's databases.

The lawyer had set up the wireless system himself and thought it was secured by an encrypted password.

Alberta's privacy commissioner, Frank Work, ordered an investigation of what he called a "significant" breach "that sets a big precedent because everyone is going wireless these days."

Phelps read about the Canadian catastrophe in the Edmonton Journal and exclaimed: "This could just as easily have happened in Florida!"

"One of the most important lessons to be drawn from the story is the importance of dividing the wired and wireless portions of a network into different segments, with a firewall in between," Phelps said. "This should have prevented the hacker from accessing the wired network by breaking in through the wireless network."

Phelps acknowledges the benefits of "a no-wires attached-access-anywhere approach to networks. However, wireless applications have not become ubiquitous throughout the legal community for a very solid reason: risk."

To minimize risk, Phelps offers this security advice to any law firm considering the installation of a wireless environment (Get ready to get a little technical):

"At a minimum, WPA2 encryption should be utilized. WPA2 is second-generation encryption technology, and as of March 13, 2006, all equipment using the WiFitrademark must...