Safety in networking
While the various social media can bring benefits and opportunities, they need to be used carefully to comply with professional standards and safeguard against the maliciously inclined
Social media are undoubtedly increasingly popular, particularly in a business context. If harnessed effectively, they can present real opportunities for law firms by enhancing the ability to communicate products and services, to engage with clients and other professionals, and to access legal information and resources.
Social networking allows users to communicate with each other by creating profiles, “posting” comments and opinions, connecting or forming “links” with others on the site, joining different “networks” and adding “friends”. It can also be used to debate or share opinions and experiences by posting or commenting in public spaces. Unlike other more traditional forms of communication, social media enable professionals all over the world to interact more easily with each other. In early 2013, LinkedIn announced that it had passed its 10 millionth user. Social Media Today also reports that in 2014, LinkedIn page views are averaging about 60 million a month. A recent Law Society survey showed that 45% of in-house solicitors in the private sector, though only 14% in the public sector, regularly used LinkedIn.
There are significant benefits of engaging in social media, for example, raising the firm’s profile, engagement with clients and marketing/advertising.
The benefits of social media inevitably do not come without risks. The growth in use by clients may result in a corresponding expectation that solicitors should also embrace social media as an inherent aspect of professional practice. Some clients may even prefer to communicate via social media, for instance through internal messages within LinkedIn.
Solicitors may also be accessing social media sites for both personal and professional use via a handheld/mobile device issued to them at work, and this could lead to a potential blurring of the boundaries between personal and professional use. It may also be difficult at times to distinguish casual or informal interactions from more formal communications. You must give proper consideration to the fact that the same professional ethical obligations apply to your conduct both in online and offline environments.
Be aware of the following:
- Defamation – the risk of defamation needs to be acknowledged and addressed in firms’ social media policy.
- Confidentiality – you must consider confidentiality issues at every step and always ensure you log out of social media sites.
- Control over information – the speed at which information can be circulated, and the proliferation of that information, is something over which firms will have little control. Information published on social media sites is not always easily removable, particularly when it emanates from a third party. You should remember that information on social media sites has been produced as evidence in legal proceedings.
- Disciplinary action – whether or not there is a firm-wide social media policy, it is at least advisable that employees know the standards of behaviour that are expected of them. If a policy is put in place, it should address the various types of activity that will be considered inappropriate and also the disciplinary action that will be taken for any breaches of the policy.
- Privacy settings – if you are intending to use any social networking site, you should review that site’s privacy settings to enable you to control, and put restrictions on, who is able to access your information. However, you should be aware that by adopting privacy settings this does not necessarily mean that the information you post on social media sites will be protected.
Frauds and scams
Unfortunately, it has not gone unnoticed by cybercriminals that we live in an interconnected world where information is readily shared and easily accessible. Social media provide access to data, which can provide an opportunity to tailor spear-phishing emails to target your firm/individual colleagues.
Spear-phishing emails can be constructed to look like they have originated from a trusted source. They can be addressed to employees personally and can be closely related to the business. Spam messages are also a source of what is called “social engineering”.
The phrase “social engineering” is broadly defined as an attempt to gain access to information, primarily through manipulation and misrepresentation.
The information given out to social engineers may be considered, at first glance, inconsequential. But fraudsters use even the most banal piece of information as a building block to obtain more information. Even the mention of a client’s name is a valuable nugget of data for a social engineer. So what can be done to mitigate these risks?
Risk management points:
- Be aware of what spear-phishing emails look like (for an illustration, see Journal online, April 2014: www.journalonline.co.uk/Magazine/59-4/1013833.aspx).
- Know how to spot visual clues as to whether an email is legitimate, for example, by hovering over links to spot fake URLs.
- Do not reveal passwords or other sensitive information to any individual directly, through email or by phone.
- Do not respond to any message/email received from a social networking site that asks for confidential information.
- Do not even provide what might seem to be banal information.
- Do not click on any links in unsolicited email communications.
- Report any suspected scam to the relevant colleague in the firm.
- Comply with your firm’s social media policy.
Nada Jardaneh and Marsh
Nada Jardaneh is a former solicitor in private practice, who works in the Finpro (Financial and Professional Risks) National Practice at Marsh, a global leader in insurance broking and risk management.
The information contained in this article provides only a general overview of subjects covered, is not intended to be taken as advice regarding any individual situation and should not be relied upon as such. Insureds should consult their insurance and legal advisers regarding specific coverage issues.
Marsh Ltd is authorised and regulated by the Financial Conduct Authority.