Managing Online Risk: Apps, Mobile, and Social Media Security
Deborah Gonzalez, Esq. is an attorney and the founder of Law2sm, LLC, a legal consulting firm focusing on helping its clients navigate the legal and security issues relating to the new digital and social media world. Deborah has been a frequent contributor to Legal Ink Magazine. Deborah is scheduled to launch her first published book later this year called Managing Online Risk: Apps, Mobile, and Social Media Security.
Managing Online Risk: Apps, Mobile, and Social Media Security is a definitive resource that provides an overview of the risk mitigation strategies, solutions, and best practices to address risk, liability, and security concerns arising from corporate online and digital activity.
This book presents readers with tools and resources to better understand the security and reputational risks of online and digital activity, as well as tools and resources to mitigate those risks and minimize potential loss for their companies. These tools and resources include case studies; industry and expert profiles; lessons learned; overview of relevant laws, regulations, and professional guidelines by industry; sample policies, disclaimers and online community guidelines; and more. We invited Deborah to discuss current social media issues that directly impacts attorneys.
LIM: What do you see as the biggest challenges for attorneys using social media?
Deborah: Since launching Law2sm I’ve seen three big challenges for attorneys. Attorneys need to better understand how social media is used by their clients so as to be able to advise them accordingly. Every client is different in regards to their approach and interaction with social media. Attorneys need to dedicate more time and resources to learning how to make effective use of social media tools for their particular legal practice. Social Media is such a great tool to network and get new clients; however if used improperly, attorneys can get into ethical dilemmas.
Finally, attorneys need to keep up to date with the continuously evolving landscape of social media platforms and technology as well as the changing application of current laws to this landscape as well as new laws being legislated to address new issues. Social media platforms are just in their initial phase. As new technologies come into play, some social media companies with succeed while others will fall out of favor.
LIM: What are some best practices relating to personal online identity and firm branding?
Deborah: Its all in the details. Attorneys many times do not update their social media pictures frequently enough. They use family photos instead of a professional “head shots”. Attorneys need to include their Social Media handles on all company marketing materials, including their old-fashioned business cards.
If you have a blog have social sharing tools on the blog page to make it easy for your readers to share your content. Another tip if you are using WordPress you can pre-populate the description box so that when someone shares your content the right link and credit is already put in for them. Use a social media dashboard (like Hootsuite or Tweetdeck) to make it easier to share content you find online that is relevant to your clients.
Social media is in constant flux. Attorneys need to continue to learn about social media and the legal practice. Research online and start following respected attorneys who focus on this area in Twitter or LinkedIn to stay informed.
Lastly,attorneys need to setup Google alerts (or use TalkWalker, Social Mention or others) for your name, your firm’s name, your clients, and other important key terms so that you can hear conversations about you that you may not be involved in. Reputation management is now a critical part of every attorney’s practice. You need to know what is being said, who said it, and respond accordingly.
LIM: What are the most frequent mistakes attorneys make?
Deborah: Attorneys sometimes overstretch themselves on social media. Do not try to be on every social media platform that exists or comes out. Give yourself time to really learn how to effectively use one platform before moving on to others. Abandoned or semi-finished accounts look unprofessional.
Make sure you dedicate time to engage with others on your social media accounts. Thank your followers for following and retweet appropriate tweets and/or posts. Comment on others blogs where appropriate so that it is not just all about you and your practice.
Do not assume you know what the ABA Model Ethical Rules and your own bar association rules are in terms of social media and attorney advertising. Make sure to learn what they are and adhere to them. What you cannot do offline you cannot do online.
Do not assume that just because you are not actively on social media that you are free from liability. You cannot stop others from talking about you and your firm – for example, via the Yelp review site – so it is important to know what is being said.
Do not say more than you really know. Admit if you do not know something about a particular social media platform and learn if it is important to your client, your case or your legal career. This may sound like commons sense, but sometimes hubris gets in the way.
LIM: As more attorneys migrate to cloud based management software, what are some key strategies to minimize risk of a data breach?
Deborah: Here is a list of questions that are included in my book regarding using cloud computing and storage providers:
Cloud Service Level Agreement (SLA) – see here for slas best practices – Points for Consideration:
- Does the agreement allow for an annual security audit and certification by a third party?
- Does the agreement grant an option to terminate the agreement in the event of a security breach if the provider fails on any material measure?
- Does the provider use any assessment tools with control objectives and can you as a client view the results?
- If the provider does not use any assessment tools can it be required to respond to findings from a third-party assessment tool, such as the Cloud Security Alliance (CSA) Cloud Controls Matrix?
- Are regular vulnerability tests run on the platform?
- What kind of security measures does the provider have in place?
- What kinds of authentication methods are in place for access to the stored data?
- What does the provider state is its responsibility in terms of recovery of lost data?
- What are the recovery time terms, recovery point objectives, and data integrity measures the provider has committed to? Are there any penalties if these are not met?
- If the penalties are based on fee liabilities, how many months are covered – 12, 24, 36?
- Does the provider carry cyber liability insurance? Does that insurance cover clients losses as well?
- Does the service being provided adhere to any regulations the company must be compliant with?
- What is the incident notification time frame from the provider to the client?
- Where are the servers located vs where is the cloud provider offices located and registered for jurisdictional purposes, should the need arise for litigation?
- Does the agreement outline rules for requesting and granting preservation of evidence and litigation holds of data and/or other cloud forensic legal issues?
If you are not using an outside cloud provider here are three simple tips:
- Make sure you are using encryption technology on your firm network, laptops, tablets AND smartphones.
- Do not connect to free public Wi-Fi networks (like at coffee shops). Use a secured hub.
- Remind everyone in the law office NOT to post information regarding clients and work being done for them without the clients’ permission and never when you are under a gag order.
Managing Online Risk: Apps, Mobile, and Social Media Security is available October 1st and can be purchased on Amazon and the Elsevier online bookstore .