Managing Social Media – Part III
How to Manage Social Media
The past few years have seen a huge growth in the use of social media, both by individuals and within businesses, and alongside that growth has come the increase in the problems which individuals and businesses face in how to manage social media within the workplace. For those in the legal profession, issues such as confidentiality, regulatory problems, HR and recruitment issues, cyber bullying and discrimination, contempt of court, evidential issues, productivity problems and reputational difficulties are just the tip of the iceberg and firms everywhere are having to face the consequences of this expansion.
In this the third article in the series we look at some basic steps that a firm can take to help make the position less harmful including putting in place sanctions for those who breach provisions and for dealing with the fallout that results from the improper use of social networking. We also look at steps that firms can take to help to avoid identity theft.
Putting in place a social media policy
There is no easy way to regulate how social media is used by those within your firm or even to be sure of preventing the use of social media from having an adverse impact upon your firm. There are, however, some basic steps that a firm can take to help make the position less harmful, to put in place sanctions for those who breach those provisions and for dealing with the fallout that results from the improper use of social networking.
Social media policy – the starting point for most firms is to have a social media policy and to ensure that staff are trained as to what is and is not acceptable social media use.
There are a number of good reasons why a firm would choose to have a social media policy. These include:
- Regulatory reasons – it can show the SRA that the firm has taken sensible risk management precautions in the event that there should be breaches of confidence, a lack of integrity, discrimination breaches or other contraventions of the SRA;
- It can help protect the firm from other liability for the actions of its partners and staff – for example defamation or breach of copyright;
- It helps partners and staff to understand where the line lies between their private and professional lives;
- It helps staff to understand what is and is not acceptable social media use;
- It helps managers to manage performance more effectively;
- It can help partners and staff to understand what they can and cannot say about clients and the firm;
- It can help prevent bullying and discrimination; and
- It can provide the firm with an acknowledged right to monitor staff activity;
Ideally a social media policy should set out the purpose for which it was created, and should in addition cover matters such as:
- Guidance as to acceptable online behaviour;
- Reasonable use policies including what constitutes reasonable use, when it may be used for private purposes and what is acceptable work use;
- Guidance on issues such as defamation, confidentiality, integrity and conflict;
- Network security – that is to say provisions designed to prevent staff from compromising the firms network by the importation of viruses on to the system;
- Data protection and monitoring;
- Privacy; and
- Disciplinary processes in the event of breach.
Avoiding Identity Theft
To finish, it is worth just touching on the importance of ensuring that the firm does not become the victim of a social media related crime.
The most common form of crime committed using social media is that of identity theft and firms must, if they are to satisfy outcomes-focused requirements as to the management of risk, ensure that they have in place policies and procedures which help minimise the chances of their being subject to identity theft.
An integral feature of most social networking is that it requires that you disclose something about yourself – whether it be your name, where you went to college, your interests, your photo, where you were last week, what you do as a job or what your hopes and aspirations are. Once out there, that information is available for anyone to use and the more you use a resource the more a person can glean information about you.
Identity theft happens when someone uses information about you for their gain – and potentially to your detriment.
Because social networking requires that you disclose information then there will always be a chance that you will become subject to identity theft. However, as we will see shortly, even not being involved in social networking can pose a threat.
There are a number of ways in which you can place yourself more at risk including:
- accepting an invitations to connect from someone you don’t know or don’t know well;
- not making the most of the privacy settings offered by the network;
- letting others have your account details or password;
- using the same password for all of your online activities;
- using a very obvious password that someone could guess or deduce from your personal information – e.g. wife’s name, dog’s name, birthday, football team, etc;
- downloading free applications for use on your profile;
- taking part in quizzes requiring personal information about you;
- following links to other web sites;
- being subject to scams and phishing activity where you are asked to provide personal details; and
- allowing computer security to become out of date.
Subject to the point below, the best way to avoid identity theft is not to post anything. If you must, however, then there are some steps that you can take, including:
- posting as little personal information as possible;
- use strong passwords – preferably using mixtures of upper and lower case, numbers and symbols (where possible) and avoiding words and numbers with a personal connection;
- if the site allows a higher level of privacy think seriously about using it;
- wherever possible, post only to friends and known contacts and not to the public in general;
- be cautious about what you post and never post ID numbers, bank account details or when you will not be at home;
- make sure that the site in question is not planning to use your data to sell to others;
- make sure you are on the genuine social networking site before you use it – sometimes criminals create look-alike pages which they send to you by email and from where they can harvest your user name and password;
- don’t download anything you are not sure about – it might be a virus or malicious software.
Finally a word of warning that is of particular relevance to lawyers whose details appear on their own web site. Even if you do not have a social networking account, it may be possible for others to steal information about you or to tarnish your reputation. This occurs by the perpetrator setting up a false account in your name using your picture and other information about you from the firm’s web site. They then contact known or likely associates and create the appearance of a genuine presence – for example using LinkedIn. Having done that, they are then able to pretend to be you –either to gain information about third parties or to damage your reputation. It is worthwhile, therefore, carrying out a periodic check to make sure that your identity has not be stolen in this way.
Social Media is an inescapable factor of modern business and firms that ignore the benefits that it brings run the risk of depriving themselves of access to potential clients, access to opportunities and access to intelligence.
It is not, however, a resource that is without risk and firms who chose to use it to the benefit of their business should do so with their eyes open and alert to those risks.
However, and it is an important “however”, simply ignoring social media will not make it go away. It will not prevent the firm from being drawn into interacting with it nor will it ensure that the firm is not adversely affected by its influence. Staff may misuse social media whether or not your firm is involved with it. Competitors or dissatisfied clients may make adverse comments using social media, whether or not your firm believes that this is something which happens. Your identity may be misused whether or not you have a profile on LinkedIn, Facebook, Defero Law or anywhere else.
The social media genie is out of the bottle and firms everywhere must act accordingly – whether they feel that social media is relevant to them or not.