Does your law firm have official Facebook, Twitter or other social media accounts? Have you taken steps to protect them from unauthorized access? In recent months, some large corporations, including McDonalds, HMV, and the Associated Press have had their social media accounts hijacked – in one case, by a former employee. Don’t let it happen to your law firm. Take these precautions:
Handle Passwords with Care
- Limit access to only those who need to know. The most common method of hijacking a social media account is by simply obtaining someone’s password, then logging into the system. If 10 different members of your staff know your Facebook password and have access to your firm’s account, the risk of a password leaking is fairly high, whether leaked via phishing emails or use of malware, keyloggers, or social engineering.
- Make use of single sign-on technology. Business-grade social media management systems enable users to log into social media accounts with the same username and password used for their company email. Revoking access from individual employees is as easy as removing them from your email system.
Make Use of Social Media Management Tools
- Consolidate all of your social media accounts within a single system, such as Hootsuite. Doing so allows users to publish to multiple social media platforms from one secure interface, rather than needing access to the individual accounts with the actual credentials.
- Control access to who can post messages using limited permissions. Through the use of social media management tools, firms can grant limited permissions allowing some employees to publish posts, while others can only draft messages, which must then be approved by a senior staff person prior to publication.
Monitor Activity & Update
- Assign staff to closely monitor your social media accounts. You can’t handle a crisis, such as a hacked account, if you aren’t even aware that it’s happened. As an added benefit, listening to what your employees, customers, and competitors are saying is great business intelligence.
- Change your passwords on a regular basis.
- Revise access lists as employees come and go and keep permissions updated.
Educate your Staff
- Develop clear social media guidelines for all staff, defining acceptable social media activity. Distribute a copy of these guidelines to new employees as part of your regular on-boarding process.
- Provide training on ethics, compliance and security issues. Everyone in your firm needs to be competent in social media.
Implement Individual Platform Security Measures
- Limit permissions – Page admins can have 5 different roles, each with different abilities. Allow staff access to your firm page, by adding them as an admin and limiting their permissions, rather than by sharing your own log in info.
- Use Secure Browsing – Select “Browse Facebook on a secure connection (https) when possible” in order to protect your account while using unsecure Wi-Fi.
- Opt-in for Login Notifications – Opt in to be notified by text and/or email whenever your account is accessed through a computer or mobile device you’ve never used before.
- Use Login Approvals Feature – Select “Require a security code to access my account from unknown browsers” so that, when logging in from an unknown device for the first time, a security code will be sent to your phone. Access to your account requires both your account password and your phone, immediately doubling the strength of your security.
- Monitor Active Sessions – This feature allows you to view when and from where your account has been accessed and gives you the ability to end any session remotely.
- Enable Login Verification Feature – After you enable this feature, you will need both your password and your phone to log in to your account. When you log in to twitter.com you will receive a text message with a login code which must be entered before access will be granted.
- Be cautious of direct messages – Many phishing attacks from Twitter are sent via direct messages. If the message seems odd, don’t open it and avoid clicking links within.
- Always Use HTTPS – Open your Settings and check the box next to “Always use HTTPS.” This will encrypt your messages and make your account more secure when using a public wireless network.
- Enroll in 2-step verification – This 2-step verification adds an extra layer of security to your account by requiring you to sign in with both your password and a verification code sent to your phone.
- Ensure your account recovery options are up-to-date – Regularly update your account recovery options to ensure that they are always up-to-date.
By investing a little time and implementing some simple security measures, you can ensure your firm’s social media accounts are safe from exploitation. Has your firm instituted any social media security policies? Let us know about your experience.
SEO and Social Media Manager
American Academy of Estate Planning Attorneys, Inc.
9444 Balboa Avenue, Suite 300
San Diego, California 92123
Phone: (800) 846-1555