Category Archives: Technology Committee

Social Media Benefits, Risks, and Best Practices

Social media has been around for more than two decades. Of the major social media sites in use today, LinkedIn launched in 2003, Facebook in 2004, Twitter in 2006, and Instagram in 2010. 

Social media is relevant to law practice. More than 4,800 South Carolina lawyers—more than one in three members of the state bar—are using LinkedIn.1 Justice John Few of the SC Supreme Court is active on Twitter (@Justice_Few), and the Risk Management Director of the SC Bar, Nichole Davis, is active on Instagram (@theanxiousattorney). 

When Comment 8 to Rule 1.1 of the ABA Model Rules of Professional Conduct states that “a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology,” it follows that basic social media awareness is part of that responsibility.  

Know the Benefits 

Current Conversations 

One benefit of social media is the opportunity to observe or participate in conversations in the legal field. One can start by following institutional social media accounts such as those of the SC Bar (@SCBAR), practice area groups, law schools, or legal news publishers. No social media account is required to Google search hashtags like #lawtwitter, #legaltech, or #palmettoprobono which provide rapidly updated, crowdsourced information on topics of interest.  

Community Connections 

Feeling like part of a community, especially in a field where many feel isolated, is another benefit of social media presence. This goal may take time and participation to realize. To start small, create a profile, add a professional photo, and begin “liking” others’ posts. “Likes” on social media cause the brain to release the chemical dopamine,2 which is also released when you see smiling faces or receive peer recognition.3 Some lawyers find it easier to network in person with other lawyers at lunch or after work. But for lawyers in remote areas or who have schedule conflicts, social media may provide a helpful stopgap allowing them to maintain connections until they are able to meet again in person. 

Know the Risks 

Your Clients’ Privacy 

There is significant privacy risk in using social media. Free social media sites make money by exploiting user data in ways users often don’t expect. Rule 1.6, amended by the SC Supreme Court in June 2019, provides this takeaway: lawyers must post nothing on social media about any client representation, unless the client gave informed consent.4 

Others’ Privacy 

Different ethical risks arise when searching social media for information about others. “Just looking” at publicly available information can accidentally turn into communicating with a represented person5 when LinkedIn tells a user who has viewed their profile. It may be tempting to send a friend request to gain access to someone’s friends-only posts. But Rule 4.2 prohibits communicating with an opposing party who is represented, Rule 8.4(c) prohibits misrepresentation such as using a false name, and Rules 5.3 and 8.4(a) prohibit getting a paralegal to do what the rules of professional responsibility forbid a lawyer to do.6 

Further Ethics Reading 

Social media can impact more rules than have been mentioned here, including rules on advertising, diligence, and lawyer-client relationships. For more detail, here are three overviews of how social media and professional responsibility interact. Each one is available for free online and is worth reading in full. 

  1. Julie C. Jackson-Bailey, student of Nathan M. Crystal (2012), Proceed with Caution: The Ethical Issues Lawyers and Judges Face When using Social Media
  1. Pennsylvania Bar Association Formal Opinion 2014-300, Ethical Obligations for Attorneys Using Social Media
  1. Jessica Weltge & Myra McKenzie-Harris, ABA Section on Labor and Employment (2017), The Minefield of Social Media and Legal Ethics: How to Provide Competent Representation and Avoid the Pitfalls of Modern Technology

Use Best Practices 

Review a help page 

Lack of familiarity with an interface can lead to rookie mistakes, so use Google to find instructions for social media tasks. Appearance, functionality, and policies of social media sites can change dramatically, with little notice, but current information will be found on the help page: 

Facebook: https://facebook.com/help  

Instagram: https://help.instagram.com  

LinkedIn: https://linkedin.com/help  

Twitter: https://help.twitter.com  

Be your best professional self 

Many lawyers find the benefits of a social media presence can outweigh the risks, given some thought and effort. Respect and civility are key to unlocking the conversational and community benefits. Staying up-to-date on social media functionality and the rules of professional responsibility will help mitigate the risks. 

By: Eve Ross, Reference Librarian
University of South Carolina School of Law Library
SC Bar Technology Committee

Phishing Update: A Whale of a Tale

Bar Bytes has previously addressed the dangers posed by “phishing” emails: messages that seek to trick recipients into revealing secrets and clicking on links or attached files that contain malware.1 The points raised then remain valid today, and this update seeks to offer additional information and strategies for combating phishing attempts. Detecting and avoiding this threat requires constant vigilance; it only takes one mistake to compromise your data. 

Know the Threat 

Phishing attempts take many forms, crafted with varying degrees of deception by scammers. While basic phishing attempts can be relatively easy to spot, targeted phishing attempts – known as “spear-phishing” – are much more troublesome. A spear-phishing email will attempt to trick you or others at your firm by masquerading as a message from a trusted sender. The message may appear to be from a co-worker, a client, or a third party such as a financial institution. Indeed, some scammers have used targeted emails to redirect wire transfers.2 The scammer may include publicly available information, such as details gleaned from an online directory, or even your own website to make the attempt look more convincing. A related tactic, known as “whaling,” is used to prey on an employee’s eagerness to please an employer and occurs when scammers impersonate the management or leadership of an organization. Instead of currying favor with a supervisor, the employee then unknowingly does the bidding of a scammer. 

If you believe that an email is a phishing attempt, delete it and do not interact with the message in any way. Once the recipient of a phishing email has taken the bait and clicked on a malicious link or infected attachment, there is no going back. The recipient of the message may be tricked into revealing confidential information or the email account may be hijacked and used for further phishing attacks. The affected computer may be stricken with “ransomware,” a type of malware that will encrypt your files and make them inaccessible unless you pay a fee to the scammers. A new risk, dubbed “cryptojacking,” allows scammers to syphon processing power from your computer for their own projects – such as mining for cryptocurrencies like BitCoin.3 The best way to avoid these outcomes is to practice a balanced approach of detection and preparation.  

Know Your Contacts 

To defend against all forms of phishing it is helpful for everyone in a firm who is using a computer to be well-versed in recognizing the hallmarks of a phishing email, including: typos, an unfamiliar domain name in the sender’s email address, and demands for an immediate response. The increasingly sophisticated nature of spear-phishing and whaling attempts has made it imperative that suspicious emails be given additional scrutiny. If a dubious email appears to be from an acquaintance or co-worker, it is much better to call that person for verification than take the chance of being hoodwinked. 

A recently reported example of a whaling scheme was directed at academia; scammers posing as deans or department heads attempted to trick faculty at multiple institutions into purchasing gift card codes for them as a favor (promising reimbursement, of course).4 Those who responded to the phishing messages often found the requests odd, unprofessional, or otherwise unlike the individual the scammers were attempting to emulate. However, for newer faculty members – or those unfamiliar with the writing style of a new administrator – these messages can be harder to detect. 

This scenario could easily play out in a law firm setting. Let’s suppose a newly hired employee receives such an email that appears to be from a supervisor, or even a partner. The email could ask the employee to perform any number of tasks: authorize a purchase, provide log-in credentials, or review an attached document that is infected with malware. Newer hires are especially at risk since they may not yet be familiar with the conversation style or writing habits of others in the firm. 

Know Your Plan 

Hope for the best, but prepare for the worst. Here are a few steps that you can take right now to shore up your defenses: 

  • Prepare a plan that details how your firm will respond to a successful cyberattack. Include procedures for isolating infected machines, responding to client inquiries, and for minimizing chaos in the wake of the attack. Consult an IT security professional for addressing additional concerns and consider your insurance options to ensure you have adequate coverage. 
  • Offer cybersecurity training for all employees, and especially new employees. 
  • Ensure that your computers and software are updated and have the latest security patches. 
  • Make routine back-ups of your files and keep at least one copy saved off-site. If your security is compromised, you may be able to restore your operations using one of these recent backups. 

Despite the best efforts at detecting phishing attempts, one may still slip past your defenses. If that happens, your preparation will be vital to preserving not only your data, but your reputation as well; how will your clients respond if your firm suffers a breach and you are caught completely off guard? 

For more information and helpful resources, please visit the University of South Carolina Law Library’s cybersecurity resource guide: https://guides.law.sc.edu/cybersecurity. 

Additional information on protecting your data also can be found on the South Carolina Bar Technology Committee’s page at http://www.scbar.org/tech. 

By: Aaron Glenn, JD, MLIS
Reference Librarian
University of South Carolina Law Library. 

Endnotes: 

  1. Courtney Kennaday & Emily Worley, Protection from Phishing, SC Lawyer, July 2016, at 10. 
  1. Mark Bassingthwaighte, How to Minimize the Risk of Becoming a Victim of Wire Fraud, South Carolina Bar (Jan. 18, 2017), https://www.scbar.org/bar-news/article/how-minimize-risk-becoming-victim-wire-fraud/. 
  1. James M. McCauley et al., Is It Ethical for Lawyers to Accept Bitcoins and Other Cryptocurrencies?, N.C. St. B.J., Fall 2018, at 36. 
  1. Lindsay Ellis, Gift-Card Phishing Scheme Targets Professors’ Zeal to Please the Dean, The Chronicle of Higher Education, February 1, 2019, at A21. 

Books Help Lawyers Learn Technology

Some of us prefer good, old-fashioned paper and ink. When adopting new (or new-to-us) technology, it may be easier to grasp if we can read up on the technology before we dive into using it. Studies show there are real benefits to reading from paper rather than a screen, including increased speed and recall.

Here are a few paper-and-ink books that can help any lawyer increase their comfort level with technology that is relevant to their law practice. SC Bar members can check out any of these books by mail from the SC Bar Lending Library, or in person from the law library at the University of South Carolina School of Law.

The 2018 Solo and Small Firm Legal Technology Guide: Critical Decisions Made Simple by Nelson, Simek, and Maschke offers current recommendations of what technology to buy and use. The authors explain what technology they believe the average lawyer needs and why; when a free or low-cost product is sufficient; and why it is advisable to upgrade specific features.

The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business Professionals, Second Edition by Rhodes and Litt focuses on information security. Authors explain how hackers are updating their means of attack, and offer ideas for protective measures that are tailored to suit lawyers in private practice, in-house, non-profit, or government settings.

Cloud Computing for Lawyers by Nicole Black defines cloud computing and lays out the risks and benefits of using cloud-based billing systems and/or practice management systems. Ethics, privacy, and security are all addressed, along with practical tips on incorporating cloud-based services into your law practice. The sample terms, policies, and agreements in the appendices appeal to the lawyer in all of us.

Electronic Discovery for Small Cases: Managing Digital Evidence and ESI by Olson and O’Connor recognizes that e-discovery is not just for large cases handled by large law firms anymore. Litigators at smaller firms or who may be dealing with smaller quantities of electronically stored information (ESI) will benefit from the authors’ guidance on budget-friendly solutions for producing, searching, and managing ESI at every stage of litigation.

Fastcase: The Definitive Guide by Brian Huddleston introduces lawyers to the free—that’s right, free—legal research platform available to SC Bar members. The author walks the reader through the basics of using Fastcase to search cases, statutes, regulations, and more. The book also includes lesser known tips and tricks. For example, if you have a document on your computer that contains case citations, you can drop that document into Fastcase Cloud Linking to turn those case citations into links that a judge, a client, or anyone else—with or without a Fastcase subscription of their own—can click on to view the cases themselves.

Find Info Like a Pro: Mining the Internet’s Public Records for Investigative Research by Levitt and Rosch puts a wealth of publicly available information at a lawyer’s fingertips. Factual research can be as important as legal research when lawyers need to discover addresses for service of process; names of potential heirs; real and personal assets; liens, judgments, and UCCs; professional licenses; and more.

LinkedIn in One Hour for Lawyers by Kennedy and Shields introduces this online professional networking tool to those who aren’t familiar with using social media for business connections and referrals. The authors use layman’s terms to explain what LinkedIn is, how it works, and how to get started. Note that there are many other titles in the “…In One Hour for Lawyers” series. The ABA Law Practice Management Section’s goal in publishing these is to help busy lawyers get up to speed on a particular platform or software, with a focus on understanding whether and how it can help their practice.

Social Media as Evidence: Cases, Practice Pointers, and Techniques by Briones and Tagvoryan guides lawyers through social media issues that come up in practice. The authors carefully demonstrate what happens when legal concepts that have always applied to documents (authentication, discovery, litigation hold, preservation, records retention policy) are now applied in the social media realm.

Check Out a Book on Legal Technology
All the books described above are available for checkout from SC Bar’s PMAP Lending Library (by mail) and the law library at USC School of Law (in person). These are only a small sampling of the current guides to technology available in print from booksellers and libraries. It’s worth asking your local community college or university library, or your local public library, whether they can loan you these and other legal technology books. Even if such books are not on the shelves, you may be able to request to borrow them for free through an interlibrary loan.

Eve Ross, Reference Librarian
Univeristy of South Carolina School of Law Library
SC Bar Technology Committee