Legal Field IT Specialists CEO, Robert Finley, responding to a question about fun social media questionnaires:

Our firm’s users love filling out the online questionnaires that pop-up on social media sites, but we are concerned.  Are there any security implications to this for our law firm?

Short answer, Yes.  Having the best network security and monitoring in place won't protect a business from what today is usually the weakest link - the human factor. Social engineering utilizes people's natural inclination to trust by manipulating them to give up confidential information. This is commonly done in conjunction with email phishing which together has a higher success rate.

Let's say a hacker wants to compromise a company or individual. Through basic searches on the Internet, they can find public information on someone via their own social media profiles, such as LinkedIn, Twitter, and Facebook.

And if you are not savvy, a lot of times people will unknowingly put sensitive information online without even thinking about it. This is information that hackers can use against you to break into your own accounts or to send phishing emails to you or your contacts. These messages can easily include details that seem to "authenticate" the email, which gets users to open the emails and click on links or provide information.

A lot of the social media platforms have pop up quizzes and surveys that people take for fun and share with friends. These are questionnaires that are really common, and they ask users to answer fun questions such as, do they remember the street they lived on when they learned to ride a bike, or if they recall where they first saw their husband or wife. These usually appear harmless, so people answer these questions without even thinking.

Well, if you notice, these are the kind of security questions that are commonly used by banks to confirm your identity if you apply for a credit card. Questions such as, "What is the name of the street you grew up on? Where did you meet your spouse?" All those types of things are pieces of information that these hackers can piece together with other data to reset your online passwords or establish accounts under your identity such as a credit card.

So, the hacking does not have to be through your actual computer. They can develop a composite profile of you, through social engineering and complete everything without touching your network.  Due to these security concerns it is best to not participate in these online questionnaires.  Otherwise you could be unknowingly providing hackers and scammers with additional data they can use to steal your identity.

If you feel that your staff & firm would benefit from some additional security training call us today. Legal Field IT Specialists provides tailored IT support services to law firms to protect your firm from the dangers of online threats as well as working with you to ensure that your staff is highly productive & efficient which, in turn, increases your firm's profitability as a whole.

Phone: (678) 926-9192