The Insider: What in-house counsel need to know about social media pitfalls

Sterling Miller

Unless you've been living under a rock (and that may not be such a bad idea these days), you know that "social media" is everywhere. The new president of the U.S. has certainly underscored this fact through his daily use of Twitter. It seems like almost everyone has a personal Twitter, Snapchat, or Facebook account. In addition, most professionals have a LinkedIn account. They might also have an Instagram account and a blog or two as well. I personally am guilty as charged on all of these counts. Likewise, most companies have multiple social media accounts and they are used by marketing, corporate communications/public relations, HR, investor relations, and for crisis communications. Lastly, many companies are now using collaboration tools like "Slack" and "Huddle" to connect their employees (and their employees with their customers). These tools are, in many ways, simply private social media sites.

While there are many positives to social media, there are also a lot of negatives. Or at least the potential for negatives. As in-house counsel you need to be aware of the problem areas, especially as to your own use of social media. This edition of The Insider will discuss some of the basic things you need to think about when using social media or advising your business colleagues about the same. The answer isn't to stop using social media, but to always be thinking about what you post. You need to amplify your self-awareness skills whenever you go online. And always keep in mind that while your social media account may be "personal" it reflects on you and will (good or bad) impact your relationship with the company. Here are some things to think about:

1. Nothing is ever gone once you post it (don't embarrass yourself or the company). I used to tell my business colleagues that there will only be two things that survive a nuclear holocaust: cockroaches and all those bad emails you thought were deleted. Now that I think about it, you can add a new survivor to the post-apocalyptic world – everything you ever posted on social media. Below I set out several reasons why you need to be careful about what you write, but the first thing to remember before you hit "enter" is that what you are about to post is going to be there – for just about anyone in the world to read – today and ten years from now when you're applying for that next awesome job or board of directors seat. What pictures you post and what missives and rants you write today will define you for the rest of your career. Just think hard about whether what you are about to post is really how you want to be thought of for the next couple of decades. Rule number one therefore is, don't embarrass yourself or the company with what you post.
2. Consider making your social media pages private/invitation only. I am surprised that many people allow all of their social media pages (e.g., Facebook) to be viewed in full by anyone. This can be a mistake. The easiest way to protect yourself is to keep most of your social media pages "private" and/or carefully monitor who wants access to them (or to "connect" with you) and only accept invitations from people you know or people you want to know. While it's not 100% foolproof and there may be times you regret your "friends," it is the far better option to just letting anyone see and read what you post. Regardless, whether you make your pages private or not (e.g., Twitter), keep Rule 1 above in mind at all times. On the flip side, never try to "friend" someone under false pretenses, especially if you're trying to get information about a party to a lawsuit, a witness, a juror, a judge, etc. Doing so will likely violate the Rules of Professional Responsibility. Worse, if it comes to light and becomes a PR problem for your company, guess who probably gets shown the door. Yep, you.
3. Understand your company's policies on social media. Most companies have written policies dealing with employees and social media. Make sure you read yours and that you follow it. Trust me here – while many employees might get cut some slack if they mess it up, don't expect the powers-that-be to treat someone in the legal department the same way. The immediate expectation is that lawyers "know better" and any slip by you will likely be magnified and treated harshly under the policy. On the other hand, the legal department should be heavily involved in preparing the social media and related policies, working with HR and corporate communications. This is a great task to volunteer to work on or to delegate to a younger lawyer. This article discusses some excellent social media policies. Don't forget to add training to go along with your policies. That is the best way to protect the company.
4. Be careful with "endorsements" on LinkedIn. Here's a well-hidden trap in the social media world: When you endorse someone as an "expert" on LinkedIn, you may come to regret it. Imagine your company is in trial and your lawyers are beating up the other side's expert witness on damages. It looks like a blood bath, and you're feeling good about how it's going. Then on redirect the other side's lawyers bring up the fact that you endorsed that same witness as an expert in "Finance" on LinkedIn. Think the fact that one of the in-house lawyers for the company has endorsed the witness as an expert won't have an impact on the jury? Think again. At best you get to go on the stand and explain why your endorsement didn't really mean anything. At worse, you've just given your seal of approval to the witness trying to break the bank against your company. Either way, it's going to be a long day back in office afterwards. If you really know someone and believe an endorsement is worthwhile, then by all means give your endorsement. But, if you don't really know the other person, be careful. Your imprimatur may be a shovel to dig your own hole with.
5. Don't comment on legal matters involving the company (and don't "torch" the judiciary). While we're on the topic of litigation, don't ever use social media to comment on active legal matters involving the company (sorry, but Mr. Trump is not a good example to follow). It really is this black and white. An in-house lawyer freelancing with their thoughts and opinions about ongoing litigation involving your company can only turn out poorly. You can be sure the other side is monitoring your social media posts (unless they are utterly incompetent) and will be looking for any opportunity to use what you write against the company and in their favor. What you write may also come to the attention of a judge, juror, or regulator. What you think to be a minor thing or a "funny" remark might be viewed differently by someone else. If that someone can impact how the case is decided or influence others, then the damage can be irreparable. Also, think hard before commenting on litigation that has ended. If you feel compelled to do so, get a second opinion from someone you trust before posting. Lastly, while you may have drawn the worst, most biased judge in history (which has happened to me), never say negative things about the judiciary or your particular judge on social media. It may violate the Rules of Professional Responsibility, but worse is the fact that the judge might read it and if you think she was not happy with your side before just wait to see what happens next.
6. Don’t give out confidential information via social media or destroy a privilege. Another reason to be careful with what you post on social media is the risk of giving away confidential information or somehow waiving the attorney-client privilege. The same rules apply on social media as to any other form of communication (and the same ethical rules apply to using social media too). For example, I was involved in a case where we monitored the very public social media posts of the attorneys on the other side. We knew in advance that we would win the last point in the settlement negotiations because those lawyers were already posting that they were “heading home” tomorrow as the case had settled. That was a great piece of information to have in hand as we repeatedly said “no” to their client’s final settlement point. You can also unintentionally reveal confidential information by using geo-location tools on social media. Maybe my mind works differently, but when I see people post their “location” on social media, I always think first “I wonder why they are there?” For example, if you note that you have checked into a hotel in the home city of your company’s largest competitor you may be adding to information about a possible merger. It’s the same as if I overheard you saying that same thing in a crowded elevator or restaurant. Information is so valuable, even scraps that can be tied back into a bigger pool of data. You must constantly stay vigilant to ensure that you are not the source of leaks or worse. And don’t get too comfortable using your company’s collaboration tools like “Slack.” Always be mindful of what you are posting there and whether everyone using that tool can see what you are writing or if you need to limit viewership (or not post it at all).
7. Don't go on a rant about a customer. We all have had bad experiences with companies these days. It might be a rough time on Airline A or a defective product sold by Company B. Social media makes it easier than ever to make your feelings known to a wide audience, including Airline A or Company B. And while it may feel really good to blast them for your poor experience, stop and consider whether or not the company you're about to stomp on Facebook or Twitter is a customer of your company. If so, are you sure you want to be so public with your complaint, or so strident and caustic? What if that company is a very important client of your company and they figure out that someone in the legal department just ripped them up and down the street in a very public way (or a way they think is very unfair and uncalled for)? Guess who's getting a call from the C-Suite. Yes, that will be you. And if what you write is profane or completely over the top (because you wrote it at the peak of your anger and frustration) you may find yourself polishing up your resume. Think before you write and never write anything (emails or social media) when you are mad. You will regret it.
8. "Politics, religion, and bears, oh my." I wish I could tell you that you should feel free to always loudly and passionately express all of your thoughts about politics and religion on social media without consequence. I can't. First, I am going to assume you live in a country where the government is not monitoring and censoring such discussions. Second, I am going to assume you have ambitions to move up in the world, perhaps within the company or in a new position, or take on the role of a director on a company's board. If my second assumption is true, then it is risky to tackle hardcore religious or political issues on social media. Why? Because these are two topics that drive a lot of emotion and people may or may not like what you write. And some of those people who don't like what you write may be in a position to influence your next promotion, your next job, or your next career move. You can rest assured that social media postings are vetted when you are applying for a new position or career move. The more important the position, the harder and deeper the vetting. Keep in mind rule number one: don't embarrass yourself or the company with what you write. Read this helpful article about discussing politics on social media. I am not saying you should have no opinion about politics or religion. Just be thoughtful about what you write on social media. You can, of course, feel free to say whatever you want, but keep in mind that may come back to bite you.
9. Watch out for "Fake News." It used to be that you could easily spot "fake news." Websites like The Onion made it easy to tell if something was "fake" (and funny). Over the past 12 months or so this has all changed. And not for the better. Fake news has become an industry. It's possible that the U.S. presidential election was influenced by fake news. Fake news is literally just that – completely false stories designed to get you to "click" on it so the writer/website can get Google advertising dollars. The most dangerous fake news story in the past few months was the story about a pizza restaurant in Washington D.C. that was alleged to be the front for a child sex trafficking ring run by Hillary Clinton. One person took it so seriously they drove hundreds of miles to threaten the owners with an assault rifle while they "checked out" the situation. Fortunately, what could have been a terrible tragedy was avoided. My point is to always be skeptical of what you read online and be sure to double check for accuracy before you make a career move based on passing along such a story as "true" to the C-Suite or the General Counsel, or taking action based on such a story. You can find yourself highly embarrassed and you might even do serious harm to someone or your company.
10. Don't get "phished." While we are on the subject of not getting duped online, there is one other serious problem you need to be sure to avoid – getting caught in a "phishing" scam. A phishing scam is when someone pretends to be someone else (a person, a company) on social media or via the Internet to trick you into giving them your personal information, banking information, or worse. Years ago, you would simply get an email from someone claiming to be the son of the King of Nigeria and if you could help them transfer millions of dollars you would get a slice of the pie. Crude, yet somehow effective. The scams have become much more elaborate. The most common is an email from your bank claiming you need to change your password or update your account details – and you can do so by clicking on the link in the email. That link contains some type of malware that either infects your computer or gives the bad guys access to your data and passwords. Even more serious are emails that appear like they are coming from the CEO or CFO demanding that someone at the company take an action, such as immediately transferring millions of dollars of the company's money electronically to pay an account or close a deal. The email appears to check out, and so the lower-level employee "does what they are told" to do and the company loses a ton of money. These newer scams work because the emails look legitimate and usually contain details that appear to verify the sending party's identity, such as the CEO is on a trip and that is why they are emailing. Those details are likely found by trolling the executive's social media accounts and watching for postings about travel. Additionally, companies are not spending the time to develop check-and-balance policies or train employees on how to spot "phishing" emails. Proper training is cost effective and, as in-house lawyers, you should be leading the charge to ensure the training is available and mandatory.
    
    There are a number of things to watch out for whenever you get an email from someone you don't know, or someone you know but he or she is asking you to take an action that involves personal information or the transfer of money. Here are several things that should tip you off to a problematic email:
    • The email is "unspecific," i.e., it says something like "Dear Customer" or "Dear [Email Address]"
    • Bad grammar and/or obvious misspellings (or foreign spellings of common words)
    • Odd references to foreign laws or statutes
    • The message is alarmist in nature – something needs to be done immediately!
    • It contains a request for personal information or account information
    • It requests that you take action and that you download something (with an .exe extension) or that you click on a link inside the email
    • The message requests you send/transfer money
    • The email address looks correct but when you examine it closely you see it is the business name with a Gmail account extension (unlikely), or when you hold the cursor over it the real email address is revealed, or you see that the "I" is really a number "1" or the "O" is a zero "0" – subtle differences that only show up when you look closely
    Here are two samples of spoof emails I have received containing some of the above and here is a link to a page with more examples:

If it wasn't so serious, you could laugh at these hilariously inept phishing emails from "Carol" and "Andy" (whose real email addresses were revealed when I hovered my cursor over the fake company email addresses they created). Yet, somehow, emails like these fool thousands every day.

While social media can be a lot of fun and a very useful tool, it comes with risk for the unwary. In your role as in-house counsel, you have a heightened duty to use extra care when posting anything that can be publicly consumed (and a duty to help ensure your business colleagues are properly trained as well). As in-house counsel, note that you may also be a target for outsiders trying to gain access to company secrets (e.g., M&A plans) or other valuable information. Don't tank your career over a foolish social media post or sloppy security. Just like the famous "Miranda" warning police give to those they arrest in the States: "You have the right to remain silent. Anything you write on social media can and will be used against you and the company." Keep that in mind before you hit enter.

About the author

Sterling Miller spent over twenty years as in-house counsel, including being general counsel for Sabre Corporation and Travelocity.com. He currently serves as Senior Counsel for Hilgers Graben PLLC focusing on litigation, data privacy, compliance, and consulting with in-house Legal Departments. You can follow his blog "Ten Things You Need to Know as In-House Counsel" at www.TenThings.net and follow him on Twitter @10ThingsLegal. His first book, The Evolution of Professional Football, was published in December 2015 and is available on Amazon and at www.SterlingMillerBooks.com.

Follow us on Twitter