It’s 2025, and gone are the days when you could just add a ‘1’ and a ‘!’ at the end of your passwords to keep your accounts secure (you know who you are!). Hackers and scammers are using more sophisticated tools and methods than ever to access online accounts, including social media accounts.
In October 2024, Action Fraud (the national fraud and cybercrime reporting service), reported that more than 33,600 people had reported that their social media or email accounts had been hacked from August 2023, with victims losing a total of £1.4 million.
Yet worryingly, the top three passwords used in the UK in 2024 were ‘password’, ‘qwerty123’ and ‘qwerty1’, according to research by NordPass.
Why social media security matters for law firms
Like any other business, law firms handle lots of sensitive data from both clients and staff, and any threat to that data should be taken extremely seriously. Your social media accounts are not an exception to that rule.
Not only that, but if a hacker were to get into your social media account and take over your business pages, they could misuse your account by sharing reputationally damaging posts or spreading misinformation. They could also get into your paid ad accounts and start using your account (and credit card) to share more of their content, fraudulently impersonating your firm.
I can tell you from experience that social media customer services are notoriously hard to get help from. Fixing issues such as hacked accounts where you must verify yourself to get ad accounts and pages back is stressful and time-consuming.
Can you really afford to suffer the consequences of poor social media security?
Six tips to keep your law firm’s social media accounts safe in 2025
Make social media security one of your New Year’s resolutions, and follow our top tips below to ensure your social media accounts are secure and stay secure in the future.
1. Use 2FA (two-factor authentication)
Two-factor authentication, or 2FA, is a system that is set up to protect any digital asset from hackers by requiring two forms of identification to gain access. It can reduce the risk of unauthorised access to your accounts even if the password is compromised. It also acts as a deterrent against common hacking methods like credential stuffing.
The most common methods of 2FA are SMS verifications through a trusted number, push notifications sent to your phone, voice-based authentication using an automated call, authenticator apps which generates unique passcodes, or sending a verification email to a trusted email address.
With 2FA, it’s important to be aware that if you have set up SMS verifications and your phone gets stolen, or if you send an email verification and your email account does not have an extra layer of security like 2FA, then there are ways hackers can still access your social media accounts. This is why it makes sense to add 2FA to every digital account you have, to create that extra layer of security.
In your social media accounts, 2FA set up can usually be found in your settings and in the privacy/security section.
2. Manage who has access to your social media accounts
Every single person who has access to your social media accounts, is another hole in your security system. If they don’t have a protected device or they don’t have 2FA set up, this creates more chances for your accounts to be hacked. This is why it’s important to limit who has access to your accounts.
It is recommended to keep a list (preferably in your social media policy document) of people who have access to your social media accounts. This needs to detail which accounts they have access to and what level of access they have. It is important that this document is reviewed every six months at the least, to ensure that the list is up to date.
If someone who has access leaves the firm, it is essential that you remove them from all social media accounts and the list of admins before they finish. Similarly, if someone new gains access to your accounts, the list should be updated accordingly.
It makes good sense to have more than one person who has full access to everything on your accounts, as this means if one of those people’s accounts is compromised, there is someone else in the account with full admin rights who can secure the account again.
3. Monitor your account activity
Most social media platforms will alert you via email or text to let you know if there has been a new login or attempted login on your accounts. It’s important to keep on top of these and regularly review any attempted log-ins or suspicious activity.
If you believe there has been an unauthorised attempt to log in to your accounts, it’s a good idea to change your password as soon as possible. Make sure any password you choose is not something that’s easily guessed and does not have any words associated with the firm in it.
On Meta and LinkedIn, you can also ‘sign out’ of any sessions you don’t recognise. On Meta go to ‘Accounts Centre’, then ‘password and security’, then ‘where you’re logged in’. On LinkedIn, go to your profile icon at the top right of your homepage, select ‘settings & privacy’, then go to ‘sign in & security’, and you can see ‘where you’re signed in’ under this section.
4. Don’t log in to your accounts using public Wi-Fi
It can be tempting when out and about visiting a client or getting a coffee from your local cafe to just quickly check in on your notifications and use the available public Wi-Fi. Unfortunately, using public Wi-Fi comes with many risks!
Many public Wi-Fi systems have not been set up using encryption, which means that information sent between your device and the wireless router is open to be read by malicious hackers. This sort of weakness allows for other security risks, such as attackers loading malware onto your device or snooping on the web pages you are looking at, including any credentials such as passwords or bank details that you may have entered on those pages.
Some cybercriminals even set up malicious hotspots that look genuine but, in actual fact, have been set up to view your sensitive information when you connect to it.
Make sure any device you use in public is not set to auto-connect to available Wi-Fi networks, switch your Bluetooth off if you are not using it and avoid logging into systems that hold sensitive information. If you do need to check your social media accounts when away from home or the office, ensure you use a VPN (virtual private network) that will encrypt your personal data and mask your IP address.
5. Keep your devices secure both digitally and physically
This may seem like an obvious one, but it’s important that any devices you use to access your social media accounts, such as laptops and phones, are secured with a password (or facial recognition) and stored somewhere secure when not in use. Don’t leave laptops on display from windows in your home or office or leave them in your car.
6. Stay informed on the latest phishing/cyber threats
A phishing attack is when criminals attempt to trick people into clicking a malicious link, downloading an attachment loaded with malware or handing over personal information by pretending to be a reputable company, organisation or even a friend or family member, usually via email or sometimes via SMS.
These attacks are becoming more sophisticated making it difficult to tell if an email or message is a phishing attempt. If you receive an email from a colleague and it doesn’t seem right, it’s always better to check with them directly, rather than just click on any links or attachments.
You can keep up to date with the latest threats and phishing scams by following the National Cyber Security Centre who have lots of resources on their website including guidance on phishing and how to spot and report scams.
Prioritise your law firm’s social media security in 2025
Hopefully you can now see the need for robust security practices when it comes to your law firm’s social media accounts. Actioning these tips now will ensure you don’t encounter bigger problems and potentially suffer financial and reputational damage in the future.
If you are looking for help with your law firm’s social media in 2025, we are here to help! Give us a call on 0117 901 2644 or drop us a line at sales@conscious.co.uk.