With the plethora of information shared on social media, the importance of security is on the rise. For individuals in powerful roles, executives (CEOs and COOs), and celebrities, most of this has to do with the security of personal data. Can hackers get into personal accounts? What will they do with the information they find?
Let’s dive deeper into executive protection (EP) in corporate and high net worth contexts. What can you do to protect your client’s reputation as well as their personal safety? Executive protection teams must be able to handle many different moving parts at once – reputation risk, physical security, and cybersecurity.
Of course, the easiest route is to just stay off social media. But that’s like telling a child not to lick the spoon when baking cake! EP pros need to know how to embrace social media, not reject it. Below are some strategies that can help best protect your clients.
1) Social media is part of our world. Know how to navigate it.
According to recent research by the University of Massachusetts, Dartmouth, all but three Fortune 500 companies are active on social media with corporate accounts:
- 98% use LinkedIn
- 88% use Twitter
- 85% use Facebook
- 75% use YouTube
- 53% use Instagram
- 42% maintain blogs
- 31% use Pinterest
- 10% use Snapchat
Keeping track of what your principal is up to on social media helps EP pros in several ways. It helps you understand what’s going on in his or her life and what’s important to him or her. Being aware of contexts that are meaningful to your client is a good idea no matter what business you’re in – including the business of executive protection.
Also, observing what the principal is doing on social media – and what others are doing on social media regarding your principal – helps you improve your protective practices. You need to follow and understand what everyone else can follow and understand about the principal simply by taking a look at their smartphones. You need to monitor what others monitor. Then you can add your protective perspective so you’re looking for things that can impact the principal’s wellbeing, including time and place predictability.
2) Disable Geo-enabled Social Media Posts
Enabling the public to know your executive’s location opens up an entirely different world of risks, including oversharing information to those who don’t need it. Geo-enabled social media postings through location-based services (LBS) create physical risk, leaving the executive with little to no privacy.
The best way to combat this risk is to remove it completely – turn off the geo-enabled feature for both your executives and their family members.
Social media posts can also increase time and place predictability. A simple Facebook or Instagram post can broadcast your location quickly and accurately. Maybe the principal just wants to say “Hey, check out this cool picture that shows you what I’m up to and who I’m with.” Although it seems harmless, the principal’s time and place predictability helps the bad guys. They conduct surveillance prior to any bad deed: the ability to predict when a victim will be where helps them plan an attack – and increases their chances of getting away with it.
Protective teams can combat this by using surveillance detection and mixing up routes so the principal is not commuting via the same streets at the same time every day. Keep access to principal itineraries to the absolute minimum.
3) Monitor for Executive Account Imposters
There’s always a risk of imposters on any social platform. Fake accounts are used as part of social engineering and spear-phishing attacks to target customers and other key employees.
Make sure you have a verified account or page. That way, if anyone sees a page that is posting as the executive, but knows that that’s not the official page, they tend to be less believing of the content coming from “unverified” pages. Next, you should have a monitoring system with triggers in place that understands the difference between authorized and unauthorized social media accounts quickly, so take-downs can occur quickly.
3) Don’t Reuse Passwords
It sounds simple enough but passwords are the main portal of entry to any account – whether it be social, personal, or financial. Once a hacker has been able to bypass and figure out an executive’s password the risk factor increases exponentially. Have different passwords for each social account – that way even if one account is compromised, the others not mean an immediate compromise
4) Everyone’s a Journalist
EP professionals need to understand the implications of anyone being able to take a picture (of the principal, of the principal’s family or colleagues, and the EP team) and then posting it to social media where millions, can see it in seconds.
Let’s say your principal is in a restaurant having a meal with a colleague or their family. It is quite likely that someone in that restaurant will post a picture on social media, maybe even the restaurant owner trying to announce that a prominent person likes their food. No matter what the instance, it could mean that a crowd of people shows up before dinner is done. And that definitely means your principal’s privacy is in jeopardy. Of course, there is no way to prevent all photos or postings…but EP professionals must consider this type of exposure as part of the overall risk environment.
While these tips can certainly help you reduce the threat posed by social media, it’s inevitable that some information about your organization and its employees will be available to criminals through social media. This is why, no matter what else you do, security training for employees is an essential component of any cybersecurity strategy.