Executive Protection Teams Must Plan Every Move Carefully
In this day and age, executives have to carefully plan every move and be able to keep their eyes and ears open to many different situations and scenarios occurring simultaneously. Executive protection teams must be able to handle many different moving parts at once – reputation risk, physical security, and cybersecurity.
Below are key issues executive protection teams should prioritize when addressing social media security.
Don’t Reuse Passwords!
Passwords are the main portal of entry to any account – whether it be social, personal, or financial. Once a hacker has been able to bypass and figure out an executive’s password the risk dynamic and issues that arise materially change.
- Have different passwords for each social account – that way even if one account is compromised, the others not mean an immediate compromise. Use randomly generated passwords for each account with a tool such as Lastpass.
- Be aware of breaches. If a site you use has been breached, it’s critical that you immediately reset passwords.
Implement multi-factor authentication
This requires anyone logging into your accounts to also verify that is a valid user via a code sent to another account or device. Actors that are trying to hack into an account would not have the mentioned device with them, therefore preventing a brute force attack.In certain circumstances, take the extra step and make sure all of the devices the executive has are separated from personal and work devices.
Disable Geo-enabled Social Media Posts
Enabling the public to know where your executive’s location opens up an entirely different world of risks, including oversharing information to those who don’t need it, to disclosing private locations. Geo-enabled social media postings through location-based services (LBS) create physical risk, leaving the executive with little to no privacy.
The best way to combat this risk is to remove it completely – turn off the geo-enabled feature for both your executives and their family members. If it’s needed, keep it on ONLY for apps that do not disclose the location and update social profiles with location information. This ensures that those who can see their location are closed, trusted, vetted personal family and friends.
Monitor for Executive Account Imposters
There’s also always a risk of imposters on any social platform. Fake executive accounts are also used as part of social engineering and spear-phishing attacks to target customers and other key employees. There are a couple of solutions that can help mitigate the risk of this situation and aid abuse teams to speed up takedowns.
The first is having a verified account or page. That way, if anyone sees a page that is posting as the executive, but knows that that’s not the official page, they tend to be less believing of the content coming from “unverified” pages. Next, you should have a monitoring system with triggers in place that understands the difference between authorized and unauthorized social media accounts quickly, so take-downs can occur quickly.
Monitor for Brand Imposters
Brand impersonation is something that is similar to account imposters, but tends to be able to cause a larger scale of damage. Brand impersonation is done by a threat actor with ill intentions and pretends to be the brand or an employee of that brand. Bad actors can do this fairly easily, by creating a fake profile, page, or twitter handle with some variation of that company or brand name. The best way to mitigate this threat is this is to have a team consistently monitoring for unique sources that are correlated to an approved inventory of social media assets.
Stop Oversharing “Pattern of Life” Content
When an executive is a public figure, the fans and the public enjoy knowing what they are up to. This helps to build the relationship between the public and the executive, creating a rapport that is the base of their brand. But, sometimes, too much sharing can have a dangerous impact on the safety and well being of the executive. This should be very limited – there are ways around it. In order to let the public know what an executive is doing, post after the occurrences. That way, the public still can be engaged, but the executive has moved onto another venue reducing physical risk. It is very important that a “pattern of life” cannot be established through social media on the executive or close friends and family members too.
Maintain Breaking Event Awareness
As executives travel to work, events, conferences, and vacation, situational awareness of the breaking events is a 24 x 7 issue. Executive protection teams need to quickly respond to emerging hazards and physical risk related to the exact geographies their executive(s) are present in. It is critical for executive protection teams have an understanding what is correlating to the physical event on social media. Understanding where travel, weather, and other physical hazards may be present will assist in determining the need an exit strategy for an evacuation from the site. The best way to address this need is this is to have a location-based monitoring solution that can support advance and real-time analysis.