Social Media Security Risks to Address for Executive Protection
In this day and age, executives have to carefully plan every move, and be able to keep their eyes and ears open to many different situations and scenarios occurring simultaneously. Executive protection teams must be able to handle many different moving parts at once – reputation risk, physical security and cyber security. Below are key issues executive protection teams should prioritize when addressing social media security.
Social Media Account Passwords & Two-factor Authentication
Passwords are the main portal of entry to any account – whether is be social, personal, or financial. Once a hacker has been able to bypass and figure out an executive’s password the risk dynamic and issues that arise materially change.
There are 3 main safety measures that are easy to implement and increase the level of security of social media accounts.
- Have different passwords for each social account – that way even if one account is compromised, the others not mean an immediate compromise. Use randomly generated passwords for each account with a tool such as Lastpass.
- Be aware of breaches. If a site you use has been breached, it’s critical that you immediately reset passwords.
Examples of breaches:
- MySpace: 359,420,698 accounts
- NetEase: 234,842,089 accounts
- LinkedIn: 164,611,595 accounts
- Adobe: 152,445,165 accounts
- Badoo: 112,005,531 accounts
- VK: 93,338,602 accounts
- Youku: 91,890,110 accounts
- Rambler: 91,436,280 accounts
- Dropbox: 68,648,009 accounts
- tumblr: 65,469,298 accounts
- Implement multi-factor authentication. This requires anyone logging into your accounts to also verify that is a valid user via a code sent to another account or device. Actors that are trying to hack in an account would not have the mentioned device with them, therefore preventing a brute force attack. In certain circumstances, take the extra step and make sure all of the devices the executive has are separated between personal and work devices.
Enabling Two-Factor Authentication on:
Geo-enabled Social Media Posts
Enabling the public to know where your executive is opens up an entirely different world of risks, including oversharing information to those who don’t need it, to disclosing private locations. Geo-enabled social media postings through location-based services (LBS) create physical risk, leaving the executive with little to no privacy. The best way to combat this risk is to remove it completely – turn off the geo-enabled feature for both your executives and their family members. If it’s needed, keep it on ONLY for apps that do not disclose location and update social profiles with location information. This ensures that those who can see their location are closed, trusted, vetted personal family and friends.
Social Media Account Imposters
There’s also always a risk of imposters on any social platform. Fake executive accounts are also used as part of social engineering & spear-phishing attacks to target customers and other key employees. There are a couple of solutions that can help mitigate the risk of this situation and aid abuse teams to speed up take downs.The first is having a verified account or page. That way, if anyone sees a page that is posting as the executive, but know that that’s not the official page, they tend to be less believing of the content coming from “unverified” pages. Next, you should have a monitoring system with triggers in place that understands the difference between authorized and unauthorized social media accounts quickly, so take-downs can occur quickly.
Social Media Brand Imposters
Brand impersonation is something that is similar to account imposters, but tends to be able to cause a larger scale of damage. Brand impersonation is done by an actor with ill intentions and pretends to be the brand or an employee of that brand. They can do this fairly easily, by creating a fake profile, page, or twitter handle with some variation of that company or brand name. They then begin to push out postings, which the public would respond to, not knowing this was a fraudulent account. The best way to mitigate this threat is this is to have a team consistently monitoring for unique sources that are correlated to an approved inventory of social media assets.
Oversharing “Pattern of Life” Content
When any executive is a public figure, the fans and the public enjoy knowing what they are up to. This helps to build the relationship between the public and the executive, creating a rapport that is the base of their brand. But, sometimes, too much sharing can have a dangerous impact on the safety and well being of the executive. This should be limited – there’s ways around it. In order to let the public know what an executive is doing, post after the occurrences. That way, the public still can be engaged, but the executive has moved onto another venue reducing physical risk. It is very important that a “pattern of life” cannot be established through social media on the executive or close friends & family members too.
Breaking Event Awareness
As executives travel to work, events, conferences and vacation, situational awareness of the breaking events in the location they are present in is a 24 x 7 issue. Executive protection teams need to quickly respond to emerging hazards and physical risk related to the exact geographies their executive(s) are present in. It is critical for executive protection teams have an understanding what is correlating to the physical event on social media. Understanding where travel, weather and other physical hazards may be present will assist in determining the need and exit strategy for an evacuation from the site. The best way to address this need is this is to have a location-based monitoring solution that can support advance and real-time analysis.