Posted September 5, 2013
When Oversharing on Social Media Becomes a Security Concern
Depending on your age, you may remember a TV segment with Art Linkletter or a TV show with Bill Cosby called “Kids Say the Darndest Things.” The basic premise was that Linkletter or Cosby would ask children open-ended questions that would inevitably end in a very cute answer that revealed too much information.
Fast forward to 2013: kids are still providing too much information, but they do it without the prompting of a famous comedian, and what they share isn’t limited to the viewers of a TV show. It’s now broadcast for the whole world to see.
Take the recent example of the social media incident involving the son of Syrian president Bashar al-Assad. The New York Times reported that a Facebook post attributed to a precocious Hafez Assad dared the U.S. and its allies to bomb his father’s country. Several of the accounts “Friends” actually “Liked” the post and could be identified as the children of other Syrian government members.
Some commentators have dismissed the Facebook post as a hoax or the work of a hacktivist group, but if it’s proven to be that of the actual son of Bashar al-Assad, this would indeed be an extreme scenario of the child of a powerful person sharing information that could potentially compromise national security procedures. For instance, if Assad’s son decided to post a picture with embedded GPS coordinates, anyone with the right tools could extract that information and learn not only his whereabouts, but possibly those of the president himself.
Political leaders aren’t the only people who can be caught off guard by their kids’ antics, though. There’s a very popular social media website, “Rich Kids of Instagram,” that’s dedicated to re-posting wealthy children’s online photos. One famous example of the risks posed by such social media postings was the case a few years ago in which Michael Dell’s daughter posted family vacation photos, thwarting the efforts of the family’s security detail to keep their location unknown.
There seems to be a series of responses that CSO and CISOs give when confronted with examples like those mentioned above. They range from “I can’t stop the kid from tweeting or posting” to “It’s on a third-party site” to “How does this pose a threat?” These answers usually can be translated to “I just don’t understand it” and “I can’t control it.” Both of these notions are incorrect and potentially dangerous.
Understanding the threats posed by too much information being posted on social media starts with the education of security representatives, as well as the executives and their families. A robust security policy should include cyber-safety training for everyone in direct contact with a C-Level executive. Using intelligence-based monitoring and reporting can also help detect threats and provide advance notice of issues like these that might not normally be considered part of your security program.
Being a CSO or CISO in today’s world often means dealing with issues unforeseen even five years ago. The growth of mobile devices, social media and adversaries who are willing to target the families of executives’ means new intelligence tools and methods are necessary as well.