Threat Intelligence Blog

Posted April 15, 2014

by Tobias Losch, GLEG

In this blog series on social media and online monitoring, we’ll discuss five best ways for companies to address compliance regulations – and protect their organizations – while respecting employee and third-party privacy concerns.

In our previous post, we discussed why it’s important to be transparent when establishing social media monitoring and why you should have a formal social media policy. In our fourth and final post, we’ll take a look at how a third-party monitoring service can be helpful.

5. Consider Using a Third-Party Monitoring Service

Many times, companies try using in-houses teams or “off the shelf” solutions to monitor social media and other online sources for security and compliance, usually based on the naïve idea that “if it’s out there in the open, I can find it myself”. Typically, though, organizations quickly discover problems with reliability, monitoring sources in non-native languages, and operational security.

The other challenge is scale, as the ratio between raw intelligence and relevant findings can easily be one to several thousand. Furthermore, the initial task of developing robust and sensible queries based on reasonable, permissible objectives requires a finely-tuned combination of processes, tools, and experience that can be hard to find. Lastly, especially in regard to corporate compliance issues around harassment, bullying, or sexual misconduct, a professional third party vendor is less susceptible to bias – or can at least fight off a respective allegation more convincingly.


In conclusion, issues related to online monitoring for risk and compliance and governance might not have the same high profile as monitoring for corporate security and information protection, but they’re just as relevant. A reputable professional vendor can help you navigate the tricky waters between privacy and protection, mitigate dangers, and limit risks for reputation or liability.

The author received his legal education at the University of Göttingen (GER), practiced law previously as an attorney in Germany, and is GIAC certified for Law of Data Security & Investigations. He serves as a leader of Cyveillance’s Global Intelligence Team. Disclaimer: This blog post is a general reflection of certain topics and is not intended as a comprehensive discussion of the law. It does not constitute legal advice for any particular situation. If you need specific legal advice, please consult your own counsel.

Additional Posts

Shaping the Threat Intelligence Management Market

There has been significant chatter recently about threat intelligence management – specifically ...

I Think We’ve Seen This Before… …Why “Incident Intelligence” is Imperative

Lately, customers have been asking me how threat intelligence can enrich their incident response ...