A Restructured Paradigm for Corporate Teamwork

By Courtney Klein of Soteria Risk Consultants

Social media has become an integral part of everyday life. It’s how some of us get our news, research our opinions, learn about local events, and connect with friends. For the modern western business, it is also immensely important for staying in touch with customers, advertising, and overall visibility. For this reason, many companies employ veritable armies of “Social Media Specialists” that do everything from designing graphics to writing tweets to replying to customer questions and complaints. Some companies interact with each other (such as the hilarious and long-standing Twitter Battle between Wendy’s and McDonald’s), and some use it as their primary form of communication.

Customers, too, know that social media is a way to get in touch with a company – for good reasons and for bad – and while many companies are aware that they will and do receive threats on social media, very few of them have any kind of protocol in place for how to deal with them – and even fewer still encourage their social media teams to pass this information on to or (better yet) work together with their security team. This sort of blasé attitude to threats – either because “it’s not my job” or “they can’t be serious” – leads to real-world ramifications. Incidents such as the April 4th Youtube Shootings (which, we acknowledge, was a failure of many different departments, companies, and law enforcement operations) are a reminder of just how social media “banter” can turn into a real-world nightmare.

Now, in defense of essentially any company guilty of this, Social Media is a new beast that even the best are still trying to get their arms wrapped around. Not only is social media relatively new to the game, but it’s dynamic and ever-changing. What was relevant yesterday no longer will be tomorrow. Updates add new features and kill our favorites, terms of service changes impact business, trends are fleeting but ever so important for a business to understand, customer service issues must be dealt with in a timely fashion. Take all of this and add security concerns on top of the social media specialist’s plate and you’re only going to run into failure. That’s why we at Soteria are such strong believers in having social media and security teams work together every step of the way.

Folding security into the fray … will make a world of difference

With few exceptions, social media teams plan their calendar very carefully. Words must be scripted, graphics must be designed, legal must be consulted; it’s not often that there’s a “last minute tweet that just has to go out right here right now.” With everything else that goes into these seemingly benign releases, folding security into the fray is, ultimately, a minor change, but one that will make a world of difference. Giving the security team insight into what will be posted provides a number of benefits.

The security team will be able to assess what posts may aggravate any known or active threats. In general, security teams like to keep information about who wants to do harm to a company under relative secrecy so as to not unnecessarily alarm staff. As a dedicated intelligence analyst (working for a company with an incredible need to integrate a security function into social media) I personally witnessed a number of occasions where I’d read a post – a perfectly fine, professional post that a normal person wouldn’t bat an eye at – and thought “Oh heck, John Doe isn’t going to be happy about this one,” and upon further investigation discovered that, as suspected, Doe was all sorts of worked up over 260 characters and was heading down to the local office to cause a ruckus. With a little bit of notice, my team could have prepared our local staff for the event and given them adequate time to get ready rather than going into overdrive mode.

It can help reduce the stress that the social media team feels during the normal course of their duties. Most people know that it’s possible to directly message a company’s customer service group via social media, but often times it’s actually the social media team that is in charge of screening and fielding these messages. On the occasion when a hateful comment or threat comes through, the social media specialist on the receiving end – who likely and rightly doesn’t have a lot of experience with such things – may react in any number of ways, from panic to disbelief. Whatever the response is, the likelihood that they’ll consider sending it to security for analysis without some previous instruction to do so is slim to none. At the very least, giving these staff this simple instruction can mitigate some of the basic issues. At best, it can begin to smooth the path for future growth into a more robust Social Media-Security partnership.

Even security teams with dedicated social media analysts are still constrained by the limits of being human. While your company may have a well staffed social media threat team there is only so much a person can handle at any given time. In reality, though, it’s more likely that whoever is watching social media for threats is also juggling a multitude of different security tasks as well. By working or liaising with your organization’s social media team, you’ll have extra eyes on all the time. Many times, when a person is threatening an organization online they are not directing this information to the company’s inbox or direct messaging their team. Sometimes it’s as simple (and clear) as someone saying “I’m going to go shoot up XYZ Company tomorrow” without any connection to official accounts. Most social media groups monitor for any mention of their company’s name as part of a marketing strategy and to ensure only legitimate accounts are using the company branding. Clearly, this threat is not something that they should be dealing with – but it is certainly the job of corporate security. Even a tenuous partnership between the teams could result in threats like this being effectively handled.

Just as your average security specialist wouldn’t know how to effectively announce a major company event on Twitter, neither will your typical social media analyst have the tools and skills necessary to investigate threats and persons.

Security teams, by the nature of our work, are often able to access information that is not available to social media teams. Tools like Nexis and TLO aren’t given to groups without a legitimate use case, but these tools are often necessary in order to identify a threat actor. Depending on the severity of a threat, this information is often incredibly useful when providing information to the police. They are generally so overworked, underfunded, and understaffed, that having so much information handed to them, especially with an honest, well-documented case file that explains the methodology of your investigation, is a relief, and will help jumpstart an investigation.

Social media teams know who is a regular issue. They know that John Doe sends rude comments to the Instagram inbox every time something is posted. They also know that they have a lot more to their job description than just reading mean comments. The regulars are remembered because of their consistency, but there are other threats who may not come up often enough to remember, and these may be the most dangerous. Likewise, if John Doe suddenly stops sending his vitriol, a social media specialist is likely to feel relief, whereas an intelligence analyst or other security professional might feel apprehension. What’s changed? Where did he go? Was he arrested? Did he find a new target? Or is he planning something that’s taking all of his time? For five years Jarrod Ramos threatened the staff at the Capital Gazette through social media, phone calls, emails, and any means he could find. It was normal for them, though the staff never ignored his threats. But in 2016 he went quiet. The small newspaper had neither the staff nor the resources to figure out why, and it would have been impossible for them to guess that in June of 2018 Ramos would be responsible for the vicious murder of five of their colleagues, but that’s exactly what happened. Likewise, in the reverse, should a case of minor, random harassment become more regular it’s possible an overworked social media specialist might be so harried they just wouldn’t notice. Paying attention to and noticing such trends is well within the wheelhouse of Corporate Security, but our ability to do this work is dependent on good, effective, two-way communication with the people on the receiving end (including and beyond social media).

Finally, and very importantly, it is imperative for any security team to work with the people in their organization if for no other reason than to build relationships. Security is, if we’re being frank, a pain for everyone. While, yes, our goal is to keep people alive and well, completing this task also means we have to be an impediment. The same perimeter security measures that keep out a bad actor also slow down the company’s employee during a torrential downpour. The same check-in procedures that ensure only authorized persons and wanted guests get past the lobby also make the new guy late right before a big meeting when he’s left his badge at home. The same systems that only grant entry to someone with a need-to-access also ruins the forgetful employee’s day when she hears the door click shut behind her just as she notices she left her access card on her desk. Security costs money but doesn’t make it. Security gets in the way of art and gardens and aesthetics. Security is necessary, but it’s also difficult for everyone. By working amicably with as many people as possible throughout an organization and making sure they understand that you’re there to help them get their job done, you are building bridges to better relationships. You’re recruiting ambassadors that can help explain to others why piggybacking is such an issue. You’re educating additional bodies who can come to your team when they notice that outside door isn’t locking when it shuts. You’re expanding the pool of people who will quickly let you know when something doesn’t seem right, rather than just telling you after the fact. And, unlike many teams within many organizations, the social media team is often overwhelmingly comprised of young employees who will be more vocal about their support for you and may even come up with interesting, innovative ways to spread the security word that we may not think of.

The long and short of it is that the world is always changing and evolving and in a field as vast and dynamic as security, we will always be met with new challenges. The most effective way to deal with such hurdles, at least on the front end, may very well be referring to the expertise of other professionals. By working with them instead of against them, we’ll be more able to understand the threats posed to our organizations and communities, and better ensure the continued safety of those who depend on us.

Editor’s note: This article was re-published with the generous permission of the author. She is not the poor soul depicted in the photo above, however, who, for my money, is being a bit dramatic. –Tom Hagy

Courtney got her start in security while pursuing her master’s degree in criminal justice. Since then, she has served in a consulting capacity for educational institutions, major law firms, local and federal law enforcement, religious organizations, internationally celebrated entertainers, a number of non-profit organizations, a preeminent entertainment company, and state task forces grappling with innovative standards designs.

Much of Courtney’s experience also rests in serving on dedicated corporate security teams, focused on everything from basic CPTED design and access control to international travel security and internal fraud investigations. Currently, Courtney proudly serves as the Senior Intelligence Analyst for a major international non-profit, where she uses her experience to identify and monitor individuals who pose a physical or intellectual threat to the organization’s employees, clients, assets and mission.

Read more about Soteria Risk Consultants.