Don’t let a tweet end your career
Throw a stone at a crowd of millennials and you are bound to hit at least one who has gotten into hot water due to some social media faux pas. While most cases are generally stupid off the cuff comments, posting on Facebook and Twitter can sometimes have wider effects than the poster may have imagined.
Users who post unwise details about their personal lives also run the risk of including information that can get them in trouble with their employer. Beyond the, “My boss is a (fill in your expletive),” posts can inadvertently broadcast private information regarding operations, M&As, or other potentially damaging content: Even Twitter’s own CFO Anthony Noto tripped up in 2014 when he posted publicly about their intention to buy another company, thinking that he was using a Direct Message.
Recognizing the power that social media plays in the digital business world and the liability that it imposes on businesses, one startup believes that it may have the solution to keep the lid on unintentional leaking, compliance issues, and ill advised posts while avoiding fears on censorship.
Founded in 2012 by CEO Joseph Steinberg, the New York-based SecureMySocial is a cloud-based, fully automated, technology assisted self monitoring service that integrates with Facebook and Twitter to act as guard dog against poorly thought out posts.
Instead of automatically blocking a potentially harmful tweet from being sent, a message pops up notifying the user after they click send that their post could be a bad idea and asks them if they are sure they want it to go out.
The service is able to pick up questionable posts based on a mix of keyword searches and looking at the context, applying itself through preset rules.
There are the standard built-in rules for catching basic no gos like “my boss is an asshole” or similarly dumb things that an employee might be feeling but would be unwise to publish to the world. Then there are the standard business rules that are aimed at catching things like secret M&A details or other leaks that the poster should not be airing publicly. Clients can build their rules based on questions prompted at the beginning. Some companies might decide to set custom rules based on their specific circumstances, or that allow spokespeople to post on topics that others would be barred from automatically.
There are also checks for the individual users that make sure that they do not list their personal information like phone numbers, addresses, or other sensitive details.
What are risks posed by social media?
Coming home from our business trip in Malaysia. First time flying with just the both of us for work. Cheerios 🙂 pic.twitter.com/hcnCqzzf6n
— Aloysius Pang (@AloyPang) February 1, 2016
While most businesses and organizations have set up measures to keep their employees from leaking confidential or embarrassing information from their offices, Steinberg tells Geektime that the most significant threats come from users on their own devices and accounts from outside the office environment.
“There’s a psychological component to this problem,“ he says, explaining that nearly all of these destructive posts come out on Facebook or Twitter, but almost never from professional networks like LinkedIn where the person has their “work hat” on. While Instagram could contain harmful posts, it is still an emerging platform that has not had much of an effect on the business world insofar as information leakage or similar issues are concerned.
Take for example the 23-year-old account manager who is getting ready to fly to Japan to help facilitate the opening of a new office. Chances are that he has his place of work listed on his profile, and anyone looking for information on his company’s employees can do a simple search to pull up a list of who to watch for information. If our account manager goes out on Friday night for drinks with friends and posts publicly something to the effect of, “I’m so excited to be flying to Tokyo for work!!!;-)” then he has given out potentially revealing information that a competitor can exploit.
“If someone is looking to spearphish a company,” explains Steinberg, “Their first stop will be the social media profiles of its workers for picking up information that will help them to optimize their campaign.”
For hackers, Steinberg makes the point that users are still the weakest element, saying that instead of going after technology that is constantly being improved, that they can simply hack “human brain 1.0” with social engineering tactics.
This service is not aimed at people who are looking to harm their employers, as Steinberg explains that there are much easier ways of doing that while not exposing their identity.
Problems occur when people fail to grasp the implications of their actions, with repercussions that extend beyond their intended audience. “It’s getting a lot worse with time, and not better,” he explains, describing how the Internet has made open all kinds of formerly private information available.
This has been most noticeable when it comes to the younger generation that has grown up sharing so many aspects of their lives on social media. When they take on responsibilities at work, they need to relearn many of their habits to adjust to the workplace.
Censorship or liability avoidance?
It is understandable that not everyone would be excited about their employer reading their social media musings. Where exactly the boundary should be between personal expression and company policy / good sense is still unclear.
“This is an evolving area of law in the U.S.,” says Steinberg regarding what kind of freedoms someone has to speak their mind, while noting that companies have the right to fire an employee based on their public comments. “It’s almost like a wild west when it comes to social media.”
When it comes to leaking private company data, he notes that it is not a matter of speech but of compliance with policies. In most cases, SecureMySocial has no need to report transgressive posts to a company. However if they are in a field where they are either liable or mandatory reporters for actions that their employees take, then they can set alerts. This could apply for firms that deal with the SEC or HIPAA, Steinberg explains.
While there are options for manually reviewing individual posts, the system’s automation negates the need to do so and in a way, keeps the veneer of privacy. Moreover, even after receiving the warning, the user can go ahead and approve the post, making any claims of censorship appear much weaker.
Looking to the future
Still in pilot stage with a number of large financial firms, they have not yet gone through with their full launch. Up to this point they have been self funded, but are planning to raise a round at some point in the coming year.
While the current version does not address images like memes, the company has patents for dealing with them that will likely make an appearance in the next version.
Regarding competition, they are going up against companies in a wide range of sectors for mindshare and dollars.
For data loss prevention, there are Websense, Clearswift, Symantec, and TrendMicro; on issues of compliance, there are Hearsay Social, Nexgate, and Zerofox; for employee monitoring, there are SpectorSoft and NetNanny, while Symantec, McAfee, and Kaspersky compete with them as internet security suites. Finally it is worth noting that there is some crossover on reputation protection with reputation.com and other similar services.
Steinberg tells Geektime that he anticipates partnerships with many of his competitors down the road as they can integrate with their social media solutions.
In some cases, personal expression gets thrown in the mix with business as one area of our lives blends into the next. Personal social media posts can expose employees to risks of hackers or others out there searching around the web looking for private information.
SecureMySocial seems to be the service that may bridge many of the technical and social gaps necessary for maintaining smart business communications and continuity. Companies can provide their employees with a powerful tool to help keep them out of the bear traps, minimizing the number of incidents that arise out of thoughtless postings.
Speaking with Steinberg, it is clear that even with the software, mistakes can happen. “People miscommunicate all the time,” he says. ”No tech is 100% perfect since humans themselves will make mistakes.” While this is true, for now businesses have zero protection so despite the potential gaps in the product, it will still play an important role.
While the best policy would be to teach employees not to do stupid things, it can be extremely difficult to enforce on a large scale, especially when it goes against many of the current cultural norms.
So next time you feel like posting something about your job, just upload a picture of your lunch instead.