Site moved to, redirecting in 1 second...

« Is Your Social Media Campaign Sinking? | Main | Don't Be A Password Nazi: Rethinking Your Approach To Passwords »

Monday, June 30, 2008

How to Avoid Social Media Espionage

Nearly 1500 people have a window inside my daily actions and thoughts by subscribing to my feed and following me on Twitter. Over a thousand can see updates on what I do through Facebook. There are Flickr photos from the events that I head to and I publish the cities that I will be travelling to on Dopplr. In a social media universe, living your life a bit in the open seems a bit unavoidable if you are really going to take advantage of all the social media tools you are signed up for.

Along with this openness, however, comes the danger of publishing too much information too publicly and unwittingly leading to the rise of social media espionage ... the act of obtaining information published on social networks or online presumed to be secret or confidential and using it for personal or business gain. Here's a step by step fictional example:

  1. Entrepreneur and business owner tweets about heading to a meeting on the west coast from his home in Orlando with a friend (known to be his lawyer)
  2. The lawyer updates Facebook independently about heading to a client meeting in Redmond, Washington
  3. A business executive at Microsoft recently quoted in the media about having some "serious talks" with several companies in a certain type of business similar to what the entrepreneur does.
  4. An engineer at Microsoft blogs about his efforts and cites a really innovative company out of Orlando

In four small updates from unrelated people, a smart social media surfer could get a very direct sense of a deal about to happen and some inside information unintended to be shared. It is only a matter of time before Social Media Espionage becomes a concern that some businesses will need to have a preemptive strategy to fight against. To give you a head start, here are three tips for making sure your company doesn't become the victim of this type of cyber-spying ...

  1. Get employees smarter about what kind of information they publish, how they share it and how much detail they offer.
  2. Teach more selective friending to employees to avoid the situation of employees giving unknown friends, followers or contacts access to their profile information and updates.
  3. Monitor actively to see who is commenting from your company, what they are saying and whether you may have a potential issue to address before it becomes a major problem.

Social Media Espionage shouldn't be a reason to keep you from using social media or encouraging your employees to use it. But it will require some smart thinking to prepare for it and make sure you don't unwittingly become a target.


TrackBack URL for this entry:

Listed below are links to weblogs that reference How to Avoid Social Media Espionage:


Three of the four contributors in your scenario are beyond the entrepreneur's control. Another moral of the story is not to post (blog, tweet, etc.) about anything related to upcoming big deals, because even innocent comments may provide the missing piece that completes the picture for a determined analyst. Twitter seems to bring an unusual amount of risk, because there's less self-editing there.

Rohit, interesting post - I agree with the issues you raise.

As a fairly high profile blogger/Linkedin/Flickr/Facebook user you have some food for tought.

I recently posted on my blog about using twitter for business - has some relevant themes

Rohit -- I learned about this posting from a Todd Defren tweet. Yikes. Smart companies will pay close heed to your suggestions.

I have been thinking about your topic for a while now. In this "open" environment, are we all giving too much away?
Or, are we just paranoid. I think folks like us {That are online all day} are so darn busy, that we forget about the stuff we just Twitted 5 minutes ago, or received 2 minutes ago.
I am just going thru this "social" thing with faith.
Joel Libava
The Franchise King Blog.

I learned about this the hard way. Almost killed the deal. Set your twitter to private if you feel the need to discuss where you are at any given time.

Good Post.

I think there is plenty of non-confidential information that can be shared that has value for numerous individuals in the business world. However, one must draw a line at some point. Blogging, to me, is about giving away useful information for free. I see a whole new industry forming confidentiality consultant. Darn I just gave that one away!

Doesn't this entire fictional example break rule number one of the social web: "Don't be stupid?" C'mon, Rohit, raise the bar, and write some more strategy posts, please.


We all know that esponiage is nothing new. Your suggestions also have to include the issue of information given over a phone as well. If you really wanted to find out something about a company, you could just pick up a phone and start calling people. So many people within the company give up so much information.

A while back when I was part of a technology startup that eventually got acquired, we would receive calls from various people claiming all kinds of things asking for information. Some of them were legit and some not. There was even a time when someone went to the offices of a well known law firm (representing our company), used the lobby phone and called our offices claiming that they were trying to get some information on a "new" employee of our company and needed some other company information. The caller-id displayed the name of the law-firm. I received one such call and always being a bit cautious when asked to reveal important information, I asked for a name/number to call back so that I could be sure about the person. Sure enough, I called back and when i did, i was told that there was no one by that name at that firm. How they had gotten the internal direct numbers remains a mystery, but the direct phone call is the weakest link.

For someone to rifle though expressions on social media and use it to spytool and gather information is just way too time consuming and there are too many dots to connect. It's like looking for a needle in a large haystack. However, it could be done if someone more like a stalker knew exactly what they wanted to find out and used social media as a tool for spying.



I'm more concerned about people who see my kids at Flickr, figure out where I live thru BrightKite, then come to my house when I'm @beerandblog - or some such scenario.-

The way to discover and use the best tips to develop your email marketing campaign is to start off with what you already know and then just keep on testing everything in your email campaigns. Both, other people's best email marketing tips and also your own ideas.

This scenario is nothing new. The so-called "online life" has always been considered different from the "real" or offline life. But infact, they are the same. How one behaves offline is how one should behave online..

The way to get around this "espionage" is not via monitoring actively what employees are saying, but via plain and simple common sense. If you wouldn't say or do something offline, you shouldn't be doing it online either.

I sometimes wonder if the Facebook generation who puts its entire life online for everyone, including potential employers, to see really get this.

Those who live by the sword...

Good read. Much appreciated. img src="">

I'm curious how you'd recommend people "clean up" after a mistake. The reality is that people are going to share information and no amount of corporate education will prevent it. I tweeted a photo of our team celebrating a milestone and included a number that, if found by savvy journalists, would contradict numbers in our press releases. But we talked about it internally and concluded it was better to just leave it than to draw attention to it by trying to make a correction. The "cover up" would be another story in and of itself whereas the discrepancy could be easily explained "reactively." But of course, there is always the danger someone will simply find the number and blog about it without sourcing the data. So we monitor and are ready to respond if it comes up.

The comments to this entry are closed.