Halloween Social Media Security Risks: What You Should be Most Afraid of
The leaves starting to turn outside my office window and the small pumpkin on my desk – everything tells me that we’re getting into one of my favorite times of the year: the Halloween season.
Halloween is a holiday that plays on fears. The American horror writer H.P. Lovecraft calls fear “the oldest and strongest emotion” and fear of the unknown “the oldest and strongest kind of fear”.
Security ultimately is about eliminating fears by making unknown dangers (risks) known. Once we know about risks, we can take steps to address them. We transform them from nebulous fears of the unknown to problems to be managed and mitigated.
So this month, in honor of Halloween, I want to talk about what arguably is the “oldest and strongest” risk to online security and what you can do about it.
It may seem odd for an article on social media and digital security to call human error the “oldest and strongest” risk rather than something more technical like cookie theft, malware, or account hacking.
But the fact is that technologies and technology-related risks come and go but humans remain the constant throughout. And, because technologies are ultimately tools in the hands of humans, nothing can screw things up worse or more spectacularly than a human being. The simple fact is that no amount of technology-based controls can fully eliminate the risk of human error.
We have seen this fact highlighted again in the world of social media with lots of brands having to apologize for political tweets or irresponsible treatment of customers.
If technology can’t help mitigate this “oldest and strongest” risk, what can you do about it? Since the problem is a human one, the best solutions are human ones. Specifically in terms of how you and your employees look at things and the practices you engage in. There are three simple things you can do can help make human error less common by mitigating circumstances that enable them to happen in the first place.
Assume things will fail
This is a very simple rule. I think of it as using Murphy’s Law to your benefit. Figure out what the worst that could happen is, and then eliminate that possibility. Going back to our Twitter misfires, my guess is that the people who made those mistakes were using a tool like Tweetdeck that had personal and professional accounts loaded.
Following this rule, you would identify that there’s a real chance you could send to the wrong account in that configuration. So, you mitigate the risk by eliminating that possibility by not co-mingling personal and professional accounts. In general, you’ll find that taking some time to identify and eliminate places for possible future errors can prevent a lot of things from happening.
The Roman Emperor Augustus used to like the phrase “make haste slowly” and that’s a good one to follow. There is probably no single greater contributor to human error at the time of the mistake than rushing.
Even in the time-critical world of social media, taking just a few extra moments can help eliminate errors. Look at it this way: the five seconds you save from not checking before hitting post may translate into five days worth of extra, needless work. Invest the five seconds so you can save the five days.
Create systems of checks and balances
And use checklists: Any quick look at high-risk fields that have little margin for error shows that a common practice is the use of checks and balances along with checklists. Looking at airplanes, for example, you can see that there’s a whole rigorous, structured process of pre-flight checking using lists covered by more than one person.
While a system that is rigorous and structured may be overkill for your social media practice, still having a standard checklist (check spelling, check account) and review by other eyes is something worth considering. Human memory can be spotty, especially when under stress. And it’s a well-known fact that we can be truly blind to our own mistakes.
Checklists put in place a hard break that makes rushing harder than if you were simply flying by the seat of your pants on your own.
This is not to say that technical aspects of security aren’t important: they are, especially in the world of social commerce when losing your social media accounts to a hacker may mean the end to your business. There’s a great audiobook by Hari Ravichandran that goes into much detail on how cybersecurity can make or break your company.
But no technical security system will ever successfully save you from yourself. When you consider the risks to the security and integrity of your social media channels, you should take time to learn and know the oldest and strongest risks to your properties. Look in the mirror and then take steps to protect your properties from yourself.