Private security professionals and law enforcement personnel are leveraging social media as a physical security tool to identify security threats and prevent crime. “Knowledge is power, and we’re all learning to cyber-sleuth to keep up with the bad guys,” says Wendy Patrick, JD, PhD, Deputy District Attorney, special operations division, San Diego District Attorney’s office and president of the Association of Threat Assessment Professionals San Diego Chapter. Social media – physical security tool A veteran sex crimes prosecutor, Patrick is experienced with ferreting out existing and new social media sites used by predators and victims alike. “Facebook is great,” she says. “It still has the highest use among all ages and demographics. Some people use it as a confessional and post things they won’t tell their friends about. Those posts can be useful if we’re able ethically and legally to gain access.” To gain access to someone’s Facebook page, investigators have to be accepted as a friend, and that can sometimes prove difficult. “Twitter is an excellent tool for learning about someone,” continues Patrick. “Since you only have 140 characters, you have to streamline what to say. By doing that, you showcase yourself. Unlike Facebook, Twitter is totally public.” Patrick and her team use Facebook, Twitter and other social media sites to assess threats, find security risks, track apps and smartphones and investigate crimes like cyber stalking. Private security departments can do the same thing by monitoring social media, perhaps looking for employees worried about a cyber-stalker, a bully or an abusive ex-spouse or perhaps engaging in those activities. Crime prediction software How do you monitor? Software applications are emerging to help. For instance, researchers at the University of Virginia (UVA) have developed a set of algorithms that can analyse geo-tagged tweets and make predictions about when and where two dozen or so crimes might take place. The crimes include stalking, thefts and even assaults. A number of applications exist to help corporate security directors set up social media monitoring programs How is that possible? People tweet about what they are planning to do tonight. The application keys on specific words and phrases, especially those that are geo-tagged in relatively close proximity. UVA research offers this example: If a group of people tweet about getting drunk tonight in a certain area of town, the algorithm identifies a potential for crimes. Corporate security managers could adapt such technology to monitor for phrases suggesting plans for stealing anything from laptops to intellectual property. A number of applications exist to help corporate security directors set up social media monitoring programs. Invasion of privacy The chief argument against such programs involves invasion of privacy. Indeed, reading employee email is invasive. Social media posts are different. Some are private, and some are not. To read an employee’s Facebook posts, for instance, a security director would have to ask to be friended, but Tweets are public. But employers can in general monitor employees’ computers and Internet use. According to the federal Electronic Communications Privacy Act, employers that provide employees with computer and Internet access may monitor employee activities with that computer and Internet access. Today, part of providing physical security can extend to monitoring employee activities on social media. But the question remains, how do you do that without invading everyone’s privacy? Even though employers may do this, is it worth the price of making employees angry? Tools are being developed to deal with this problem. SocialNetWatcher – SaaS For instance, SocialNetWatcher is a software as a service (SaaS) product that scans social media sites for phrases that are associated with specific problems. The application does the monitoring. No one from the company reads the posts — unless, the application sends an alert. Schools are using the product to ferret out and deal with cyber bullies. Businesses can use it to protect confidential information and intellectual property. It can also be useful to help protect employees that might be dealing with an abusive spouse or to keep an eye on disgruntled employees. And it can be done without an outright invasion of every employee’s privacy.