Liferaft Blog | Resources for Corporate Security

How to Conduct Social Media Intelligence Safely: 5 Expert Tips

Written by Liferaft | November 23, 2023

In today's digital age, social media intelligence has become a crucial source of information for corporate security professionals. The technique has emerged as an essential tool for everything from detecting security threats and monitoring brand reputation to detecting fraud and improving crisis response. 

But while the internet provides a window to watch adversaries, never forget adversaries can use the internet to watch you. Conducting any type of social media intelligence can expose sensitive information. And corporate security professionals need to take specific precautions to conduct social media intelligence safely and protect themselves and their organizations from potential security breaches. 

In this article, we'll discuss five expert tips on how to conduct social media intelligence safely. These strategies are tailored specifically for corporate security professionals, and will help you gather necessary intelligence while minimizing the risk to your organization's security posture. 

Let’s dive in.

5 Tips for Conducting Social Media Intelligence Safely

  1. Use a virtual machine
  2. Use a privacy-focused web browser
  3. Mask your IP address with a VPN 
  4. Never use a personal device during investigations
  5. Avoid using a company email address

1. Use a virtual machine

Security teams should use a virtual machine when gathering social media intelligence to protect their organization's security posture. 

When conducting social media intelligence, analysts are often exposed to malware, phishing scams, and other types of security threats that can compromise their systems and data. A virtual machine provides an isolated environment that operates separately from the host system, offering a secure and protected workspace for security teams to conduct their research.

By using a virtual machine, analysts can avoid exposing their primary systems to potential threats, minimizing the risk of a security breach. Additionally, virtual machines can be customized with specific tools and configurations that are required for social media intelligence gathering. 

This enables security teams to gather intelligence efficiently and effectively while minimizing the risk to their organization's security posture. And by using a virtual machine, investigators can ensure that they are conducting their research safely and securely, safeguarding their organization's systems and data from potential threats.


2. Use a privacy-focused browser

Cookies can be used to reveal identifying information about individuals when they visit websites and browse the web. For corporate security teams conducting social media intelligence, this can pose a significant threat to privacy and security. 

To mitigate this risk, investigators should use privacy-focused browsers like Brave or Tor. These browsers offer several features that protect against tracking and data collection by third-party entities, including cookies. Privacy-focused browsers prevent tracking by blocking cookies or deleting them after a browsing session is finished. By doing so, they limit the amount of data that can be collected about the user's online activities, reducing the risk of data leaks and identity theft. 

Additionally, privacy-focused browsers also come with built-in features such as ad-blockers and script-blockers that prevent malicious scripts and advertisements from compromising the security of the system.

These features allow analysts to conduct social media intelligence safely and securely without worrying about exposing sensitive information. Ultimately, privacy-focused browsers provide an additional layer of protection against malicious actors and help corporate security teams maintain a secure and private online presence.

3. Mask your IP address with a VPN

Masking the IP address is essential for security teams when gathering open source intelligence online. 

An IP address can reveal the user's physical location, internet service provider, and other identifying information, which can be exploited by malicious actors. By masking the IP address, analysts can protect their identity and maintain their anonymity while conducting open source intelligence gathering. 

This is particularly important for conducting investigations that may involve sensitive or confidential information, such as monitoring potential threats to the organization or its employees. 

Masking the IP address can be achieved through various methods, including the use of virtual private networks (VPNs), Tor browsers, or proxy servers. These methods help to obfuscate the user's true IP address and location, making it difficult for adversaries to track their online activities and gather identifying information. 

Additionally, masking the IP address can help to bypass geo-restrictions. This can allow analysts to access restricted content and websites that may not be available in their region. 

4. Never use a personal device during investigations

Security professionals should never use personal devices when conducting open source investigations because of the significant risks that such use poses. 

Personal devices are commonly used for various activities such as online shopping, social media, and personal communication, which exposes the investigator to potential security threats and reveals their identity and intentions to unwanted third parties. This could undermine the investigation's efficacy and confidentiality, potentially leading to severe consequences for the organization or individuals involved. 

Furthermore, personal devices may not have the same level of security controls and monitoring as company-owned devices, making them more vulnerable to attacks and security breaches. Even worse, personal devices may be later confiscated by law enforcement if they're caught up in the chain of evidence. This could further compromise the security of the investigation and expose the personal data of the investigator to third parties. 

Therefore, it is crucial for security professionals to use only company-owned devices that are designated solely for work-related activities, including open source investigations. These devices should be secured with appropriate security measures such as firewalls, antivirus software, and encryption to protect against security threats. This will best ensure the confidentiality, integrity, and security of the investigation, and protect analysts and their organization from potential security breaches and legal consequences.

5. Avoid using a company email address

Security analysts should never use their company email address when creating social media accounts for investigative purposes because of the significant security risks involved. 

If there is a data breach or leak, the investigative account will be linked to the analyst's real name and organization. That could potentially compromise the investigation's confidentiality and put the organization at risk. 

Instead, investigators should use a dedicated, anonymous email address when creating social media accounts for investigative purposes. This email address should not be connected to the analyst's real name or personal information, and should only be used for the investigation. 

Additionally, analysts should use a strong, unique password and two-factor authentication to secure the email account and prevent unauthorized access. When creating social media accounts, investigators should also avoid using any personally identifiable information, such as their name or job title. Instead, they should use a pseudonym or other non-identifying information to protect their anonymity and the integrity of the investigation. 

By following these best practices, analysts can conduct social media investigations safely and effectively, while maintaining the confidentiality and security of their organization and investigation.

 

 

The Bottom Line for Social Media Intelligence Analysts

While social media intelligence represents a powerful tool for corporate security professionals, it also carries significant risks. By following the expert tips outlined in this article, security analysts can minimize those vulnerabilities and conduct online investigations safely. 

From using anonymous email addresses and dedicated virtual machines to masking IP addresses and being cautious with investigative accounts, these strategies can help protect the confidentiality, integrity, and reputation of both the investigator and the organization. And by prioritizing safety and security in their social media intelligence efforts, security professionals can make the most of this valuable technique while mitigating the potential risks.

 


5 Investigation Mistakes You Don’t Know You’re Making 

We’re all ‘hard wired’ with cognitive biases to simplify complex decisions. But these mental heuristics can lead to faulty decisions, sabotaging OSINT investigations. In our free guide, we list the five most common cognitive biases that plague open-source analysts and outline practical strategies for how to deal with them.

LEARN MORE HERE >