Picture these: A political dispute between two employees escalates into a fight. A staff member’s ex-husband shows up at a job site with a weapon. A woman attacks a cashier after getting caught with stolen merchandise.
It’s probably not too hard to imagine.
Incidences of workplace violence have become all too common. Nationwide, one-in-seven employees don’t feel safe on the job. And each year, some two million Americans are victims of a violent attack at work.
This presents a big problem for businesses.
Security, obviously, represents priority numero uno. Companies want to keep their staff and customers alike physically safe.
But workplace violence can also result in business disruptions and employee turnover. Not to mention the reputational hit that follows from bad media headlines.
So more CSOs have asked themselves, “How do I make our worksites tougher targets to attack? And if something does happen, how can I respond faster?”
One tactic security teams worldwide have started turning to? Social media monitoring.
Violent threats often pop up first online. So more and more, CSOs have started to pay attention to what’s happening on sites like Twitter, Reddit, and Facebook. And these efforts can pay dividends.
Threat intelligence gathered online has played a vital role in adverting and responding to violent incidents. And in some high-profile cases, it has saved lives.
Most people would assume bad actors don’t broadcast their plans online.
But nowadays, people feel comfortable sharing their private thoughts with the world. And increasingly, that also means sharing their intention to commit violence.
Online groups often make the situation worse. Forums can serve as echo chambers. Members reinforce the views of the community and actively shut down opposing ideas.
Exposure to such groups can radicalize individuals. Over time, members may adopt extreme positions on social or political issues. And in some cases, this might push a few to commit acts of violence.
In response, businesses have added social media monitoring to complement existing security measures.
Of course, not everyone who publishes bizarre or extremist content presents a threat. And some bad actors won’t reveal their intentions through public posts.
Still, no CSO wants to overlook an online threat. Or if they spot one, then fail to act on it appropriately.
For security teams, efforts to watch social media have already paid off.
Take a dramatic 2019 example, authorities foiled a plot to commit a mass shooting at a Wal-Mart in Orange County, Florida.
Police arrested a 26-year-old man after he wrote on Facebook: “3 more days of probation left then I get my AR-15 back. Don’t go to Walmart next week.”
Days later, law enforcement uncovered similar plots nearby in Tampa Bay and Daytona Beach.
Preventing incidents of workplace violence represents the most obvious payoff. But keeping a close eye on social media has other benefits, too.
For example, teams have uncovered cases of workplace bullying, vandalism, and sabotage. On the dark web, criminals will coordinate plans to target retail stores for theft.
Additionally, social feeds can provide almost real-time, on-the-ground insights during a crisis.
Events often get reported first on Twitter or Reddit. Sometimes posts surface hours before a story will hit mainstream news outlets.
So by keeping an eye on these channels, teams can respond faster to events.
The takeaway for businesses? Companies need a strategy in place to proactively detect threats targeting their worksites. Additionally, you need to be able to quickly assess the risk of anything posted online.
Some best practices include:
Geofencing: A geofence is a virtual perimeter around a real-world geographic area. This technique allows security to watch social media posts published from specific locations (i.e. near a worksite, retail outlet, or corporate headquarters). This can alert your team if something suspicious pops up in the area.
Keyword Queries: Not all social media posts include location data. So as a best practice, it makes sense to set up a geofence in addition to traditional keyword queries. Watch out for mentions of your company’s name alongside terms like “theft,” “kill,” or “shooting”
Deep & Dark Web: Increasingly, bad actors have migrated to the darker corners of the net. Conversations that once took place on Twitter have now moved to niche sites. Your team, therefore, needs to look beyond traditional social networks (i.e. Facebook, Reddit, YouTube). More and more valuable intel comes from a growing list of alt-tech social networks and the dark web. If your team overlooks these feeds, you could miss real threats.
Establish Lines of Communication: With your executive team, establish your organization’s risk tolerance. Then set up a process to quickly alert senior managers if a violent threat is spotted online. Reports should include a description of the threat actor(s), who or what they plan to target, and the evolution of the operation.
Keep Records: Social media posts present valuable pieces of intelligence during an investigation. And you might need them to enlist the help of law enforcement. Individuals, however, may delete violent posts. Accounts can disappear entirely. Or moderators might remove obscene content. For those reasons, security teams should record posts for future reference.
Cover Your Tracks: If a target learns they’re under surveillance, it could compromise your investigation. They may start removing posts. Or they could move to another forum. For these reasons, it pays to conduct your investigation covertly. Obviously, your team should avoid interacting with the target’s posts (likes, comments, etc). But it’s also smart to use a VPN or other privacy service to cover your online activities.
Enlist Outside Help: Build a list of external resources. From a legal standpoint, violent incidents are easier to address than other types of threats. So it’s often helpful to contact local law enforcement. Additionally, reach out to nearby business groups, fusion centers, and security organizations.
To be clear, social media monitoring isn’t some panacea.
As mentioned, not all threat actors publish their plans online. Security teams may not be able to access private or encrypted content.
That could mean overlooking critical threats against your organization. And depending entirely on social media monitoring for intelligence can result in a false sense of security.
For those reasons, you should layer the technique with a collection of security strategies. Look at it as just one more tool in your team’s arsenal.
But when applied the right way, social media monitoring can represent a force multiplier for addressing workplace violence.