Social Media Investigations and Monitoring for Risk Mitigation Purposes

The use of social media and the way it affects our lives and businesses have brought a new challenge to the security industry and the protective team’s responsibility. It gives the entire world the ability to look into people’s lives with the mere push of a button. Scandals are created, secrets exposed, and lives ruined. In the case of personal security, social media can be used in the advancement of a protective detail; however, one must know how to utilize it properly. Today, we will talk about Social Media Investigations and Monitoring. For those who are not aware of the term, as we utilize it in protection circles, Social Media Investigation and Monitoring is the process by which you can identify what is being said about your clients, a brand they represent, or the corporations with which they are involved and any threats or dangers that may exist in relation to those aspects.

As we sift through different social media platforms and online channels, we must then determine if what is being said has any significance regarding your clients’ reputation, persona, and safety and if there is the need to mitigate any risks. In other words, it’s like setting up an online, social media “net”. This process then helps you discover everything that is being said, written about, or portrayed on social media and determine its relevance to your clients. You can gather information about the ‘’public opinion’’ surrounding your clients, about people or entities who are angry with them for one reason or the other, people who are obsessed with them, or people who are making online threats. SOCMINT or Social Media Intelligence (not to be confused with OSINT) has seen a huge rise in necessity due to the use of social media and a competent protective detail needs to always be informed and social media investigations and monitoring are a huge part of this process. 

Now, let’s see some examples of how social media investigations and monitoring applies in protective services. Let’s say one of the people you are protecting belongs to a large pharmaceutical company and they decided to raise the price of a specific drug, thus affecting the lives and wellbeing of thousands of people. Perhaps another client is involved in a financial institution that quite suddenly makes a significant decision that affects people’s lifetime savings and pensions. You can imagine that there will be a significant number of people who become very angry, and some may want to harm your client. During the recent pandemic, there were a number of “anti-vaxx” groups that were quite vocal and utilized Facebook as one of their many platforms to accomplish their goals. Another example would be the need to discover if there is someone using your client’s name or company to scam others and commit crimes.

We are sure that many of you today are aware of the infamous ‘’Tinder Swindler’’, Shimon Yehuda Hayut, who legally changed his name to Simon Leviev to pretend to be the son of the billionaire Lev Leviev and used his name and company logos to scam people. Although his actions were known since 2017, it was only after the airing of the Netflix documentary in 2022 that the Leviev family found out and filed a lawsuit against Hayut for falsely portraying himself as the son of Lev Leviev, receiving benefits, and committing crimes.

No alt text provided for this image
(Photoshopped image of Shimon Hayut, aka Simon Leviev, with Lev Leviev (Picture: Netflix)

According to Leviev’s family attorney, Guy Ophir, they will now include anyone who has attempted to make a profit from his scam during the next lawsuit. What we can ask is, as security providers, why didn’t someone from the real Leviev family ever discover this scam artist who was extremely public and active on social media as the ‘’son of Lev Leviev’’? Although the real family members were never part of this fraudulent scheme, and it didn’t appear to affect their safety, it did, however, involve their name/brand in a very public and negative way. In other words, it should have definitely been considered as a threat to their reputation. Other people who were harmed by this scam artist were the businesses who did work with them, and their secondary service providers as well. 

No alt text provided for this image

Another interesting case to mention is Elon Musk where he, the actual client, took it upon himself to “solve” the issue and directly contacted the person of interest who had begun posting his private flight details and created the security risk for him and was literally blackmailing him unless the POI was paid. According to media reports “Elon Musk states social-media accounts that track his travel movements are ‘becoming a security issue.” Tail numbers and yacht names of billionaires are increasingly being shared on online platforms and one can track them by having the appropriate app unless significant efforts are made to secure them from the reach of those diligent few. These are some unique specific details that the security team needs to pay close attention to at all times.

Since Social Media platforms are the way people today communicate with each other, we as security providers must keep in mind that this is not always a positive aspect. Perhaps a person or persons will utilize social media to collectively gather people with their same goal or mission, to get together and plan their next move (Example: protesting outside your client’s house or corporation). In this case, you will want to know what is being said online about the person you protect to determine if there is something of extreme necessity to include in your risk and threat assessment and then take protective measures as well as inform their legal department.

As we have all witnessed too many times, it only takes one well-placed picture or story regarding some alleged activity on the part of your client, and it will go viral quickly, truth or not. Staying one step ahead of this type of “attack” has become a crucial necessity in order to protect your client from embarrassment or exposure. One of the most common issues in recent history is when personnel close to the client i.e., family, staff, vendors, and any other secondary customers post pictures, stories, or opinions and subsequently fail to understand the negative effect these types of communications can and will have on the client’s life, business, and the lives of their loved ones.

Why do you need a Social Media Investigations and Monitoring Strategy when you are a security services provider? To summarize we can say:  

1) To identify new threats. 

2) To discover what information about your client is posted online either by himself, the ones close to him, or his employees and evaluate how these affect his safety. 

3) To evaluate a threat (someone is posting online threats directed at your client).

4) To add to your due diligence.

5) To geolocate a picture or a video, sometimes even audio. 

6) To include any findings in your Risk and Threat Assessment (We can never highlight this enough, social media surveys and investigations are now a critical part of your Risk and Threat Assessments).

7) To find people obsessed with or following your clients (stalkers).

8) To identify hate groups or terrorist organizations that may affect your client.

9) To identify people or businesses your client may or may not want to do business with.

10)To mitigate risks from the information found online about the person you protect (How are the pictures of my client used or tampered with and for what purpose?).

11)To identify if someone is impersonating your client or a family member.

12)To find out if your client’s moves/visits/travels are posted online (Exposing them to others who may be in the same hotel, conference room, restaurant). 

13)To identify workplace violence or insider threats indicators.

14)To find out what is the ‘’public opinion’’ regarding your client (Always keep an eye on what is being said about your client and have a strategy to respond). 

15)To determine if a person or persons are utilizing your client’s name or business name in a malicious or unauthorized manner for their own personal gain. (Claiming associations or partnerships, etc.)

How to perform Social Media Monitoring for security purposes? 

First, let’s clarify one important thing. ‘’Googling it’’ is not enough, nor is it the answer. There are a number of search sites that allow for user input thus watering down or contaminating information and it’s accuracy. For those who are not aware, Social Media Investigations and Monitoring is quite a different department of protective services and quite often falls under Intelligence Analysis and Open-Source Intelligence. It requires unique skills and knowledge. One must clearly understand different social media and research platforms and how to use each one of them (and/or in combination) to obtain information. How you will approach each case is different and certainly depends on who your client is, their business, close relations, and/or their public image. This will directly affect the searches and the resources used and for what purpose. It is vital in our current day and age to include SOCMINT (Social Media Intelligence) in your client’s service proposal, no matter how public the person may or may not be. Hiring ten Executive Protection agents and a Residential Security Team is not enough anymore. SOCMINT services are a vital part of your Risk and Threat Assessments (Dynamic Risk Assessments too) and enable your protective detail to function more efficiently. 

For those who can not provide a certified Social Media Investigator for their clients, follow up with these steps:

1)Understand who your client is, his/her background, the threats, where do they stand in political, social, financial sectors.

2)Be aware of any of the latest changes in your clients’ lifestyle, public opinions, and professional decisions. 

3)Be aware of any of their political and social changes. Watch the news from multiple channels. 

4)Familiarize yourself with all close family, friends, staff, and associates and their respective social media footprints.

5)Set up a social media investigation and monitoring strategy. 

6)Have a good understanding of the Intelligence Cycle (How the intel is being collected, analyzed, disseminated, reviewed, etc.).

7)Have a good understanding of the search tools on different platforms (Facebook, Twitter, Instagram, TikTok, LinkedIn, Tumblr, Reddit, etc.) 

8)Do research on the available search engines and the strengths and limitations each one may have. 

9)Know how to conduct image, video, and audio research and gather intelligence from them.

10)Invest in appropriate platforms for social media investigations and monitoring (Have in mind, NEVER rely on one platform’s result or just platforms’ results. The user/investigator is the main component of a social media investigation). 

11)Download and use appropriate search engines extensions and apps. 

12)Invest time in creating ‘’sock puppets’’ or fake profiles and maintain their persona. Sometimes you may need a profile to have access to different forums or groups without being discovered.

13)Train yourself in link analysis (How to look for connections between people, events, and organizations).

14)Set keyword alerts (In multiple languages in case your client has ties with more than one country).

15)Gather, analyze, evaluate, and report your findings to the appropriate department or leadership.  

As the threat landscape changes every day, we as protection providers must be able to adapt and keep ourselves up to date with additional training. Today’s executive protection agent must also be skilled and knowledgeable in investigations, open-source intelligence, protective intelligence, HUMINT, and have an increased understanding of cyber security. Large corporations have already created their own embedded intelligence departments, while others are hiring threat analysts and OSINT investigations from outside security providers. The rise of protective intelligence, and whatever that includes, is here to stay and we are seeing it more and more through the highly increased number of related job postings every day. 

If you are an Executive Protection Agent and want to learn more on how to utilize Social Media Investigations and Monitoring for Risk Mitigation Purposes, reach out to us.

f you are a service provider and want to add Social Media Investigations and Monitoring for Risk Mitigation Purposes on your service list, contact us to learn about our vendor services. 

Chris Grow

AUS Global Special Services Travel Team

Managing Partner LeMareschal LLC

Denida Grow

Founder & CEO

Athena Worldwide 

Nannyguards

Managing Partner LeMareschal LLC

Marketing tips for Executive Protection Agents

Perception is everything, protect yourself and build your reputation on solid ground.

*These are part of a panel of personal opinions formulated from my experience in the industry as an EP agent, business owner and recruiter for other corporations. Keep in mind that just because I preach it, doesn’t mean I haven’t made the mistakes. It’s actually the fact I have made some of these and it’s caused me to learn what can work and what doesn’t. You may not agree with me or follow up with the suggestions but experience is an amazing teacher…”Let he who has ears…”*

1) Know what you know and know your value. (Know what you are willing to sacrifice as well, working more hours, night shifts, holidays, for how much, or how little.)

2) Know what you don’t know and either leave it to someone else or study it (There is nothing worse than someone who is trying to operate in many different fields, and yet, have quite limited knowledge on each field and act as though they’re the authority on it.) Focus on what you are most interested in and master it. Only move on to something else when you have a solid foundation on a topic and you are prepared to expand to something else.

3) “Listen more and talk less” Comment or post on social media only if you have something constructive to say, always stay on point and use professional language

4) Post or comment only on subjects you know well, subjects you have studied and subjects you know from real-life experience. There is no need to post daily or non-related posts.

5) It takes specific work and quite simply, boots on the ground to consider yourself experienced. Having worked EP two or three days a month doesn’t make you qualified enough to disagree or raise your voice with people who have been doing this for 10+ years. Neither are you an expert after one or two years in the industry (You can always see who is who and what they know and don’t know by what they post on social media). Stay humble, lay low and learn your trade well…Your day will come)

6) Maintain a professional image on all business-related social media sites. A suit and tie picture will always be better than a tank top or a duckface selfie.

7) Build a professional LinkedIn Profile, highlight your skills and post all your professional and educational achievements.

8) Stop posting sensitive information, IDs and license numbers on social media (You are a security professional! If you fail to protect even your own personal information, what does that tell me about how you handle your clients’ information??)

9) Always maintain OPSEC in every post you make. Always think, “How could this be used to harm my client or my team?

10) Protect your data! We have seen more and more security professionals warning their connections that they have been hacked! If your ex gf can hack your Facebook or LinkedIn profile, then you are probably not very good at keeping your clients or your detail’s information safe.

11) Keep high school drama out of social media.

12) Control your emotions, remain professional at all times…You are your client’s close protection, NOT his/her “Buddyguard”. Friendly at all times, not Friends.

13) Be careful of your connections and the people that you recommend or work with. Have you heard death by association? Make no mistake, it is a very real factor in our business!

14) Build a professional-looking CV, keep it simple and to the point. There is no need to hire a CV writer, you know what you have done, trained for and accomplished.

15) Invest time in building connections. Spend time talking to others or helping them with their projects. I have gained many contracts after the interviews I did with others.

16) Offer pro bono services to companies you respect and want to be involved with.

17) If you are single and have no family commitments, perhaps you work that shift on Christmas or other holidays so someone else can spend the day with his children. You have no idea how being understanding can help you in the long term.

18) Study your clientele and any potential clients. The industry has changed significantly and the new wave of clients are IT gurus, app developers, cryptocurrency investor, reality stars etc. Always be knowledgeable on current trends and topics.

19) Be informed on local and international news, threats and events that affect the industry and the needs or operational aspects of your clients.

20) Don’t be arrogant, there is a fine line between being confident and arrogant. Never cross it…There usually is no way back once the damage is done.

Denida Zinxhiria Grow

Founder & CEO

Athena Worldwide

Athena Academy

Nannyguards

Managing Partner

LeMareschal LLC