One of the most common questions we get asked is if our Concierge Cybersecurity & Privacy Platform™ has online reputation management. Such an inquiry would have been completely unexpected just a few years ago. Traditionally, reputation management has fallen on the CMO and others within marketing and PR. 

Security and risk management professionals have been inquiring more about reputation management and its role in cybersecurity. The question is primarily driven by their attempt to correlate the integrity of an executive’s social persona with their organization’s overall cyber risk. 

Reputation management is being used interchangeably with social media monitoring

Reputation management refers to the monitoring and controlling of publicly available information about a person or business entity. It also commonly refers to any software or services that tracks, monitors, or manages brand, product, or personal perception. Most of this is not of CISO concern. 

What is relevant to security teams, however, is actually not reputation management; rather its social media monitoring.

Traditionally, social media monitoring has been used to track brand conversations over time. It primarily helps marketing teams find trending conversations, uncover ambassadors, and respond to complaints or criticism. 

With people’s lives increasingly online, executive social media monitoring now has the potential to help organizations discover security threats originating from fake social media profiles, social media account hijacking, and other malicious activity on social channels. 

Executive social media hijacking is a cybersecurity risk 

Social media accounts are increasingly being compromised as a precursor, or as the result of, a cyberattack, fraud, or identity theft. Just last year, “the Internet Crime Complaint Center recorded over 28,000 complaints related to social media spoofing with losses totaling approximately $216 million.”

Such threats are consequential to executives and their families, but also to the organization that they lead. For example, an adversary with access to an executive’s social media profile could facilitate social media impersonations and email spoofing. This could capture sensitive or proprietary information that could be used to launch a significant attack or data breach. 

Likewise, an attacker could negate an executive’s privacy protections by enabling location tracking. This could lead to cyberstalking, reputation damaging comments, and even physical harassment. 

Most of these threats and vulnerabilities are of CISO concern but not yet under CISO’s purview to control. 

Executive social media monitoring can bolster digital executive protection 

A brand’s reputation management and social media monitoring should remain under marketing and PR control. But, a strong argument can be made that, because of social media’s increasing influence over cybercrime, executive social media monitoring should transition away from the CMO to the CISO. 

Regardless of each enterprise’s decision, it’s important to remember that social media monitoring is just one small piece of the digital executive protection puzzle. Fully protecting executives, and by extension the company, requires a robust strategy designed to protect one’s digital privacy, personal devices, and home networks.

BlackCloak helps reduce digital privacy and cybersecurity risks to executives in their personal digital lives. To do so, we remove PII from more than 200 data broker websites. We constantly scan the deep/dark web for data leaks. In addition, we manually review and suggest changes to both social media and device privacy, security, tracking, and other settings

We also help our clients limit location tracking to only the applications that absolutely need to know their whereabouts. We set them up on the National Do Not Call Registry, ensure operating systems are updated, and install and configure a secure web browser and password manager. Additionally, we help establish dual-factor authentication wherever possible. 

Enterprise security can certainly benefit from executive social media monitoring. But realizing the benefits will not come to fruition until it is part of a more comprehensive digital executive protection strategy.