What You Don’t Know CAN Hurt You…

Most business leaders are aware of the risks associated with bringing their service or product into the marketplace, but what about security risks to your operations, places of business, and people? You may think the risk of being directly targeted by violence or other negative action is a low, but times are changing. Especially in a time of growing political and social unrest, proactive measures to reduce vulnerabilities are critical. Today’s business leaders have a responsibility to recognize the limitations of obsolescent, reactive security measures and take more proactive measures for modern threats.

In my book The Safety Trap, I help business leaders identify the hazards that often hide behind a false sense of security. One of the most effective ways to mitigate these risks is simply to employ an “Awareness + Preparation = Safety” mindset and methodology. After all, we don’t stub our toes on the things we notice; we stub our toes on the things we don’t. And one of the most effective ways for a business to increase their awareness is to leverage open source intelligence (OSINT) to its most effective usefulness.

Here are five ways OSINT can be used to help your business reduce risk and prevent violence:

1. Background Checks

2. Social Media Monitoring

3. Reputation Management

4. Protective IntelligenceWhat

5. Vulnerability Reduction

Background Checks

Almost every business requires a pre-employment background check during the initial screening of an applicant, but very few organizations ever bother to follow up with due diligence once that individual is on the job. This can often leave a business vulnerable to valuable insights about the behaviors outside the office which may then bleed into the office environment.

Of course, while it may not be financially feasible to re-run a background check on every employee every year, a cost effective alternative to meet workplace standards could be the use of continuous criminal monitoring. This proactive measure is budget-friendly, while ensuring proactive oversight of your staff. Of course, hits obtained from criminal monitoring require adjudication at the local or state court. A full background screen is also an option at this time. Seek attorney counsel in adopting company policies pertaining to ongoing criminal monitoring and employment re-screenings that are in full compliance with applicable state and local laws.

Social Media Monitoring

“Leakage” is one type of several warning behaviors that often reveals a grievance someone has against an individual or organization they feel has wronged them. Outside of interpersonal communications, the second most common outlet for the expression of these grievances takes place online on social media sites like Facebook, Instagram and Twitter, online forums like Reddit, and review sites like Yelp. Monitoring these online platforms for references to your organization or names of key and/or public-facing employees should be routine vigilance against those who may bear your organization or employees ill will.

Reputation Management

While background checks may raise your awareness as to how individuals are promoting their own personal brand in the public landscape, and social media monitoring may help you identify those who bear you harm, OSINT can also help you understand how effective your own branding and promotions are being viewed by the world outside your doors. Just this month, Simon & Schuster was forced to make a statement about their plans to distribute a book written by former Louisville police officer Jonathan Mattingly after news of its publication ignited widespread criticism. It’s reasonable to assume that the Simon and Schuster C-Suite in New York would have loved to have known about the potential backlash before learning about it in The New York Times.

Protective Intelligence

Protective Intelligence is the process for collecting and assessing information about persons, groups, or organizations that, for reasons political, ideological, or personal, represent a physical threat against your organization or your employees. Protective intelligence is also especially helpful for raising your organizational awareness to non-violent threats like social engineering and exploitation, cyberattacks, and ransomware. While much of this information may be collected via social media monitoring, there is also a vast amount of OSINT available in uncovering relationships among people, companies, domains, and publicly accessible internet information.

Geofence monitoring can be employed as a protective measure for physical locations, alerting you to nascent threats or employee actions, such as a strike, well before they develop. Due diligence investigations can give valuable insight to a company’s fiscal and reputational character prior to a merger, acquisition, or partnership. OSINT can also be used to investigate almost any kind of document that it can reach through public channels, including in PDF, DOC, PPT, XLS and many other formats—a valuable asset in helping to reduce risks from industrial espionage by examining them for hidden malware or exploitation encryptions.

Vulnerability Reduction

Vulnerability reduction is the process by which an organization—having been made aware of the real-world insights provided by their OSINT, due diligence, social media, geofence, and continuous criminal monitoring measures—can begin to prepare today for a safer tomorrow. Your leadership’s participation in this process—and organizational buy-in—ultimately is what’s needed to bolster against modern risks and prevent them from ever becoming a reality. 

About the Author

Spencer Coursen is a nationally recognized threat management expert and the founder of Coursen Security Group, a premier threat management firm based in Austin, Texas, that provides security assessment, vulnerability reduction, and protective strategies to help organizations, public figures, and others succeed in staying safe. He is the author of The Safety Trap (St. Martin’s Press, 2021). Spencer is a combat veteran, former supervisory special agent, and private security professional whose unique global experience includes an exceptional record of success in the assessment, management, and resolution of threats, conflict resolution, employee terminations, physical security assessments, expert witness testimony, policy authorship, protective intelligence, and vulnerability reduction.