Traditionally, security risks to computer users—especially those connected to the Internet—were caused by technical vulnerabilities, and, therefore, Internet security packages have historically focused on securing against threats that exploit technical vulnerabilities to compromise electronic resources and/or render technology difficult to use. Internet security packages for consumers and other individual users typically include anti-virus, anti-malware, anti-spam, anti-phishing/anti-malicious-websites, firewall, basic intrusion prevention and detection, and other technical-type defenses. Server security systems typically include technology that is more robust and, in addition to providing more powerful versions of the types of defenses that existed for end users as described above, address the additional risks to the organizations providing services via the servers—typically functions like authentication, authorization, and other server-specific risks.
Various network security systems and other types of technical defenses were also developed, marketed, and deployed. But, in each of these cases, the digital security was primarily intended to address technical vulnerabilities, and when human error was being addressed by such technologies it was in the context of human error creating those technical vulnerabilities (for example, if a human turned off anti-virus software, an Internet security software package might, upon checking the machine, warn the user that that a technical vulnerability existed in that anti-virus software was turned off). Even enterprise-level management packages work by addressing technical risks in such a fashion. In the previous example, an enterprise-level utility might prevent a user from accidentally turning off anti-virus software or opening up personal firewall ports, or might correct the situation if a user did so. Software offered as a service (SaaS) models of implementations, and the proliferation of mobile devices, did not dramatically alter the offered security solutions either; since technical defenses were used to secure against technical risks, with packages being essentially (significantly scaled down versions of) anti-virus, anti-phishing/anti-malicious-websites, and personal firewalls with some additional mobile-specific functions such as remote wipe capabilities. Even with the mass adoption of social media and its usage, security packages that offered “social media security” did so by scanning social media for links to rogue websites, malware, and the like. The basic concept of digital security—securing against technical risks—did not change, and until the present invention, remains unchanged.
While ensuring security against technical risks remains important, a new series of security risks has emerged, and, prior to the present invention, a major risk—in fact what may be the greatest risk—to users of social media has not been addressed. Whereas malware and other technical risks may once have been the biggest problem for users, today the risks associated with the divulging of information that a user does not intend to divulge, or that the user intends to divulge but does not understand the consequences of divulging, or that the user thinks is being divulged to particular party or parties but in fact is being divulged to others as well (or instead), may be more significant, especially since no real countermeasures have been developed until the current invention.
While some people are aware that one should not explicitly post sensitive information in social media that is publicly viewable—such as posting one's email password on a Facebook wall or timeline—it is quite common for users not to realize the consequences of their postings in social media, or the postings of others that may have relevance to them. Information that can be extrapolated from what the user may think are innocuous postings, settings, or other aspects of social media can be seriously damaging to the user. As one example, some people continue to use their mothers' maiden name as a password for accessing their financial and medical data—yet this information can often easily be gleamed by anyone viewing their Facebook profile. Likewise, people may post information that impacts their employers, organizations for which they volunteer, and other entities. A user who, using a social media site, suddenly connects with multiple people in the mergers and acquisition practice of a law firm that services his employer, for example, may cause others to realize that his employer is considering a sale.
The great risk of unintended consequences of both intentionally and unintentionally sharing information through the use of social media platforms by users and others has emerged and poses a serious threat in the present day—yet no current security product addresses it. Users of social media often post items (including information, text, cartoons, videos, photos, sound bites, and other forms of media)—or have information posted about them, or associated with them by others, by apps, or by computers themselves (often without the knowledge of the user)—that may expose them—or increase their exposure to—one or more negative consequences. Businesses may be put at competitive risk, or even get into trouble for violating regulations, as a result of social media posts. It is important to realize that a problematic item or content which can cause negative consequences is not necessarily a negative or derogatory sounding posting. If an employee of a company posts a comment online that is highly complimentary of products of that firm's direct competitor, that post, while sounding positive, may be highly negative in effect for the poster and his or her employer.
Examples of information sharing that can lead to harmful consequences include:                sharing information about a person's family relationships, place of employment, and interests can be leveraged by criminals as part of identity theft;        sharing information about a person's children and their schedules may help facilitate kidnapping, break-ins into the person's home while he is carpooling to work, or other harmful actions;        publishing evidence that a user has engaged in potentially controversial activities, such as photographs of alcohol and drug consumption, smoking, using weapons, participating in various activities, viewing materials in which people appear in various states of undress, crass humor, dressing in various type of garments, viewing or posting racist-type materials, associating with certain characters, and other examples of potentially problematic or controversial activities—could impact a person's business, employment, or social prospects;        sharing various types of information that may impact a user's relationships, such as a photo of a man holding another woman, and vice versa, could impact his or her relationship with a girlfriend or spouse;        sharing information related to financial or medical activities may lead to disclosure of very sensitive and private information. For example, photographs or location data placing a person at a particular medical facility may divulge that the person suffers from a condition which that facility is known to specialize in treating;        included in social media would be gaming sites in which posting dialogue, stats, interests, etc. can lead to problems, by, for example, allowing an employer to discern that an employee was playing during work, allowing teachers to determine that a student was playing during school hours when she was supposed to be home sick, publicizing all sorts of private and personal information. Moreover, criminals know to look at these sites for information about people;        sharing or leaking confidential information about a business's customers, competitors, research, contemplated products, potential litigation or exposure to liabilities, etc. can lead to problems for that business. Various types of such leaks may even violate the law, such as, for example, securities laws relating to public disclosure;        publication of information regarding a person's connections in social and professional media may signal implications for the person's employer. For example, an employee who works in the legal department connecting with multiple people from a competing organization, or with parties involved with Mergers and Acquisition services, may signal potential M&A activity of his employer;        sharing photographs or making posts relating to a domestic or international geopolitical issue may result in increased government surveillance, or incorrectly being associated by government agencies with various dangerous groups; and        sharing photographs and videos of an employee pictured with, or commenting about, a competitor's offering can lead to potential lawsuits (for example, if the employee speaks negatively about the offering with inaccurate information), or in a competitor obtaining an advantage (if the employee endorses the competitor's product on camera).        
Naturally, many other examples are possible, but the aforementioned illustrate why there is concern about the unintended consequences of sharing of information through social media. Additional examples will be presented in the following discussion and descriptions.
Furthermore, because social media is relatively new, people are not as knowledgeable of the risks related to its usage as they are to most other computer security issues. At least in much of the Western world, a generation of people is presently being raised whose parents are familiar with the concept of computer viruses and the need for anti-virus software. The new generation will be, for example, instructed by their parents about the risks of viruses and the need to use anti-virus software, much like earlier generations were taught about the dangers of fire and flammable materials. However, no child growing up today has parents who used social media for more than a few years (since social media is only a few years old). Moreover, none of today's parents were educated when they were young about the risks of social media—creating a situation in which a huge percentage of the population does not understand the full risks of social media usage, and as a consequence, younger people cannot be properly trained about its risks. Likewise, employers have proven unprepared for dealing with social media—which poses risks with which they have never had to previously deal.
As those skilled in the art will recognize, the non-technological risks of social media are significant. These risks are exacerbated by a general lack of awareness by the public of the risks, the lack of preventive action by the public that can avoid social media problems, and non-existence of technologies that can address the risks in any automated fashion prior to the invention.
Furthermore, as those skilled in the art will recognize, most people do not like to make efforts in order to ensure cyber security. People often do not recognize, or dismiss, the magnitude of risk to themselves if they avoid taking action, and consequently they don't take any potentially preventive action. Therefore, anything that can successfully motivate users to improve security, or to utilize security-improving technology, has significant benefits. Today, social media users are accustomed to responding to posts from businesses that give away freebies or offer discounts for performing various simple, non-invasive actions. In addition, social media has become a major sociological force and people often enjoy participating therein. As such, a system or mechanism that, in addition to improving security, would offer some tangible incentive for users to improve security, that mechanism could gain wide acceptance and make a big difference. This is especially true if the system, which leverages social media to reward users, is intended for use by people who are already known to use social media. Furthermore, people typically like to be recognized at work, so a reward system implemented by an employer for employees who utilize a security system can be highly effective.
In addition to all of the above, parents and other guardians may wish to secure their children or others from various risks of public information sharing, some of which are described herein. Likewise, businesses and other organizations want to protect themselves as well as people associated with them (employees, board members, contractors, partners, etc.) from the risks described above, and also from running afoul of regulatory or legal requirements. One problem faced by businesses, parents, and other guardians in implementing a security solution is their appearance as a “Big Brother,” which frequently comes with active monitoring. Another problem is that certain types of monitoring by businesses and individuals may be illegal.
Even if the monitoring is legal, it is both an arduous task, and something which, in a best case scenario, will still cause a lot of ill will, employee dissatisfaction, and negative publicity. To address social media risks, some businesses have prohibited the use of social media by their employees at work, but stopping people from using it during off hours is nearly impossible, and the risks remain if such access is allowed. Furthermore, social media is becoming increasingly necessary for business—so prohibitions on use are becoming impractical and an impediment to success. Likewise, scenarios in which employees bring their own mobile devices to work render it nearly impossible to prohibit social media access while at work.
It is therefore the object of the present invention to provide a system and method for solving the problems outlined above.