• Judging Social Media Risk

    by  • October 2, 2013 • Uncategorized

    “Good judgement comes from experience, and experience comes from bad judgement.”

    You have seen the corporate speech. Had the training from HR. Maybe even read (or at least skimmed) the corporate policy stuffed with legalese, or God forbid, actually take a look at the current (but changing next week) Facebook privacy policy.

    You understand the risks. Or do you?

    I stood at the edge of the diving board, my eight year-old self looking down at the pool, unaware that the accumulated water on the board had made it slippery.

    I jumped up, coming back down for the bounce. My feet hit the front edge of the board, slipping sideways as I tumbled off the board. I hit the water at the wrong angle and the force drove my face right into the wall of the pool.

    The result? Four front teeth knocked out, eventually braces, and a pile of dentist and orthodontist bills for my parents.

    If somebody were to ask you “what is risk,” we should all be able to answer right? After-all, we are faced with it a number of times everyday, no matter where we are in the world. On Facebook, in our email, or on a diving board.

    We should be aware that having a Facebook account, a twitter feed, connecting with someone on LinkedIn, checking your account on your iPhone, even texting your mom all entail risk. The risk might be major or minor, but are we really aware that there is risk there?

    Jumping off a diving board is risky, right? I should have known that, right? Are we really aware of what risk is, and when we are taking them? At eight, I wasn’t. Not sure even now that I am past 45.

    Most dictionary definitions of risk boil it down to the probability of a negative outcome, often attached to some aspect of finance or healthcare, and based upon a known or unknown vulnerability.

    But I don’t really think this is what risk is. Way too clinical and academic. And too often, we don’t recognize or have an awareness of risk for what it is because of how we define it.

    It can be seen through a windshield as you are driving down a two lane road with another car approaching from the other direction, only separated by that thin set of double yellow lines and an implicit agreement with the other driver.

    It can be as hidden in an everyday event such as taking a drink of water from a seemingly clear and pristine stream, not knowing what bacteria are present in the water.

    It can be shielded by the natural human tendency to trust when you open a seemingly important email that unleashes a virus that quietly steals personal data like your bank account information and later more.

    It can be concealed in that positive emotional response to a friend request on Facebook, even though we have no clue who the other person is. They are good looking, so does it matter that they now have access to a lot of your personal information and photographs of your children, where you live, who your friends are, and where you like to hang out.

    Risk is not the probability of a singular event, at least in the real world and even the digital world. The real and digital worlds are based on the passage of time and time is a series of events. And risk does not exist separately from these events.

    Risk exists in the options and choices of a potential series of events, online and offline. Risk is a continuum of a series of events that may or may not have a negative effect, based upon the relationship of the events with other events and factors.

    Jumping up on the diving board was not necessarily risky. It becomes risky only in relation to other events and factors. Even slipping off the board was by itself was not inherently risky when separated from the angle of the impact with the water. Had I shifted my shoulder one way or my hand another, or tucked my chin the outcome would have been different.

    How about opening that email? Not necessarily. It could be from a co-worker, a friend, your spouse, etc. Or it could be nothing. Or it could include malicious code hidden in a pdf document that is attached.

    How about that friend request on Facebook? It could be the friend of an old college friend trying to expand their circle of friends. Or it could be a someone or some organization that has targeted you.

    The problem isn’t that the risks exist. It isn’t even that we aren’t able to eliminate the risks. The problem is that most of us don’t even know how to judge the risks and then act based upon that judgement.

    We are often unaware of the risks we are exposed to everyday. And we can’t teach people to avoid most risks or even identify them. And forget adding in any Black Swan event. At best we can help them judge risks better.

    With social media, we can help them understand where the potential risks are like information leakage, hidden malware, privacy settings left too open, or even something as simple as not having a password on a mobile device.

    Once they understand that these risks really do exist and that they can have consequences if they materialize, then we can start working with them on judgement.