Measuring the risks of social media in shipping
Social media is a serious business. We all understand that, right? Apparently not. Too few of us appear to consider who can access the information about ourselves we pile onto social media platforms or how that data is harvested and sold to people who want us to buy more things.
The fact that so many users allow their information to be publically available makes them susceptible to everything from friend requests to phishing, stalking and hacking, even at sea.
How do we know this? Thanks to the loss prevention community. The Norwegian Hull Club has issued a well-meaning warning to seafarers that journalists and pirates might use their social media postings for nefarious purposes.
The Club says that social media platforms such as Facebook, Sina Weibo and Instagram which are used to keep in touch with family and friends can also be used by snoopers, pirates, journalists, anyone in fact with an interest and a threat profile.
It’s a good story and was eagerly lapped up by the maritime media hungry for a whiff of ‘cyber’. What it really is though, is best practice policy guidance that has been used for the purposes of external publicity.
As such, it opens up the subject to further scrutiny, and of course, the attentions of those it hadn’t occurred to before now. Again, nothing wrong with this per se. My friends at MTI do a roaring trade presenting to conferences pictures of crews they have pulled off social media that their shipping company clients had no idea were there. It’s entertaining stuff with a serious message.
The question it raises in my mind is whether every Norwegian Club employee (and contractor) has also signed the form to say they’ve read the social media policy. And that they actually did read it and adhere to it.
It also suggests that the Norwegian Club thinks that hackers/stalkers/pirates view seafarers as a serious ‘air gap’ in its risk management process. This may be true, but surely its shoreside personnel, logging on to any Wi-Fi network they can find, leaving their phones lying around and their credit cards behind the bar, are much closer and easier to extort, stalk etc.
It seems to me that every time there is an advance in the social communications technology available to mariners, there is a P&I Club ready to warn of its potential risks. It was a similar story when the North of England Club suggested earlier this year that a good game of darts or a hand of cards was preferable to the isolating use of social media by crews.
My interpretation of the North’s circular was the suggestion that allowing crews to use social media was a potential safety risk because instead bonding over board games in the mess they were increasing their emotional burden through sharing on Facebook and poking their mates.
I should point out that NEPI strongly disagreed with my conclusion, something they pointed out at length. But it struck me again this week reading the Norwegian Club release that it could be construed that owners and managers, not to mention insurers think their crews simply cannot be trusted with tools such as social media or that these are somehow a distraction from their work, rather than a vital connection with home.
When experts on cyber safety ask owners how recently they gave crew relevant IT training, the answer is usually that they haven’t, so it’s safe to assume that social media training is even further down the list.
This doesn’t stop owners and managers giving their contractors legal charge of a multi-million dollar ship, with a cargo potentially worth even more. This is everyday practice, even though the crew will have gained training and certification designed to meet only the minimum standards required.
It seems obvious that everyone; masters and crews, agents, pilots, stevedores, harbour masters, truck drivers, terminal operators all the way along the supply chain to mutual insurers should be aware of the risks of social media and that it is their employers’ responsibility to make this happen.
But singling out seafarers, the majority of whom still do not have satisfactory access to the most basic data communications, as a weak link in the chain is counterproductive to say the least.