Yes, we are discussing social media and the sharing of sensitive information on social media platforms. No, it’s not a repeat of what I discussed back in early February so don’t adjust your screens or refresh the page. I did not think I had to bring this up with other locksmiths but I was wrong. When I wrote the first post it was mainly to stress to other locksmiths, specifically the institutional variety, that you need to be cognizant of social media as it relates to your keying and access control systems as well as the key control policies that govern them. I didn’t realize that actual locksmiths needed to be told the same but, hey, here we are.
Don’t take that as a shot across the bow. I don’t mean that all locksmiths need this lecture. 99.99% have enough common sense to, say, not post key bitting information or pinning charts along with the customer’s location but, apparently, some do. This post is for those people and those companies.
Let me state this as plainly as I possibly can: don’t post your customer’s information online via social media. There is nothing wrong with showcasing work, I get that, and I’ve done that. It’s one thing to showcase an exit device install or a new door that you installed; that’s innocuous, that information cannot be used to decrease the security of your clients. But actual information that can be used to create working credentials for an easily identifiable location? Like the aforementioned key bittings? Pinning charts? Along with the customer’s physical location? No, don’t do that. Good Lord, never do that.
When in doubt, don’t post it. If you want to show others that you’re doing a large rekey or installing new locks, great, but don’t divulge the key bittings, the keyway, or the location. That’s analogous to telling someone on social media that you’re going out of town for the week and you have a lot of high dollar items in your residence. Maybe show a picture of the locks, sans keyway or brand, in front of your pinning kit and not say who you’re doing it for. In fact, never mention your client’s names. That’s tacky.
Put another way, let’s assume that someone out there has just as much intelligence as yourself. Before you post an image to social media, ask yourself: “Could this person use what I’m about to post to undermine the security of my client?” I don’t care how far fetched or unlikely it may be, if you can answer yes, don’t post it. Don’t. Just don’t.