About Us | Contact Us
View Cart

Don’t allow it, don’t worry, it’s a fad that will soon go away . . . . NOT!

By Dan Hadaway | Wednesday, March 30, 2011 - Leave a Comment

I admit it.  I was one of the security professionals that stuck my head in the sand.

As I take great pride in not sticking my head in the sand, I have to wonder which part of my exposed body stood out most to Generation Y people who quietly smiled inside when I would say “don’t allow it, don’t worry, it’s a fad that will soon go away.”

Just last night I spent about forty-five minutes of a two-hour talk on the subject of Facebook.  While driving home from the occasion, I reflected on the history of Social Media in community banking and felt maybe I should use this as an opportunity to update Dan’s New Leaf.

Facebook was launched in 2004, and by the time my daughter Dani went to college in 2007, every new student at Indiana University was signing up for Facebook as part of their orientation.   As nervous parents watching our daughter grow up, I didn’t think much about Facebook then.  I figured it was just a fad.

But within a couple of months I had a Facebook account, only because my demands for Dani to send us pictures regularly (after all, we bought her a shiny new digital camera for her graduation present) were met with “how about I post them on Facebook.”  Being one who didn’t like tying up e-mail with heavy attachments, I enjoyed the ability to download pictures from Dani’s college experience.  I always remember my first wall post, which went something like “the only reason I’m here is so I can get pictures from Dani’s college experience.”

I’m not writing about this to brag that hey, I was on Facebook way back in 2007.  Instead, I’m writing to say that even though I had the ABILITY to see the power of Facebook, my ATTITUDE still caused a standard reaction when clients would ask about it:  “Don’t allow it, don’t worry, it’s a fad that will soon go away.”  Unfortunately I held that position until 2009, when I realized not only is social media NOT going away, but the risks to banks aren’t as much in their own Facebook sites, which can be controlled, but moreover the risk is in the way bank employees use their own social media tools WHILE AT HOME.

And even that belief was wrong.  At least in 2007, social media use was predominantly still at home.  But by 2009 the use of social media became a mobile thing-to-do with our shiny new smart phones.  This compounded the risk even more, as bank employees could now tweet their disgruntlement with that last rude customer, in real time, from the teller line.

I look back now and wonder why I didn’t see this coming.  By 2008 I had signed up for LinkedIn and created the Infotex page primarily because my geek friends and clients were demanding that I do so.  At first I would send a message back saying “I’m not really into social networking, do I have to?”  But when the people inviting me to be their connection on LinkedIn were my clients, I could no longer resist.

And as a LinkedIn user, I saw the risks right there.  I saw people being endorsed by middle managers from the same bank that fired them.  I connected to a head-hunter who then went after my own employees.  I saw the ability for us to leverage social media in our own pretext calling on Clients.  All this is why I started saying “don’t allow it, don’t worry, it’s a fad that will soon go away.”  I wrote an article for a trade magazine (that will go unnamed in 2008.)  The magazine was interested at first, but when I raised issues about people using LinkedIn at work to network and find jobs somewhere else, the publisher understandably got cold feet, worrying that the article would be too controversial.   The words of the publisher (I just dug out the email to confirm) were “this article could put us in an awkward position with our readership.”

In 2009 I audited a bank that had a Facebook page and though I was relishing the opportunity to slam them with a list of deficiencies they had actually done a GREAT job of leveraging the technology.  They made the page exude their community-ness.  They used Youtube to show you how to perform various tasks in their on-line banking account.    They had even taken our customer awareness training PowerPoint to the next level, and offered security tips to their customers via social media.

I did a complete 180.

At least I admitted my short-sighted stupidity.  And at least I have a stellar team that can turn on a dime like me.  We set up two infotex twitter accounts (vigilize and infotexnow), our infotex Facebook page, our my.infotex.com blog (which is where this article originates), etc.  We created a “design probe social media kit” and had an attorney review the templates and boilerplates in it.  From that process we published our Social Media Policy Set and have received many kudos and accolades because of it.  We even created a guidelines document for management team members, which is now in the policy set, as well as a tools page that will help you find decent social media management tools. Though we were late to recognize the power of Social Media, so was most of the other professionals in our field, and we were at least quick to act once we pulled our head out of the sand.

But that was still 2009.

It wasn’t until 2010 that the usage of Social Media EXPLODED.  In 2010 Facebook became phenomena not only for young people, but also for grandparents and adults like me.  In 2010, my Facebook visits went from maybe one per month to one per week to one per day to where it is now, which is about half as often as I check email.

We all know the benefits of Facebook.  We can keep up with our family and friends without having to spend a lot of time doing it.

And interestingly, clients who said to leave Social Media out of my user-level Security Awareness Training in early 2010 are asking me to focus on it just a year later.  Where in March 2010 I would typically dedicate about five minutes of my talk to the dangers of social media, now my presentations include around 45 minutes of slides about checking privacy settings on social media, the Kevin Bacon game and why friends-of-friends is really public, and why you would probably get fired if you yelled something negative about the bank in a crowded restaurant.

Banks are now using social media . . . . primarily Facebook for now . . . as an excellent marketing tool to build loyalty, solve customer problems, advertise events, brand themselves, teach customers how to change their ATM pin, provide customer awareness training, and just have a regular good time.  Bank employees are cautioned not to advertise loan rates by answering simple questions, to refrain from putting anything about the bank that you wouldn’t put in a normal resume, and remember that anything they post on their own accounts could get them in trouble with the bank.

So I admitted it.  I got it off my chest.  I’m not proud of my stance on social media, but I’m past it as well.   And as far as downloading pictures of Dani’s college experience?  Why bother, when I can always log onto Facebook to see them!

And as I plod through time as an Information Systems Auditor, I now wonder what other new technologies are resulting in: “Don’t allow it, don’t worry about it, it’s a fad that will soon go away?”


Founder and President, Infotex


“Dan’s New Leaf” is a “fun blog to inspire thought in the area of IT Governance.”

Latest News
    Artificial intelligence carries risk, but so does organic ignorance … Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . At a recent conference, I noticed two camps emerging in the debate over artificial intelligence. Some people embrace AI as a tool, while others support Elon […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS NEW EMPLOYEE FOR INFOTEX We are pleased to announce the appointment of Nathan Taylor as our new Network Administrator at infotex.  “We are very excited to have Nathan join our team as a Network Administrator and look forward to his contributions to maintaining and improving our infrastructure!” […]
    about artificial intelligence . . . And who will protect us from it . . .  Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Just watched some press on the the Senate hearings over regulating AI. The normal senator faces, Sam Altman of OpenAI, […]
    The Evolution of an Inside Term Used in our Vendor Risk Report Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Those who audit infotex know that our vendor risk report refers to a couple of our providers as “ransomware companies.” This reference started evolving […]
    Another awareness poster for YOUR customers (and users). Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape) You are welcome to print out and distribute this around your […]
    New tools could allow unskilled attackers to launch increasingly sophisticated attacks… An article review. Imagine a world where you receive a call from your boss asking you to assist them with something… only it’s not your boss, but an AI being used by an attacker.  This isn’t science fiction, it’s an actual attack that has […]
    Unavailability Strikes Where it doesn’t matter anyway Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . So, I’m writing today’s article from a resort in the middle of Wisconsin.  I want to make sure I’m staying on top of my New Leaf, which is to […]
    . . . and the importance of segregated response. The latest edition of Executive Vice President, Michael Hartke’s article series! In 2007 when I first joined infotex, coming from small to medium sized business general IT support into the world of cybersecurity, the one thing that was very hard for me to internally rectify was […]
    How concerts can help us understand APTs . . . Especially if you use your imagination! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . My daughter reminded me of a concert Stacey and I attended way back in 2013, in Chicago.  It was one […]
    Mutiny! The Malicious Insider Threat Webinar Registration A Webinar-Video It is often awkward to bring up the one attack vector most of us have not addressed. The malicious insider threat. Even if we can flaunt all statistics and claim that the likelihood of an insider attack is low in our bank, the impact is still […]