About Us | Contact Us
View Cart

Don’t allow it, don’t worry, it’s a fad that will soon go away . . . . NOT!

By Dan Hadaway | Wednesday, March 30, 2011 - Leave a Comment

I admit it.  I was one of the security professionals that stuck my head in the sand.

As I take great pride in not sticking my head in the sand, I have to wonder which part of my exposed body stood out most to Generation Y people who quietly smiled inside when I would say “don’t allow it, don’t worry, it’s a fad that will soon go away.”

Just last night I spent about forty-five minutes of a two-hour talk on the subject of Facebook.  While driving home from the occasion, I reflected on the history of Social Media in community banking and felt maybe I should use this as an opportunity to update Dan’s New Leaf.

Facebook was launched in 2004, and by the time my daughter Dani went to college in 2007, every new student at Indiana University was signing up for Facebook as part of their orientation.   As nervous parents watching our daughter grow up, I didn’t think much about Facebook then.  I figured it was just a fad.

But within a couple of months I had a Facebook account, only because my demands for Dani to send us pictures regularly (after all, we bought her a shiny new digital camera for her graduation present) were met with “how about I post them on Facebook.”  Being one who didn’t like tying up e-mail with heavy attachments, I enjoyed the ability to download pictures from Dani’s college experience.  I always remember my first wall post, which went something like “the only reason I’m here is so I can get pictures from Dani’s college experience.”

I’m not writing about this to brag that hey, I was on Facebook way back in 2007.  Instead, I’m writing to say that even though I had the ABILITY to see the power of Facebook, my ATTITUDE still caused a standard reaction when clients would ask about it:  “Don’t allow it, don’t worry, it’s a fad that will soon go away.”  Unfortunately I held that position until 2009, when I realized not only is social media NOT going away, but the risks to banks aren’t as much in their own Facebook sites, which can be controlled, but moreover the risk is in the way bank employees use their own social media tools WHILE AT HOME.

And even that belief was wrong.  At least in 2007, social media use was predominantly still at home.  But by 2009 the use of social media became a mobile thing-to-do with our shiny new smart phones.  This compounded the risk even more, as bank employees could now tweet their disgruntlement with that last rude customer, in real time, from the teller line.

I look back now and wonder why I didn’t see this coming.  By 2008 I had signed up for LinkedIn and created the Infotex page primarily because my geek friends and clients were demanding that I do so.  At first I would send a message back saying “I’m not really into social networking, do I have to?”  But when the people inviting me to be their connection on LinkedIn were my clients, I could no longer resist.

And as a LinkedIn user, I saw the risks right there.  I saw people being endorsed by middle managers from the same bank that fired them.  I connected to a head-hunter who then went after my own employees.  I saw the ability for us to leverage social media in our own pretext calling on Clients.  All this is why I started saying “don’t allow it, don’t worry, it’s a fad that will soon go away.”  I wrote an article for a trade magazine (that will go unnamed in 2008.)  The magazine was interested at first, but when I raised issues about people using LinkedIn at work to network and find jobs somewhere else, the publisher understandably got cold feet, worrying that the article would be too controversial.   The words of the publisher (I just dug out the email to confirm) were “this article could put us in an awkward position with our readership.”

In 2009 I audited a bank that had a Facebook page and though I was relishing the opportunity to slam them with a list of deficiencies they had actually done a GREAT job of leveraging the technology.  They made the page exude their community-ness.  They used Youtube to show you how to perform various tasks in their on-line banking account.    They had even taken our customer awareness training PowerPoint to the next level, and offered security tips to their customers via social media.

I did a complete 180.

At least I admitted my short-sighted stupidity.  And at least I have a stellar team that can turn on a dime like me.  We set up two infotex twitter accounts (vigilize and infotexnow), our infotex Facebook page, our my.infotex.com blog (which is where this article originates), etc.  We created a “design probe social media kit” and had an attorney review the templates and boilerplates in it.  From that process we published our Social Media Policy Set and have received many kudos and accolades because of it.  We even created a guidelines document for management team members, which is now in the policy set, as well as a tools page that will help you find decent social media management tools. Though we were late to recognize the power of Social Media, so was most of the other professionals in our field, and we were at least quick to act once we pulled our head out of the sand.

But that was still 2009.

It wasn’t until 2010 that the usage of Social Media EXPLODED.  In 2010 Facebook became phenomena not only for young people, but also for grandparents and adults like me.  In 2010, my Facebook visits went from maybe one per month to one per week to one per day to where it is now, which is about half as often as I check email.

We all know the benefits of Facebook.  We can keep up with our family and friends without having to spend a lot of time doing it.

And interestingly, clients who said to leave Social Media out of my user-level Security Awareness Training in early 2010 are asking me to focus on it just a year later.  Where in March 2010 I would typically dedicate about five minutes of my talk to the dangers of social media, now my presentations include around 45 minutes of slides about checking privacy settings on social media, the Kevin Bacon game and why friends-of-friends is really public, and why you would probably get fired if you yelled something negative about the bank in a crowded restaurant.

Banks are now using social media . . . . primarily Facebook for now . . . as an excellent marketing tool to build loyalty, solve customer problems, advertise events, brand themselves, teach customers how to change their ATM pin, provide customer awareness training, and just have a regular good time.  Bank employees are cautioned not to advertise loan rates by answering simple questions, to refrain from putting anything about the bank that you wouldn’t put in a normal resume, and remember that anything they post on their own accounts could get them in trouble with the bank.

So I admitted it.  I got it off my chest.  I’m not proud of my stance on social media, but I’m past it as well.   And as far as downloading pictures of Dani’s college experience?  Why bother, when I can always log onto Facebook to see them!

And as I plod through time as an Information Systems Auditor, I now wonder what other new technologies are resulting in: “Don’t allow it, don’t worry about it, it’s a fad that will soon go away?”

————————-

Dan Hadaway CRISC, CISA, CISM
Founder and President, Infotex

————————-

“Dan’s New Leaf” is a “fun blog to inspire thought in the area of IT Governance.”

Latest News
    As the investigation of the SolarWinds Hack was ongoing, another hack stole some of the limelight… This is the final update on the SolarWinds hack unless a major development comes to light. You can see the previous article here: “Autopsy of the SolarWinds Hack Update“. One of the largest cyber-espionage campaigns in the history of […]
    Employees working from home may find it more difficult to follow security policies… An article review. The surge in employees working from home during the pandemic created many headaches for IT departments around the world, many of whom had no telecommuting policies or procedures before the start… but what about the employees who had to […]
    A Webinar-Movie infotex presents the 2021 update of a previously released webinar presented by our Lead Non-Technical Auditor, Adam Reynolds. This movie-short is intended for those who are planning to participate in an infotex Incident Response Test. Not sure about the importance of an Incident Response Test? Check out onetest.infotex.com for more information! Please let […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS INFOTEX PROMOTES BRYAN BONNELL TO DIGITAL MEDIA MANAGER infotex, the Managed Security Service Provider, announced Bryan Bonnell’s promotion from Senior Data Security Analyst to Digital Media Manager.  “He will continue his normal DSA duties on a limited basis, because we want everybody to stay in touch with […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS RYAN HENSLER OF INFOTEX, EARNS CISSP CERTIFICATE Ryan Hensler, Senior NOC Associate of infotex, Inc., recently received the CISSP certification. “Ryan has proven himself to be a seasoned security professional both in his work for infotex and now through achieving this certification.” said Sean Waugh, Information Security Officer. […]
    Dubious app store subscriptions bring in hundreds of millions of dollars in revenue… An article review. When it comes to malicious applications you’re probably familiar with things like malware and ransomware, and you have ways to avoid them.  Modern desktop and smartphone operating systems have built-in malware detection tools, and some web browsers even automatically […]
    Another Manifesto A supply-chain manifesto by the author of Never Say Never: A Password Manifesto! Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . [Sssshh.  Turn out the lights.  Let’s lower our inner voices, as I have something to propose that might be a bit […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around your office.  
    While malware and security exploits continue to make headlines, the majority of reported security incidents involve phishing… An article review. With all the attention given recently to security incidents involving software exploits and high-profile malware attacks, it would be easy to believe that they represented the most likely incidents you may encounter in the wild.  […]
    Implementing Protective DNS could help your organization avoid attack… An article review. Noting the risks still associated with the Domain Name System (DNS), the National Security Agency and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released new guidance on the selection and use of a Protective DNS service (PDNS). The guidance, released in […]