About Us | Contact Us
View Cart

Don’t allow it, don’t worry, it’s a fad that will soon go away . . . . NOT!

By Dan Hadaway | Wednesday, March 30, 2011 - Leave a Comment

I admit it.  I was one of the security professionals that stuck my head in the sand.

As I take great pride in not sticking my head in the sand, I have to wonder which part of my exposed body stood out most to Generation Y people who quietly smiled inside when I would say “don’t allow it, don’t worry, it’s a fad that will soon go away.”

Just last night I spent about forty-five minutes of a two-hour talk on the subject of Facebook.  While driving home from the occasion, I reflected on the history of Social Media in community banking and felt maybe I should use this as an opportunity to update Dan’s New Leaf.

Facebook was launched in 2004, and by the time my daughter Dani went to college in 2007, every new student at Indiana University was signing up for Facebook as part of their orientation.   As nervous parents watching our daughter grow up, I didn’t think much about Facebook then.  I figured it was just a fad.

But within a couple of months I had a Facebook account, only because my demands for Dani to send us pictures regularly (after all, we bought her a shiny new digital camera for her graduation present) were met with “how about I post them on Facebook.”  Being one who didn’t like tying up e-mail with heavy attachments, I enjoyed the ability to download pictures from Dani’s college experience.  I always remember my first wall post, which went something like “the only reason I’m here is so I can get pictures from Dani’s college experience.”

I’m not writing about this to brag that hey, I was on Facebook way back in 2007.  Instead, I’m writing to say that even though I had the ABILITY to see the power of Facebook, my ATTITUDE still caused a standard reaction when clients would ask about it:  “Don’t allow it, don’t worry, it’s a fad that will soon go away.”  Unfortunately I held that position until 2009, when I realized not only is social media NOT going away, but the risks to banks aren’t as much in their own Facebook sites, which can be controlled, but moreover the risk is in the way bank employees use their own social media tools WHILE AT HOME.

And even that belief was wrong.  At least in 2007, social media use was predominantly still at home.  But by 2009 the use of social media became a mobile thing-to-do with our shiny new smart phones.  This compounded the risk even more, as bank employees could now tweet their disgruntlement with that last rude customer, in real time, from the teller line.

I look back now and wonder why I didn’t see this coming.  By 2008 I had signed up for LinkedIn and created the Infotex page primarily because my geek friends and clients were demanding that I do so.  At first I would send a message back saying “I’m not really into social networking, do I have to?”  But when the people inviting me to be their connection on LinkedIn were my clients, I could no longer resist.

And as a LinkedIn user, I saw the risks right there.  I saw people being endorsed by middle managers from the same bank that fired them.  I connected to a head-hunter who then went after my own employees.  I saw the ability for us to leverage social media in our own pretext calling on Clients.  All this is why I started saying “don’t allow it, don’t worry, it’s a fad that will soon go away.”  I wrote an article for a trade magazine (that will go unnamed in 2008.)  The magazine was interested at first, but when I raised issues about people using LinkedIn at work to network and find jobs somewhere else, the publisher understandably got cold feet, worrying that the article would be too controversial.   The words of the publisher (I just dug out the email to confirm) were “this article could put us in an awkward position with our readership.”

In 2009 I audited a bank that had a Facebook page and though I was relishing the opportunity to slam them with a list of deficiencies they had actually done a GREAT job of leveraging the technology.  They made the page exude their community-ness.  They used Youtube to show you how to perform various tasks in their on-line banking account.    They had even taken our customer awareness training PowerPoint to the next level, and offered security tips to their customers via social media.

I did a complete 180.

At least I admitted my short-sighted stupidity.  And at least I have a stellar team that can turn on a dime like me.  We set up two infotex twitter accounts (vigilize and infotexnow), our infotex Facebook page, our my.infotex.com blog (which is where this article originates), etc.  We created a “design probe social media kit” and had an attorney review the templates and boilerplates in it.  From that process we published our Social Media Policy Set and have received many kudos and accolades because of it.  We even created a guidelines document for management team members, which is now in the policy set, as well as a tools page that will help you find decent social media management tools. Though we were late to recognize the power of Social Media, so was most of the other professionals in our field, and we were at least quick to act once we pulled our head out of the sand.

But that was still 2009.

It wasn’t until 2010 that the usage of Social Media EXPLODED.  In 2010 Facebook became phenomena not only for young people, but also for grandparents and adults like me.  In 2010, my Facebook visits went from maybe one per month to one per week to one per day to where it is now, which is about half as often as I check email.

We all know the benefits of Facebook.  We can keep up with our family and friends without having to spend a lot of time doing it.

And interestingly, clients who said to leave Social Media out of my user-level Security Awareness Training in early 2010 are asking me to focus on it just a year later.  Where in March 2010 I would typically dedicate about five minutes of my talk to the dangers of social media, now my presentations include around 45 minutes of slides about checking privacy settings on social media, the Kevin Bacon game and why friends-of-friends is really public, and why you would probably get fired if you yelled something negative about the bank in a crowded restaurant.

Banks are now using social media . . . . primarily Facebook for now . . . as an excellent marketing tool to build loyalty, solve customer problems, advertise events, brand themselves, teach customers how to change their ATM pin, provide customer awareness training, and just have a regular good time.  Bank employees are cautioned not to advertise loan rates by answering simple questions, to refrain from putting anything about the bank that you wouldn’t put in a normal resume, and remember that anything they post on their own accounts could get them in trouble with the bank.

So I admitted it.  I got it off my chest.  I’m not proud of my stance on social media, but I’m past it as well.   And as far as downloading pictures of Dani’s college experience?  Why bother, when I can always log onto Facebook to see them!

And as I plod through time as an Information Systems Auditor, I now wonder what other new technologies are resulting in: “Don’t allow it, don’t worry about it, it’s a fad that will soon go away?”

————————-

Dan Hadaway CRISC, CISA, CISM
Founder and President, Infotex

————————-

“Dan’s New Leaf” is a “fun blog to inspire thought in the area of IT Governance.”

Latest News
    What you need to know for compliance coast-to-coast. Back in 2020 we posted an article containing links to data breach laws from each state, and it has proven to be one of our more popular posts.  Because laws surrounding the use (and abuse) of technology are always evolving, we thought it was worth taking another […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! In the spirit of October and Halloween we have put together a gallery of our “spooky” Awareness Posters at halloween.infotex.com. Use them to help decorate for the holiday! Check […]
    With nearly three in four people using third-party payment services tied to their bank accounts, the risk isn’t limited to your own policies and procedures… An article review. When working on cybersecurity awareness messages for your customers you may be inclined to focus on your own systems, but a new study on security in digital […]
    PRESS RELEASE – FOR IMMEDIATE RELEASE BUSINESS NEWS NEW EMPLOYEE FOR INFOTEX infotex is excited to announce that Cody Smith has joined the team as the newest Data Security Analyst. Cody holds several industry certifications (including the most recent: SSCP) as well as a B.S in Cyber Security & Information Assurance from Western Governors University. […]
    It’s all about protecting Customer information . . . In 1999 the Gramm-Leach-Bliley Act (GLBA) directed the Federal Deposit Insurance Corporation (FDIC) and other federal banking agencies to ensure that financial institutions have policies, procedures, and controls in place to prevent the unauthorized disclosure of customer financial information.  The FDIC and other federal banking agencies […]
    A Ghoulish Gallery! Just a few scary-themed Awareness posters from our collection, which you can see at posters.infotex.com! Below you will find both the vertical and horizontal versions of each of the posters, all you need to do is “right-click > “Save link as…” to download! Vertical 8.5″ x 11″ Format   Horizontal 11″ x […]
    What to Expect in an Annual Information Security Report to the Board Webinar-Movie Information security ranks as a top risk to financial institutions, both in terms of likelihood and overall impact. It is important that boards receive annual comprehensive reporting from management about the information security risks and incidents, and the actions taken to address […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    With the potential to break all existing forms of encryption, quantum computing poses a unique challenge… An article review. While quantum computing has been a buzzword for some time now the technology remains largely theoretical, with small scale proofs-of-concept that still suffer from serious limitations.  That hasn’t stopped security researchers from worrying about the technology’s […]
    A new way of helping people “read” new guidance… Look for more in the future! To save you time, we are proud to present “Adam Reads” . . . recorded versions of our Guidance Summaries! Below you can find an embedded player for the audio file. If you are having issues with that working, you […]