About Us | Contact Us
View Cart

Don’t allow it, don’t worry, it’s a fad that will soon go away . . . . NOT!

By Dan Hadaway | Wednesday, March 30, 2011 - Leave a Comment

I admit it.  I was one of the security professionals that stuck my head in the sand.

As I take great pride in not sticking my head in the sand, I have to wonder which part of my exposed body stood out most to Generation Y people who quietly smiled inside when I would say “don’t allow it, don’t worry, it’s a fad that will soon go away.”

Just last night I spent about forty-five minutes of a two-hour talk on the subject of Facebook.  While driving home from the occasion, I reflected on the history of Social Media in community banking and felt maybe I should use this as an opportunity to update Dan’s New Leaf.

Facebook was launched in 2004, and by the time my daughter Dani went to college in 2007, every new student at Indiana University was signing up for Facebook as part of their orientation.   As nervous parents watching our daughter grow up, I didn’t think much about Facebook then.  I figured it was just a fad.

But within a couple of months I had a Facebook account, only because my demands for Dani to send us pictures regularly (after all, we bought her a shiny new digital camera for her graduation present) were met with “how about I post them on Facebook.”  Being one who didn’t like tying up e-mail with heavy attachments, I enjoyed the ability to download pictures from Dani’s college experience.  I always remember my first wall post, which went something like “the only reason I’m here is so I can get pictures from Dani’s college experience.”

I’m not writing about this to brag that hey, I was on Facebook way back in 2007.  Instead, I’m writing to say that even though I had the ABILITY to see the power of Facebook, my ATTITUDE still caused a standard reaction when clients would ask about it:  “Don’t allow it, don’t worry, it’s a fad that will soon go away.”  Unfortunately I held that position until 2009, when I realized not only is social media NOT going away, but the risks to banks aren’t as much in their own Facebook sites, which can be controlled, but moreover the risk is in the way bank employees use their own social media tools WHILE AT HOME.

And even that belief was wrong.  At least in 2007, social media use was predominantly still at home.  But by 2009 the use of social media became a mobile thing-to-do with our shiny new smart phones.  This compounded the risk even more, as bank employees could now tweet their disgruntlement with that last rude customer, in real time, from the teller line.

I look back now and wonder why I didn’t see this coming.  By 2008 I had signed up for LinkedIn and created the Infotex page primarily because my geek friends and clients were demanding that I do so.  At first I would send a message back saying “I’m not really into social networking, do I have to?”  But when the people inviting me to be their connection on LinkedIn were my clients, I could no longer resist.

And as a LinkedIn user, I saw the risks right there.  I saw people being endorsed by middle managers from the same bank that fired them.  I connected to a head-hunter who then went after my own employees.  I saw the ability for us to leverage social media in our own pretext calling on Clients.  All this is why I started saying “don’t allow it, don’t worry, it’s a fad that will soon go away.”  I wrote an article for a trade magazine (that will go unnamed in 2008.)  The magazine was interested at first, but when I raised issues about people using LinkedIn at work to network and find jobs somewhere else, the publisher understandably got cold feet, worrying that the article would be too controversial.   The words of the publisher (I just dug out the email to confirm) were “this article could put us in an awkward position with our readership.”

In 2009 I audited a bank that had a Facebook page and though I was relishing the opportunity to slam them with a list of deficiencies they had actually done a GREAT job of leveraging the technology.  They made the page exude their community-ness.  They used Youtube to show you how to perform various tasks in their on-line banking account.    They had even taken our customer awareness training PowerPoint to the next level, and offered security tips to their customers via social media.

I did a complete 180.

At least I admitted my short-sighted stupidity.  And at least I have a stellar team that can turn on a dime like me.  We set up two infotex twitter accounts (vigilize and infotexnow), our infotex Facebook page, our my.infotex.com blog (which is where this article originates), etc.  We created a “design probe social media kit” and had an attorney review the templates and boilerplates in it.  From that process we published our Social Media Policy Set and have received many kudos and accolades because of it.  We even created a guidelines document for management team members, which is now in the policy set, as well as a tools page that will help you find decent social media management tools. Though we were late to recognize the power of Social Media, so was most of the other professionals in our field, and we were at least quick to act once we pulled our head out of the sand.

But that was still 2009.

It wasn’t until 2010 that the usage of Social Media EXPLODED.  In 2010 Facebook became phenomena not only for young people, but also for grandparents and adults like me.  In 2010, my Facebook visits went from maybe one per month to one per week to one per day to where it is now, which is about half as often as I check email.

We all know the benefits of Facebook.  We can keep up with our family and friends without having to spend a lot of time doing it.

And interestingly, clients who said to leave Social Media out of my user-level Security Awareness Training in early 2010 are asking me to focus on it just a year later.  Where in March 2010 I would typically dedicate about five minutes of my talk to the dangers of social media, now my presentations include around 45 minutes of slides about checking privacy settings on social media, the Kevin Bacon game and why friends-of-friends is really public, and why you would probably get fired if you yelled something negative about the bank in a crowded restaurant.

Banks are now using social media . . . . primarily Facebook for now . . . as an excellent marketing tool to build loyalty, solve customer problems, advertise events, brand themselves, teach customers how to change their ATM pin, provide customer awareness training, and just have a regular good time.  Bank employees are cautioned not to advertise loan rates by answering simple questions, to refrain from putting anything about the bank that you wouldn’t put in a normal resume, and remember that anything they post on their own accounts could get them in trouble with the bank.

So I admitted it.  I got it off my chest.  I’m not proud of my stance on social media, but I’m past it as well.   And as far as downloading pictures of Dani’s college experience?  Why bother, when I can always log onto Facebook to see them!

And as I plod through time as an Information Systems Auditor, I now wonder what other new technologies are resulting in: “Don’t allow it, don’t worry about it, it’s a fad that will soon go away?”

————————-

Dan Hadaway CRISC, CISA, CISM
Founder and President, Infotex

————————-

“Dan’s New Leaf” is a “fun blog to inspire thought in the area of IT Governance.”

Latest News
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    The joint cybersecurity advisory includes the 15 most exploited vulnerabilities reported in 2021… An article review.  While a lot of attention is focused on previously undisclosed or “zero day” attacks, some of the most likely attack vectors are vulnerabilities that have been widely known for weeks or even months.  That’s according to a new joint […]
    Threats are changing, EDR can help us adapt . . . Today’s advanced persistent threat (APT) understands that the IT landscape has changed. In the post-COVID age, more and more organizations have adopted some form of work from home.  While WFH offers many conveniences, it also imparts increased risks. BitSight conducted a 2021 study of […]
    The Five Precepts of IT Vendor Management Webinar-Movie We’re going back to basics on Vendor Management. This webinar will give you a training tool to help out that new person that is starting to take on the gargantuan task that is Vendor Management.
    A new way of helping people “read” new guidance… Look for more in the future! To save you time, we are proud to present “Adam Reads” . . . recorded versions of our Guidance Summaries! Below you can find an embedded player for the audio file. If you are having issues with that working, you […]
    You think you’ve finally found stability in your to-do list. Your goals are set, and you’re even making great progress on them all. Audit findings: all addressed. Management requests: Under control. Heck, you might even be able to leave the office five minutes early at least once this year. Then BAM! A press release from […]
    Software Bill of Materials (SBOMs) are becoming more and more important. . . We are all very familiar with one aspect of the software supply chain – updates.  New features, bug fixes, and performance upgrades are a regular occurrence to any device’s lifecycle, however what if these kinds of updates also include deliberately malicious code? […]
    Another awareness poster for YOUR customers (and users).  Now that we have our own employees aware, maybe it’s time to start posting content for our customers! Check out posters.infotex.com for the whole collection! Download the large versions here: Awareness Poster (Portrait) Awareness Poster (Landscape)   You are welcome to print out and distribute this around […]
    According to a new survey, more organizations than ever are reporting problems with cybersecurity staffing… An article review. While pandemic related mandates and restrictions are gradually being lifted across the country, many organizations are still feeling the effects in one important area: staffing.  That’s according to ISACA’s annual State of Cybersecurity survey, which asked over […]
    Understanding Banking Trojans… Another Technical Article by Tanvee Dhir! What are Banking Trojans? A trojan is a malicious program that masquerades as a genuine one. They are often designed to steal sensitive information from users (login passwords, account numbers, financial information, credit card information, etc.). A banking trojan is a malicious computer program designed to […]