By John Jaser
How cute and cuddly is social media for banking? Not as sweet as the headlines claim for banks looking to attract new customers while protecting their personal information.
How do I dare speak contrary to popular wisdom, which claims that anyone can tweet their way to fame and fortune? Because the security risks are growing faster than the opportunities, and chatty tweets are loosening employee lips.
First, let’s start by addressing the opportunities in social media. Magazines and Web sites run articles that extol the virtues of tweets and blogs. These articles may stimulate circulation, but more as a curiosity than a positive return on investment. Have any companies actually gained enough new customers to warrant the expense of a full-blown social media effort? Everyone wants to know!
In the risk arena, we find social media now serve as a venue for phishers to trick the public into revealing their personal information. Malicious scripts are routinely planted in Facebook and Twitter profiles to infect friends and followers.
Twitter users recently received identical tweets from multiple users. On investigation, users found the suspicious tweets had been generated by a malicious script planted in Twitter profiles. Every time a user visited the affected profiles, the script infected the visitor’s profile, further spreading itself through the user’s followers.
Facebook users have learned to be wary about searching for information about viruses. Criminals have established fake Web sites to warn visitors about bogus threats, such as the “Facebook Fan Check Virus.” There, the Web site convinces visitors to buy useless anti-virus software and reveal their credit card details in the process.
This is one of many Facebook threats, which also include Koobface, mygener.im and Boface.BJ. More recent attacks come packed inside messages titled “Hello” and links to sites with names like “151.im” and “121.im.” Users who click those links will see convincing replica of Facebook’s login page. Unfortunately, they’ll be typing their ID and password into the hands of cyber criminals.
Beyond the risk of cyber crime are the risks posed by socially networked employees. The point of social media is chatting, but too often this innocent behavior reveals company secrets. More disturbing are employees who don’t care.
A recent Travelers’ survey of 2,000 American adults revealed that they regularly posted work-related information on social media Web sites. More disturbing is the 75 percent of those surveyed who said they were “not at all” or “not very concerned” about damage to their professional reputation as a result of their online activities.
I could go on and on. The point is that social media presents several flavors of risk. Threats embedded into pages, phishing and other criminal techniques that exploit the social engineering chat, and the unwitting slips of confidential information from employees.
Let’s face it – social media represents a brave new world. It could be a bonanza for people like Julie Powell, who got a book and movie contract by blogging about her year-long culinary journey through Julia Child’s cookbook. It could also be a bust for banks that get trashed by Facebookers with an axe to grind.
For banks, it’s best to offer an “official” Web site for marketing and general customer service. As for social media, banks should establish a firm policy forbidding employees from referencing work details on these sites.
Some employees may resist, claiming that details revealed on a social media site have little value. But I would counter that information never completely disappears from the Internet. Somebody somewhere has a use for chat, and that use may not benefit the bank.
Are the rewards of social media worth the risk? Some day they might be. But that day has yet to come.
John Jaser manages Internet Services and Security at Avon, CT-based COCC, Inc., (www.cocc.com), a 43-year-old firm specializing in outsourced information technology and support. He can be reached at firstname.lastname@example.org or at 860-678-0444.