 |
Blogs, Social Networks Open Access to Bank
Accounts
By John Jaser,
Internet Services Manager |
|
The Pogo principle is alive and well in
the Internet security world. You might
remember the friendly cartoon alligator
and his smiling exhortation, “We have
met the enemy and he is us!”
Bankers, web sites, and countless
security-minded businesses have warned
their customers repeatedly and even
forcefully that they should withhold
their personal information from the
general public. Yet a recent Computer
World article pointed to a simple Google
search of MySpace Inc.'s popular social
networking site that turned up thousands
of maiden and pet's names.
Could we make it any easier for the
cyber thieves?
Not long ago, this column warned of the
potential for fraud in Instant Messenger
applications.
|
 |
At the time, the thrill of
anywhere/anytime chat trumped all caution until
downloads of screensavers and other IM tidbits
resulted in wholesale hard drive wipe-outs. At
banks, the specter of regulatory scrutiny
deflated the Instant Messenger bubble for good.
What’s going to stop the blog and MySpace
babble? Certainly not fraud. For all the noise
about TJX and other cyber-fraud targets,
consumers kept swiping their cards at
Marshall’s. No, it’s regulatory pressure.
Expect the following questions in your
soon-to-come regulatory exams: Do you or your
staff participate in online blogs or social
networking sites? Does your bank monitor staff
blog and MySpace posts? What reporting can the
bank demonstrate to prove that its staff does
not reveal non-public customer information in a
blog, MySpace, or LinkedIn?
Sticky questions! But relevant for today’s
banker who cannot help but see these online
vehicles as holes drilled into the framework of
privacy and security so carefully cultivated
over the years.
By now, bankers should be well prepared to
handle the next hot communications technology.
After all, we have seen the hype and subsequent
crash many times before. Email, web sites, login
pages and Instant Messenger have all planted
stars in our eyes only to be replaced by the
perennial queasy question, “How are we going to
get out of this one?”
It’s time we figured security into each
communications channel from the beginning.
Blogs? MySpace? LinkedIn? The answer should be
no. Employees shouldn’t be there, and they
should understand the reasons why. That way they
can communicate those reasons to your customers.
The following should help your bank get
started:
-
Family names and other data posted on sites
like MySpace, Facebook and LinkedIn can be
used to reset personal passwords. Bank staff
and customers should be discouraged from
using them.
-
Hold seminars to show customers how to hide
personal information on blogs and social
networking sites. Facebook has several
options to prevent their personal
information from appearing online. Recommend
that your social networking customers use
these options to protect their identities
from ‘friends’ and more importantly,
‘friends of friends.
-
Develop email and other communications to
impress upon your customers that revealing
personal information through blogs and
social networking sites is dangerous to
their financial health.
-
Bankers know from experience that these
measures won’t stop all identity theft or
prevent customers from revealing personal
information on-line. But starting the
conversation and establishing firm policies
with your employees is a good first step in
holding back this fresh tide of
self-inflicted identity theft.
|
