(Information for this article was provided by Anna Lubansky, Eide Bailly Technology Consulting Security Consultant)
A recent Bank Technology News article warns about the risks that spoofed social media sites can have not only on a financial institution’s brand and reputation, but also on their ability to comply with GLBA and FFIEC guidance to manage security breaches, which fake social media sites are considered to fall within the realm of.
The article states auditors are starting to question institutions about the social media policies and procedures they have in place, and who the bank has designated to coordinate those policies. As such, consultants interviewed for this article encourage institutions to:
-
Establish a presence quickly on new social media platforms to beat claim jumpers and counter negative commentary.
- Have a plan in place to quickly identify and address spoofed websites, social media pages, and/or or fake fan pages.
- Use alerts and other tools to monitor changes in social media and the sentiment of postings and discussions about the bank.
- Designate a response team that includes senior management representation, including those from IT, information security, compliance and marketing, with a direct line of communication to the board of directors.
- Outline procedures for: evaluating the situation; notifying the FBI and other LEAs about a possible security breach, removing the fake social media page, communicating with customers about the threat, and testing the response plan for various scenarios.
- Educate customers, employee, management and board members about the risks of social media.
