One of the key components of the Federal Financial Institutions Examination Council’s (FFIEC) new social media guidelines is a recommendation that banks, savings associations, credit unions, and other entities supervised by the Consumer Financial Protection Bureau have “an employee training program that incorporates the institution’s policies and procedures for official, work-related use of social media, and potentially for other uses of social media, including defining impermissible activities.”
Here are three reasons why having an educational program for employees that includes social media training is important for financial firms:
- Protect confidential information. Training employees how to effectively use social media for official, work-related purposes can help your institution achieve its marketing and customer service goals. It can also help protect your customer data and confidential business information. At one end of the spectrum are employees who offer or post customer account information for sale via social media websites for financial gain or retaliation against an organization. The more common problem, though, is employees who don’t realize that seemingly harmless posts about what is happening within an organization before it’s publicly announced could be used by competitors and criminals alike for unfair advantage. This might include information such as changes in management, mergers or acquisitions, or branches being closed.
- Reduce the likelihood of Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait.. Criminals are increasingly using social media for phishing scams targeting financial institutions’ employees and customers. A study published by Kaspersky Lab in June 2013 showed that phishing attacks soared from 19.9 million to 37.3 million in just one year, and financial services firms remain the most popular target. Bad actors use platforms like Twitter, Facebook, LinkedIn and others to post phishing links which millions of unsuspecting users then share with their friends, colleagues, and families, thus spreading them faster and more effectively than via traditional email scams.
- Help prevent social engineering attacks. Many people share personal details on social media sites, such as where they work, what their job titles are, and their corporate email addresses. Criminals can easily compile information from multiple social media platforms to launch successful spear-phishing attacks against bank employees. Once an employee has been compromised through spear-phishing, criminals can use this access to permeate the network and conduct advanced, persistent attacks which can enable them to extract mass amounts of customer and business data undetected over a long period of time.
Educational programs that teach employees how to avoid these threats are essential supplements to automated detection systems, and should be included in your plan for safeguarding your institution against the reputational risks and monetary losses caused by fraud resulting from these scams. The good news is that there are a number of resources for educating employees about using social media safely. In addition, anti-phishing solutions and response services can help financial firms fight fraud.