Desktop version

Home arrow Sociology arrow The socially savvy advisor

IMPLICATIONS FOR ADVISORS AND ORGANIZATIONS

With that overview, now let's look at it from a financial advisor's perspective. “Bad actors or hackers often look to individual's devices – from computers to smartphones and tablets – as a way into larger networks,” Warrene points out.

While a social media account can be hacked, of greater concern is the way the breach may potentially provide access to the device – smartphone, laptop, tablet – that is used by its owner to enter and use the social media account. Access to the device can possibly lead to hacks into business networks, causing the leak of confidential data or, worse, infect many other systems on that network.

For an individual responding to an attack, it is essential to not only recover your account through the procedures available at the social network in question but to also have your device(s) analyzed to ensure there are not any remnants of an attack sitting dormant and waiting for later use.

Not only do individuals need to consider cyberdefense, so do institutions. From an organizational perspective, firms need to consider:

■ How they will provide access to social networks.

■ How they will manage the publishing workflow and handle engagement to those posts.

■ Detailed procedures for securing networks and individual devices, including the heuristic approach to sniffing out possible unpublished malware and attacks.

■ Recovery procedures for handling widespread compromise.

A CLOSER LOOK AT THE RISKS

McNicholas says, “Professionals have a duty to use robust security against both insider and outsider threats.”

As an example, when social media profiles reveal too much information, it can be used for social engineering or, worse, compromise client data. And the reverse can happen: An employee venting on Facebook that he must cancel his weekend plans because the “big deal” in the office must close by Tuesday can be devastating when The Street gets wind of it.

The Federal Financial Institutions Examination Council places the potential risks into three general categories: compliance and legal risks, reputation risks, and operational risks.[1] Here's what the agency says:

Compliance and Legal Risks

Compliance and legal risks are the possibility of enforcement actions and/ or civil lawsuits arising out of a financial institution's use of social media. Most regulations, consumer financial protection rules, and other laws do not provide exemptions where social media is used.

Reputation Risk

There's also the reputational risk arising from negative public opinion in connection with the use of social media.

Fraud and Brand Identity Risks – Financial institutions should consider using social media monitoring tools and methods to identify and respond to reputation risks that may arise. “Spoofs of institution communications, man-in-the-middle attacks, or other hacks that allow fraudsters to masquerade as the institution pose real risk,” says McNicholas.

Privacy Risks – A financial institution should have procedures in place to address risks from other social media users posting confidential or sensitive information on a financial institution's social media site or page.

Consumer Complaints and Inquiry Risks – Monitoring procedures should alert financial institutions to statements or complaints posted on social media sites.

Employee Use of Social Media Risks – Employee use of social media, both personally and at business, should be addressed through policies and training.

Third-Party Risks – An institution is directly responsible for monitoring its social media site, even if the functions are outsourced to a third party.

■ Operational Risk

Operational risk is defined as risk of loss from inadequate or failed processes, people, or systems, which can arise from a financial institution's use of information technology, including social media. Social media use makes firms particularly vulnerable to malware and account takeover, and it needs to be included in the firm's security incident response procedures.

  • [1] Federal Financial Institutions Examination Council, ffiec.gov.
 
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >

Related topics