Registering Your Bank on Social Networks

By: (CISA, CISSP, CRISC)

Publication: The Colorado Banker , January/February 2011

In the 1990s, we learned about the value of Internet real estate. Many banks, not foreseeing the significance of an Internet presence, did not register their domain names in time to secure an ideal one. The effects of this are still with us today. While it is debatable whether social networking sites such as Facebook or Twitter will have business value to banks, the popularity of these sites is growing at a much quicker rate than the Internet did a couple of decades ago, and social networking domains are being reserved at an staggering rate.

To ensure your bank secures the most ideal "domain name", you should consider registering your bank on various social networking sites. Here are some steps to assist with that process for a few of the most popular social networking sites:

Facebook

Before you can register a Facebook domain, you must first create the business’s Facebook page and have at least 25 "fans." To register a domain on Facebook, (for example, facebook.com/bankname), go to facebook.com/username. You must be an administrator of the page to register the name. The name can contain only alphanumeric characters (A-Z, 0-9) or a period. Be careful when selecting a username as they are not transferable and cannot be changed. It is usually wise to use a period where there would normally be a space when creating your username. For example, a good username for First State Bank is "First.State.Bank." In this case, both facebook.com/FirstStateBank and facebook.com/First.State.Bank would work. Many banks choose to use their Internet domain name as their username.

Twitter

To register a Twitter domain (for example, twitter.com/bankname), go to twitter.com/signup. Whatever you enter in the "username" field will become the "handle" or domain name for Twitter. Note: Twitter does not allow name squatting, so if your bank name has already been registered by an illegitimate party, you can contact Twitter to get it released.

LinkedIn

Most banks already have company pages on LinkedIn. To determine if your bank is on LinkedIn or to add your bank, go to linkedin.com/companies. To edit or create a company page, you must login using a valid bank email address.

Risk Management before Registering

Due diligence and appropriate risk management must be considered as a part of a bank's overall Social Network strategic plan. Before you register your bank on these social networking sites, consider these threats in your risk assessment process:

Information Security Risk: Phishing and pharming attacks are increasing on social networking sites. How will the bank protect customers and employees from these new sophisticated threats?

Footprinting and Information Gathering: If you create and maintain a business social networking page for your bank, you will likely have your employees and customers "follow," "like" or become "fans" of the page, thereby potentially providing a list of your customers and employees to everyone on the Internet. How will the bank prevent cybercriminals from harvests and using this information maliciously?

Reputation Risk: Who is going to manage and monitor the social networking site, and what policies need to be in place to define controls?

Strategic Risk: How does social networking fit in with the bank’s strategic plan?

Compliance Risk: Who will monitor compliance with bank policies and regulatory guidance?

Privacy Risk: How will the bank maintain privacy in a "social" environment?

In summary, whether you choose to register one or more social networking "domain names" today or not, you must not ignore the opportunity and risk associated with these popular sites. At a minimum, all banks should:

  1. Get educated on the benefits of social networking sites;
  2. Conduct a formal risk assessment on the risks of social networking sites;
  3. Make a plan that, at a minimum, includes monitoring;
  4. Create policies to define the bank's stance on the use of social networking sites; and
  5. Repeat this cycle, at least quarterly, since social networking sites change often.