Join CoNetrix for a six-part webinar training series for Information Security Officers (ISOs).
Learn More

Registering Your Bank on Social Networks

Publication: The Colorado Banker, January/February 2011

In the 1990s, we learned about the value of Internet real estate. Many banks, not foreseeing the significance of an Internet presence, did not register their domain names in time to secure an ideal one. The effects of this are still with us today. While it is debatable whether social networking sites such as Facebook or Twitter will have business value to banks, the popularity of these sites is growing at a much quicker rate than the Internet did a couple of decades ago, and social networking domains are being reserved at an staggering rate.

To ensure your bank secures the most ideal "domain name", you should consider registering your bank on various social networking sites. Here are some steps to assist with that process for a few of the most popular social networking sites:

Facebook

Before you can register a Facebook domain, you must first create the business’s Facebook page and have at least 25 "fans." To register a domain on Facebook, (for example, facebook.com/bankname), go to facebook.com/username. You must be an administrator of the page to register the name. The name can contain only alphanumeric characters (A-Z, 0-9) or a period. Be careful when selecting a username as they are not transferable and cannot be changed. It is usually wise to use a period where there would normally be a space when creating your username. For example, a good username for First State Bank is "First.State.Bank." In this case, both facebook.com/FirstStateBank and facebook.com/First.State.Bank would work. Many banks choose to use their Internet domain name as their username.

Twitter

To register a Twitter domain (for example, twitter.com/bankname), go to twitter.com/signup. Whatever you enter in the "username" field will become the "handle" or domain name for Twitter. Note: Twitter does not allow name squatting, so if your bank name has already been registered by an illegitimate party, you can contact Twitter to get it released.

LinkedIn

Most banks already have company pages on LinkedIn. To determine if your bank is on LinkedIn or to add your bank, go to linkedin.com/companies. To edit or create a company page, you must login using a valid bank email address.

Risk Management before Registering

Due diligence and appropriate risk management must be considered as a part of a bank's overall Social Network strategic plan. Before you register your bank on these social networking sites, consider these threats in your risk assessment process:

Information Security Risk: Phishing and pharming attacks are increasing on social networking sites. How will the bank protect customers and employees from these new sophisticated threats?

Footprinting and Information Gathering: If you create and maintain a business social networking page for your bank, you will likely have your employees and customers "follow," "like" or become "fans" of the page, thereby potentially providing a list of your customers and employees to everyone on the Internet. How will the bank prevent cybercriminals from harvests and using this information maliciously?

Reputation Risk: Who is going to manage and monitor the social networking site, and what policies need to be in place to define controls?

Strategic Risk: How does social networking fit in with the bank’s strategic plan?

Compliance Risk: Who will monitor compliance with bank policies and regulatory guidance?

Privacy Risk: How will the bank maintain privacy in a "social" environment?

In summary, whether you choose to register one or more social networking "domain names" today or not, you must not ignore the opportunity and risk associated with these popular sites. At a minimum, all banks should:

  1. Get educated on the benefits of social networking sites;
  2. Conduct a formal risk assessment on the risks of social networking sites;
  3. Make a plan that, at a minimum, includes monitoring;
  4. Create policies to define the bank's stance on the use of social networking sites; and
  5. Repeat this cycle, at least quarterly, since social networking sites change often.

Written By
Russ Horn

Russ Horn found a passion for technology at an early age, programing and playing on a Commodore 64.  He went on to earn a B.A. in Mathematics and an M.S. degree in Management Information Systems. He spent time as a network administrator, systems analyst, university instructor, and IT Auditor prior to serving as President for CoNetrix.  Along with his interest in technology and cybersecurity, Russ is a husband, father, and runner.