FFIEC Guidance published on December 11, 2013 and effective immediately, addresses mounting risk factors facing financial institutions related to social media. The FFIEC states that all financial institutions should effectively assess and manage risks associated with all activities conducted via social media platforms. These risks include compliance risk, legal risk, reputation risk, and operational risk
Financial institutions need to have risk management programs in place with strong proactive monitoring, response, and reporting capabilities in order to comply with this Guidance. Monitoring is the foundation for any risk-management approach regarding social media. Financial institutions need clear and reliable visibility to identify when their brand has been mentioned on a social media platform and have the tools to adequately respond when appropriate. Below are a few takeaways from the Guidance:
1: Choose Vendors that Monitor (and Remove Threats) Beyond Facebook and Twitter
Social media is defined, in the context of the Guidance, as “a form of interactive online communication in which users can generate and share content through text, images, audio, and/or video.” When viewed through this lens, social media extends well beyond Facebook and Twitter, and financial institutions must choose vendors that can monitor more than these two platforms. Also, while most vendors monitor threats very few have the ability to actually remove them (see Monitoring vs. Removing Threats).
Forms of social media mentioned in the Guidance include:
- Micro-blogging sites (e.g. Facebook, Twitter, and Google Plus)
- Customer review web sites and bulletin boards (e.g. Yelp)
- Professional networking sites (e.g. LinkedIn)
- Virtual worlds (e.g. Second Life)
- Social games (e.g. FarmVille)
2: Even Financial Institutions Inactive on Social Media Require Monitoring
Protecting brand identity in the context of social media can be problematic, since it is relatively easy for fraudsters to impersonate communications, create fake social media users, and masquerade as legitimate financial institutions. Without proper monitoring tools in place, social media provides ample ground for fraudsters to use financial institutions’ trusted brands to successfully execute phishing and spoofing attacks. The FFIEC recommends that all financial institutions adopt social media monitoring tools and techniques to identify heightened risks and respond appropriately.
This is true for financial institutions that choose to actively participate in social media, but also those that do not choose to actively participate due to the open nature of social media platforms and relative ease of impersonation and targeting.
3: Social Media Can Facilitate Account Takeover
Social media platforms are vulnerable to account takeover and the spreading of malware. Financial institutions must have strategies in place to safeguard their sensitive information and protect their systems, and also have incident response protocols in place to eliminate these threats.
Obtain Visibility into All Forms of Social Media and Rapidly Respond to Incidents
Easy Solutions unveiled a new Brand Intelligence component to Detect Monitoring Service (DMS) in early 2013. DMS provides full social media monitoring, auditing, and threat removal not just for Facebook and Twitter, but news sites, hundreds of thousands of blogs, and forums.
Through monitoring with real-time alerts, response services, and full data retention for each individual event, DMS helps financial institutions address each type of risk defined in the Guidance. DMS is cloud-based, easy to deploy, and suitable for financial institutions of all sizes, with a convenient management portal that has full reporting capabilities and retention for back-end audit purposes.
Monitoring vs. Removing Threats
While many electronic fraud prevention vendors have the ability to monitor threats, very few have a platform that allows them to remove the threat from the Internet. A stand-alone monitoring service is valuable but it only solves one side of the equation and can hardly be called a fraud prevention strategy. DMS not only solves both sides of the equation by detecting and removing the attack but can do so in industry record time.
To learn more about DMS Brand Intelligence and how it can help protect your financial institution on social media and comply with the new FFIEC Guidance, please visit our website or download our Brand Intelligence Whitepaper by clicking here. We are also offering free trials of the service for 30 days to organizations that are ready to start proactively eliminating threats targeting their brand via social media.