Resources
Internet - Threats, Risk Mitigation
and Reputation Strategies
“The other side of the Coin”
Several best practices can be implemented by financial institutions in conjunction with brand protection techniques. These include the following:
- Understanding all the competing URLs (Uniform Resource Locators, more commonly known as Web addresses, also a means of locating that address) that exist, as well as when similar domain names come into play. (For example, First Bank of America could be falsely represented as First Banc of America.);
- Engaging the Internet Service Provider. It is also in their best interest to participate in risk mitigation activities and general enforcement of safe Internet practices. Service providers and registration firms don’t want the negative publicity, so work with global law enforcement agencies to block unauthorized links or Web sites;
- Establishing priorities. Risks vary greatly, so the key is discerning which are critical, which are moderate or which can be deferred to a later time;
- Creating an “abuse box” or implementing some other formal method for reporting infractions that is accessible to customers, business partners and associates;
- Understanding that the threat is global, which means enlisting a service that operates 24 x 7. The bad guys are everywhere and tend to locate in countries with no extradition policies should a case proceed to trial;
- Enlisting a third party. One can deal with the problem by Googling every name, or sound-alike name, but that can be labor-intensive. Or one can use a third-party that already has a comprehensive process in place and is able to do a broader sweep more quickly and cost-effectively, also eliminating the reporting of “false positives”;
- Security is obviously an IT function but mitigating reputational risk is everybody’s business. The IT security manager will likely be kept busy just trying to log infractions or incidents, while senior management needs to understand the big-picture issues while providing adequate resources and ongoing support;
- Please see examples in the Appendix
The bottom line is that smaller financial institutions need to socialize reputational risk at all levels (and departments) across the organization. Risk mitigation is at least initially a management issue, which means management needs to be aware of it first, then incorporate it into IT, and then ask how this can be implemented from a systems and process point of view.
Online brand protection is an emerging technology, and as such, will continue to evolve. New forms of misrepresentation on a Web site can and will occur. Even the act of blogging, where critics may have negative comments, can be perceived as a threat to an organization and could be looked as another area for potential risk mitigation.
Regardless of the threats – from reputations that are being tarnished, to damage to a firm’s brand, to loss of confidence among customers, business partners and investors – an institution’s brand image is one of the most valuable assets it can have and now tools are available to mitigate the risks posed by the Internet. As a banker once told me, “I can lose capital and people, but if I lose my reputation…I am done.”
About the Author:
Michael M. Kiefer, Senior Vice President, BrandProtect
A recognized network and security expert and IT and risk visionary, Mr. Kiefer brings more than 25 years of network, telephony, Internet and disaster recovery experience to his role at BrandProtect, where he is responsible for revenue growth and building out a world-class team.
Prior to joining BrandProtect, Mr. Kiefer had been involved in the development of four successful network and security technology startups. One of these ventures, SecurePipe, was acquired in 2006 by ATW Corp after he led the delivery of the institution’s outsourced network security solutions to over 1200 community institutions.
Previously, he was President of AVAYA North America and directed over twenty five percent of Cisco Systems Global Business. He regularly speaks about IS and related regulatory issues for the financial and technology industries, among others.