LinkedIn has become one of the riskiest social media platforms, as it enables users to share deeply personal and relevant business information without authorisation. Research reveals it is also the most impersonated brand for phishing attacks.
In addition, bad actors are able to impersonate employees, and gain trust and access to information which can potentially put a company’s reputation on the line if an employee posts libellous or unpleasant content.
To illustrate this point, hackers leaked the data from 500 million LinkedIn users in February 2021. Hot on the heels of that breach in June of the same year, more than 700 million LinkedIn users had their data leaked and put up for sale. In June this year, the FBI said that the fraud on LinkedIn posed a significant threat to the platform and its users.
It isn’t the place
Stephen Osler, co-founder and business development director at Nclose, says most people understand that social media isn’t the place to put personal information or sensitive credentials.
However, LinkedIn introduces a very different dynamic as it’s geared around sharing certain personal information more related to company insights, and career-related data, he explains. Threat actors can use all these slices of information to impersonate people. If they do this well, they can gain access to information that can do immeasurable damage to both companies and their employees.
Osler says the way information sourced by someone impersonating an employee could be used to infiltrate the organisation itself is another concern.
An attacker could use personal details, passwords, and other shared data to enter the primary system and wreak havoc. They could also use the information for extortion, by stealing the account and demanding a ransom to release it.
A false sense of security
“Users often perceive LinkedIn as safe and this introduces a false sense of security – it’s a business-focused platform, surely that makes it secure?” says Osler.
Another significant risk, is that the credentials people use to access social media are often the same as they use to log into the business. Osler says this happens because the credentials provided to them by the business are designed to be secure, and because people don’t want to remember hundreds of different passwords.
As a result, if LinkedIn passwords get compromised then organisations are at risk of being compromised too.
Enforce password policy
“To mitigate this problem, ensure that people posting on behalf of the business follow the same password policy as they do when operating within the business,” says Osler.
“Then, introduce training within the company that underscores the importance of not using business credentials anywhere else, especially not on social media. Finally, if you have a business account on LinkedIn, don’t accept connections from everyone – you need to vet all connections to ensure that you’re not adding credibility to a hacker by adding them to your network.”
In ending, he says as the world of social media evolves and changes, companies need to adapt and change too.
“Security must remain a priority across all aspects of social media engagement, and even though few companies are fans of introducing constraints on personal freedom, safeguards do need to be put in place to protect other employees and the business as a whole.”
Share