In February 2021 the data of 500 million LinkedIn users was leaked by hackers, in June 2021 the data of more than 700 million LinkedIn users was leaked and offered for sale.
In June 2022, the FBI declared that fraud on LinkedIn posed a significant threat to the platform and its users.
The site has emerged as one of the riskiest social media platforms to date, according to South Africa-based cybersecurity firm Nclose.
It allows users to reveal deeply personal and relevant business information without authorization; It allows fraudsters to impersonate employees and gain trust and access to information that can potentially jeopardize a company’s reputation if an employee posts defamatory or objectionable content.
“By now, most people are realizing that social media is not the place to put personal information or sensitive credentials,” said Stephen Osler, co-founder and business development director at Nclose.
The uniqueness of LinkedIn
Osler goes on to say that “LinkedIn introduces a whole different dynamic as it focuses on sharing certain personal information that is more related to company insights and career-related data. All of this information can be used by bad actors to impersonate people, and if they do it well, they can gain access to information that can cause untold damage to the company or that employee.”
One concern is how information obtained by someone posing as an employee could be used to infiltrate the organization itself. The hacker could use personal details, passwords and other shared data to intrude into the primary system and cause untold damage.
On the other hand, they could use the information for blackmail – they steal the account and demand a ransom to release it. And this account can be either a personal or a business account.
It sounds dramatic. It sounds crazy. LinkedIn is about bragging rights and brands, right? Yes, but according to research, it’s also the most impersonated brand in phishing attacks.
LinkedIn’s business focus makes people think it’s safe
“Users often perceive LinkedIn as secure and this creates a false sense of security – it’s a business-focused platform, that certainly makes it secure?” says Ösler.
“The problem is that this platform is incredibly popular and populated, which means the people who use it and the companies they represent are at risk. This risk can take many forms – hacking, fraud, identity theft, phishing and defamation – and businesses today need to be prepared for these challenges.”
One of the biggest risks are the credentials that users use to access social media. People tend to use the same credentials on their social sites as they do to log into the company.
This is often because the credentials provided by the company are secure, but also because users don’t want to remember hundreds of different passwords. So when LinkedIn passwords are compromised, organizations are compromised.
Here’s how to stay safe on social media like LinkedIn
“To mitigate this issue, make sure that people posting on behalf of the company follow the same password policy they do when working within the company,” says Osler.
“At least that’s something you can enforce. Then introduce company training that emphasizes the importance of not using business credentials anywhere else, especially on social media. Finally, if you have a business account on LinkedIn, don’t accept connections from everyone — you must verify all connections to make sure you’re not giving a hacker more credibility by adding them to your network.”
In addition to the ongoing security risk that this platform poses, there is also the reputational risk. There is a fine line between a personal profile and how a person represents a company.
Osler says the whole thing is tricky.
“If a person posts content that goes against company ethos, how can the company address the issue? On the one hand, social media platforms are personal portals and are not under corporate control. On the other hand, if a person posts content that upsets people or that can be described as hate speech, they are crossing all possible business lines.”
“This is a difficult problem to solve because people have the right to use social media and post on their profiles,” Osler concludes.
“However, it is worth including restrictions on offensive behavior and language in an employment contract. It’s not unreasonable to demand ethical behavior when a person represents the company, and if a person doesn’t feel comfortable with that, then they may not fit in the first place.”
As the world of social media continues to evolve and change, businesses must adapt and change with it.
Safety must remain a priority in all aspects of social media engagement, and while few companies advocate the introduction of restrictions on personal liberty, safeguards must be in place to protect other employees and the company as a whole.