Skip to content

LinkedIn menaces researched

If you’re like me, you’re fond of using LinkedIn or some other business-oriented social networking service. (LinkedIn say they have over 10 million users.) It’s great to be able to map and reach one’s genuine contact network.

However, there are security issues that must be considered. Dennis Rand, of CSIS Security Group, Dragør, Denmark, has written an excellent article on the subject, detailing the following dangers (this list is a direct quote):

  1. People will write too detailed and possibly confidential information within their profile.
  2. People will allow everyone to see all connections made, again allowing possible confidential information to leave the company.
  3. Employees can bring client contacts with them, if they decide to leave the company, “without stealing any information” in the way we usually see; they have just connected to the clients.
  4. People will trust their connections and click on everything that they receive from these people.

These are all important issues. First, you obviously shouldn’t write anything on LinkedIn that you wouldn’t write in your private blog – probably not even anything you wouldn’t write in your company’s blog. Second, respect the privacy of your contacts. Showing off an impressing contact list might be tempting, but won’t enthuse those invitees who value their privacy.

Point number three is an interesting one – if you and me meet while working for our respective employers, and we then connect on LinkedIn, are we stealing something from our employers? Dennis Rand writes that companies need to regulate how employees are allowed to use social network sites, “if at all”. Should that also include free time?

The fourth and final point is always good to remember, also outside of the LinkedIn context – social engineering can take any form. Whenever you are asked to do anything that could carry security implications, first determine whether things really are what they seem.

Dennis Rand also carried out an experiment that netted his faked LinkedIn user more than a thousand direct connections in less than two weeks. This result illustrates how detrimental “open networking” might be to unsuspecting fellow LinkedIn users. On the other hand, if you judge your connections successfully, you will never end up in an “open network”, so in a way, the trust concept protects itself from abuse.

Post a comment Trackbacks closed RSS 2.0 feed for these comments This entry (permalink) was posted on Wednesday, May 16, 2007, at 10:23:29 by Thor Kottelin. Filed in Internetworking, Security.

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*