There does not a day that goes by when he hear about a Social Media being hacked into.  This is totally different from the other kinds of hacks that the news headlines bring out everyday.  In terms of notoriety, it has to be Facebook that receive the most attention. 

On a daily basis, we keep hearing something about Zuckerberg, how many passwords have been stolen, how many accounts have been compromised, the violations of privacy rights (especially in Europe, when it comes to the GDPR), blah, blah, blah, etc.

Next in line for coverage on being hacked into would be Instagram, although I have never really used it except to look up some stuff such as infographics, and other related visual content.  There have been some issues with Twitter, but the last time I came across anything was when their user database was compromised, but no passwords were actually stolen.  Twitter actually relies upon a third party to manage their database, which in my opinion, is a big no no.

Now, we come to Linked In.  I have hardly ever come across any headlines that deal with any related Security issues, except from time to time I have read about when they have not updated their Security certificates (which is used to establish a secure connection from your web browser to your Linked In account). 

Linked In happens to be one of most widely used Social Media sites out there (though the company does not like to be branded as such), considering these statistics:

*It is ranked as one of the top 10 Social Media sites in the world;

*It is the most widely used site used by Fortune 500 executives in terms of making new connections and contacts.

I personally used Linked In every day.  There was a time when I would barely even log in perhaps once every two weeks, but now I am on there every day, almost 8-10 hours per day.  I use it for a wide variety of reasons, but once again, my prime motivation for being on it so much is to “meet” people with whom I would never meet in the real world. 

In a way, I have really become a Linked In “junkie”.  I do excited whenever I make a new connection, or whenever anybody reaches out to me for something.

I think I have over 1,000 connections, and it is through this medium that I post my blog posts, as well as other news about the Cybersecurity industry.  My profile is public, so anybody can see my details, and I can also see who has viewed my profile.  There are two things I like most about Linked In: 

*Their instant messaging platform;

*Their analytics as to who has viewed your post or article.

For a free subscription, they do offer quite a bit of rich data.  But of course, they do also have upgraded versions to this, in which you either have to pay on a monthly or annual basis.  This includes the likes of Linked In Premium, Linked In Recruiter, and their lead generation tool, Linked In Sales Navigator.  Except for the second one, I have used all of the other editions.

Now, comes the harsh reality of all of this data and services that is provided by Linked In:  Although it has not happened on a large scale yet, Linked In could very well be the next major target for a Cyberattack, as well as platform for a hacker in which to large a major attack.  According to Cybersecurity professionals that are close to this, there are five scenarios that are possible:

*Corporate Espionage:

Because Linked In such a highly regarded and respected platform, there are many executives, especially those at the C-Suite, that let their guard down, and actually send their business plans or other trade secrets via the messenger tool or through “InMail”, which is Linked In’s own Email platform.  It is important to keep in mind that these messages that are sent as cleartext and are not encrypted by any means (as far as I know, Linked In does not have any encryption standards for private messaging).

*Fraud and Phishing:

This form of Cyberattack will never leave us.  As I have mentioned previously, it is one of the oldest threat vectors, with variants of coming out all the time.  But, the Cyberattacker is not really looking into siphon in just everybody, they are targeting one group that is extremely vulnerable:  The job seeker who is desperate to find a job.  In these instances, be aware of any suspicious looking profiles or InMails from people who claim to be recruiters.  Remember, a good recruiter will always leave their contact info, and if in doubts, call or email that person from whom you’ve got the InMail and make sure that they are real.

*Operational Risks

Because Linked In so widely used for professional networking, the platform encourages you to put all of the personal information that you can on it.  While you do want people to contact you, especially if you are job seeker, you have to be careful as to what you put up.  There are probably thousands of profiles in which the individual has put up their resume – nothing wrong with that of course, but it also includes such things as home address, social security number, etc.  If you choose to put up you resume, block out all personal information.  Instead, create another Email address that is dedicated to just your job searching, and put that on your Linked In resume.  In other words, your Linked In profile should shine about you – but not to the point where you pose a serious risk to yourself.  It is also prudent to have a friend or family member look over you profile just as a second set of eyes, in order to make sure that you are not giving away too much PII.

*Issues with workplace retaliation:

With the Linked In Recruiter tool, the platform has become a plethora for job recruiters, current and even ex-employees to share their opinions and views about the job market, and even air grievances about their current employer.  While as far as I know Linked In has really no limitation as to the type of content that can be posted, these types of posts can be the catalyst for an employee who just got laid off or let go from their firm for some sort of retaliation attack. Unfortunately, there is very little that can be done to prevent this from happening.  The only preventative measure that can be taken is for the company to see if the laid off or fired employee has attempted to gain access to their IT infrastructure.

*Reputational Risks:

Finally, like it can be said in both the real and the virtual worlds, how you conduct your self will simply reflect on you and the company you work for.  With that in mind, the proper etiquettes of behavior under all circumstances.  After all, if you are a Fortune 50 C-Suite executive, you might have an heir about yourself that you can say what you want.  But remember, we live in a 100% digital world now, and anything said, if controversial, can go viral in just a matter of a few seconds.

My thoughts on this?

Just as with any electronic based platform, you have to have your guard up.  If there is any suspicious activity that you notice on your account, simply close it up and open up a new one.  But the caveat here is that if you do this, you will lose all of the valuable connections that you have made and will have to start all over again in that regard.

As I had mentioned previously, always have a second set of eyes that you trust keep reviewing your profile, just to make sure that you are not giving out too much PII or that you are not damaging your own, unique brand by mentioning something that you should not.  There are also plenty of career centers that can look at and examine your profile for free, so take advantage of that.

Don’t be afraid to use Linked In.  It truly is one of the best ways to network with others in your industry, and heck I have met some of the most, well regarded Cybersecurity professionals by using this medium.