LinkedIn is a social network that focuses primarily on making and maintaining business contacts. As a small business a social networking site like LinkedIn can be very valuable when it comes to making new connections. But as is the case with all connections formed with invisible strangers behind a keyboard, it’s very important to be prudent about what we share about ourselves, our businesses, and our coworkers to avoid social engineering.
Because just as LinkedIn is a perfect tool for expanding your business network, it is an equally perfect tool for hackers who want information that will help them with social engineering their way into your business accounts.
Cyber criminals and fraud actors use the information they find on LinkedIn to attack your business, whether it is through initiating scams, social engineering, spear phishing, whaling, or phishing. What they want is to bypass security solutions implemented by your IT team, and then infiltrate your business’s systems.
As soon as they get access to your computer they can get inside all your business’s systems, steal data, take over computing resources, encrypt files, mine cryptocurrencies on your computer, or even steal cash through email compromise schemes.
Sure, your activity is only shown to users that you have marked as connections, but since most of these connections are superficial you shouldn’t trust them. Posting too much information on LinkedIn can be used against your business.
Make it harder for ransomware to get in and take over and encrypt your company files by never sharing these 4 things on LinkedIn:
- Don’t share places your team will stay on business or leisure trips. Cyber criminals will use this information to target your location and pretend to know you when trying to reach your colleagues. Having these little nuggets of truth built into their narrative will go a long way to build trust as they try to get close to your business.
- Don’t share personal favorites or any family information. Things like your pets’ names, birth dates, favorite vacation spots and the like are often used as password hints or secret questions on accounts online. These tidbits are more than helpful when criminals try to break into your business accounts online.
- Don’t share your personal or your colleagues’ email addresses via LinkedIn messages. Cyber criminals use these addresses for mass phishing campaigns to try to get account access.
- Don’t share the specific software solutions you use in your business. Giving cyberattackers this information makes their job easy. Once they know what software solutions your team uses to work, they will be able to look for specific tools to exploit those solutions. Or, they can simply social engineer your business by pretending to be with the vendor that makes or supports the software you use.
What To Do Next
If this article made you think twice about what you may have shared on LinkedIn in the past, contact us for a free security audit. BCC will work with your business to ensure your staff is educated and provide ongoing training to keep your team secure. You can also follow us on LinkedIn, Facebook, and Youtube for other helpful security and tech tips and recommendations.