When looking for a new role, one of the first things cyber security professionals usually do is update their LinkedIn profile. You list in detail your areas of technical expertise and experience for your current and past positions, you have done great work and want to showcase your achievements.
Most employees are now well aware of security risks associated with revealing too much personal information on social media sites such as Facebook, but have you ever stopped to consider that in an environment of increasing levels of cybercrime that what you innocently disclose on your LinkedIn profile, may actually open up your previous employers to an increased risk of a cyber-attack?
LinkedIn is a goldmine for cyber criminals and hackers, who can easily trawl through profiles to identify known vulnerabilities and details of organisational security infrastructure.
As cyber security professionals list their expertise with specific hardware and software deployment in great detail, recount their achievements in engineering infrastructure and succeeding to minimise vulnerabilities, this immediately opens up previous employer’s sensitive information to potential hackers.
It’s not just IT and security employees, all employees on LinkedIn need to be reminded that even easily accessible information like email addresses pose a potential threat. Once a hacker begins to research a target, all too often an easy way in is to use LinkedIn to determine the email address structure of an organisation and then target the business with a phishing or social engineering plan.
Simon Mansfield, Talent’s Cybersecurity Practice lead gives this advice on prevention:
For employees, try to safeguard the details you share on LinkedIn about systems of previous employers by keeping the specific details in the public domain to a minimum. Speak about your experience in general terms, rather than go in to detail about what systems were used at each employer.
What can employers to protect themselves?
Make your employees aware through regular training to safeguard company information and data. Empower them to monitor what they make available and to whom on social networking platforms such as LinkedIn.
Ask employees to be mindful and consider the potential risks of any disclosures of sensitive information, education is key.
Organisations can also put in place policies on what is acceptable and pro-actively review the social media profile of their employers to ensure they are not exposing the business to increased risk of cyberattack.
Need more advice? Speak to Simon on +61 2 9223 9855 or email firstname.lastname@example.org