Your Data Matters — Keep It Hidden. Keep It Safe.
Key Points: LinkedIn Privacy and Security
Oversharing on LinkedIn: Bad actors can leverage your public information to craft convincing phishing attacks or target your employer.
Locking Down Your Profile:
Adjust privacy settings to hide sensitive information like education, past employers, skills, email, and phone number.
Display only the "About" section and mention that further details are available upon request in your CV or resume.
Clean up your profile to remove irrelevant information.
Staying Vigilant:
Remain cautious, as bad actors may have already gathered data on you.
Learn to identify phishing attacks and social engineering tactics.
Data Brokers: These companies collect and sell personal information, making it accessible to virtually anyone, including bad actors.
Even if you don’t have a LinkedIn account, the following information is worth knowing because most of it applies to any platform where you are encouraged to share personal information.
If you’re not familiar with LinkedIn, it’s a professional networking/social media platform where people post information about their current and past jobs, education, and skills. It’s primarily used for recruitment, job seeking, and B2B marketing. LinkedIn is a great resource for people and businesses to get to know about you, and this is also precisely why it’s one of the most dangerous platforms for oversharing.
Bad actors, like hackers, often use information found on LinkedIn to target company employees. That's right. All of this data is just sitting there waiting for someone to comb through it in order to appeal to a target's humanity and phish them.
The Risks of Oversharing on LinkedIn
For example, a bad actor might use your public information to send you a phishing email similar to this:
“Oh!? You know Ricky, too?! We all went to the same college and graduated the same year. What a totally random happenstance! We're hosting an alumni party this summer and would like you to join us. Please RSVP with this link provided in this email. Hope to see you there!”
And that link? Maybe it just tracks the user's IP Address? Or maybe it installs malware? Either way, a person is way more likely to click it because the sender sounds legitimate due to including some publicly available information.
If a bad actor targets you on LinkedIn, they may be going after you or the company you currently work for. But your privacy and personal information may still be compromised in their attempt to hack your employer. Furthermore, your employer may enforce consequences if it is discovered that you gave away confidential information—whether or not you did so knowingly. Given the risks, it’s worth taking a half hour or more to lock down your profile.
Lock Down Your LinkedIn Profile
The first and easiest step you can take to make your LinkedIn account more secure is to adjust your privacy settings. You can do this by logging into your LinkedIn account. Then click on the word “Me” under your avatar icon. Once you are on the settings page, click on “Visibility”. Now you can edit what information is publicly available. Make sure to check each setting and adjust it to what is right for you. For instance, I recommend hiding your education, past employers, skills, email, and phone number. This is because that information can be used by a bad actor to build a profile on you or your company.
Instead of putting all of your information on display, only display the “about” section of your profile and explain that such information is available upon request in your CV or resume, and add a line explaining that you do not share personal information publicly for security purposes. This way, you’ll know who has your information, when they received it, and why they asked for it. And potential employers will know that you understand the importance of cybersecurity.
After you’ve hidden your information, take some time to clean up your profile so that LinkedIn only has information that’s relevant to your current needs. This way, your information cannot be leaked by accident or by policy changes at LinkedIn.
There may be times when you want to loosen your privacy settings, such as when you’re looking for a job. Just make sure to lock up your profile again once you've landed the job.
Stay Vigilant
Once you’ve secured your LinkedIn profile, you must remain vigilant. If a bad actor is targeting you or your company, they may have already spent weeks or even months gathering data on you, waiting for the right time to strike. Or, more likely, your data has been scraped by a data broker. Data brokers are companies that collect information on people, analyze and organize that data into profiles, then sell it to other organizations and individuals. They will generally sell your personal information to anyone willing to pay, meaning practically anyone can access your data through them by purchasing it from their database—even bad actors.
Because of this ever-present threat, there are many more skills you may need to learn, such as how to identify phishing attacks and common tactics used by social engineers. Please keep following this blog for more articles and information on how to stay safe online.
FAQs
Why is oversharing on LinkedIn dangerous?
Oversharing on LinkedIn can provide bad actors with personal information that they can use to craft convincing phishing attacks or target your employer.
How can I protect my LinkedIn profile?
You can lock down your profile by adjusting your privacy settings to hide sensitive information, displaying only the "About" section, and cleaning up irrelevant information.
Are there risks even if I don't have a LinkedIn profile?
Yes, data brokers collect and sell personal information, making it accessible to virtually anyone, even if you're not on social media. It's important to be aware of the risks and stay vigilant online.
If you have any questions or would like to learn more, please feel free to contact us!
