How your staff's LinkedIn habits are exposing you to cyber security threats

 
Hayley Kirton
Follow Hayley
LinkedIn Corp. To File For IPO
Think before you make that new connection, warns Intel Secutiry (Source: Getty)

Staff's poor handling of privacy on LinkedIn risks exposing bosses to cyber security threats, research released today has found.

A survey of 2,000 people by Intel Security discovered that almost a quarter (24 per cent) of Brits had connected with somebody they did not know personally on LinkedIn, which could not only open them up to targeted cyber attacks, as criminals use personal information to tailor their approach, but also the companies they work for.

Around two-thirds (69 per cent) of those surveyed also confessed that they had never stopped to think about whether somebody they connected with on LinkedIn was who they said they were, and this figure rises to 72 per cent for 18-24 year olds.

Read more: SMEs have put cyber security on the back burner

"Social networking sites are a treasure trove of data used by malicious actors in order to research potential targets for attacks, not only requesting to connect with senior executives but as many junior or mid-level employees at a company as possible," said Raj Samani, technology chief at EMEA Intel Security. "They then target senior level execs, using their existing connections with colleagues as proof of credibility by leveraging the principle of social validation. Once these connections are in place they can launch a targeted phishing campaign."

The vast majority (87 per cent) of those surveyed also said that their employer had never made them aware of any company policies relating to LinkedIn use.

Read more: British business lost a billion pounds to cyber crime last year

Samani added:

Businesses must educate all members of staff on how to avoid common scams, including making them aware of the risks of opening unknown attachments in messages or clicking on unknown links. This sounds simple but phishing scams are growing rapidly.

Companies are falling tricks by cybercriminals who get in contact using details skimmed from the Internet to legitimise their own fake profile in order to better target businesses.

Related articles