January 29


LinkedIn: Good for Relationships, Bad for Security?

I believe in the power of human connection. I believe in the power of relationships. And I think that networking done for networking sake never works. But if you network by building relationships, then in my experience, you will be more successful in your endeavors.

Recently, there was a flurry of postings about the value of using LinkedIn to build your personal and professional networks. If you have not yet heard about or used LinkedIn, you can learn more here: http://www.linkedin.com/static?key=company_info

From their website:

When you join, you create a profile that summarizes your professional accomplishments. Your profile helps you find and be found by former colleagues, clients, and partners. You can add more connections by inviting trusted contacts to join LinkedIn and connect to you.

Your network consists of your connections, your connections’ connections, and the people they know, linking you to thousands of qualified professionals.

I learned about LinkedIn a few years ago and created a profile. At different times, I have worked to update my information, and am currently working to improve what I have there now. You can check it out here: http://www.linkedin.com/in/securitycatalyst

I’ve talked to many security professionals about using LinkedIn – and we seem to be something of a split bunch. Many I know confidently use (and some swear by) the effectiveness of LinkedIn. Others cite concerns over privacy and security and refuse (or have yet) to use it.

Do you use LinkedIn? Why or why not?

LinkedIn to generate answers for business people?
Yahoo! Answers has been considered to be a complete success. Even presidential candidates have used it! Perhaps driven by the success of Yahoo! Answers (or perhaps on their own accord), LinkedIn recently created an “answers” solution – focused on the needs of business users. When this announced this, it caught a lot of media attention.

Check out LinkedIn Answers here: http://www.linkedin.com/answers

It was one of the developments that sparked my interest, but I have yet to really follow up on it. I do believe that having a cadre of security professionals available to help provide some guidance to others would be a benefit to businesses, so I hope more of us work through this solution and get engaged.

The Good: How LinkedIn Can Help Your Security Career
Admittedly, I have yet to really explore or “tap” into the power of LinkedIn, I can see where if I was looking for a position, looking to make connections or otherwise grow a network, it could be useful. I’ve put it on my expanding list of things to research and use more in 2007.

It’s also useful for connecting with lost colleagues and old friends. More than once, I have noticed that someone I am connected to is connected to a friend. Through this, I have been able to reconnect with some good friends.

Guy Kawasaki recently wrote and excellent post about how to leverage the power of LinkedIn. You can read it here. http://blog.guykawasaki.com/2007/01/ten_ways_to_use.html

Guy explains 10 ways that you can use LinkedIn, and if you currently or plan to use it, this is entirely worth the read. I might also suggest that if you don’t regularly read and learn from Guy Kawasaki, you’re missing out.

The Bad: Where LinkedIn Can Ruin Your Security Day
The irony of social media is that sharing information (or too much information) can lead to some creative and highly effective attacks. The main concern I see is the benefit to social engineers.

Think about it. Many people who list profile information (and select to make it publicly available, of course) will choose to list the companies they have worked for, the positions they have held – and many who are not security minded list project names and other information that would be a total score for an attacker.

But it gets better (or worse), since now they also see who are you linked-to, or what connections you have. If an attacker takes enough time, they can piece together a lot of information and wage a successful attack.

With that in mind, take a minute and consider the work you do and the people around you. Now, think about this: do you have people in your organization that could be poached away because of their linked in profiles?

Seriously. I have found that LinkedIn is fertile ground for recruiters. Well, your competitors know this too. How much damage would it cause you if one of your key employees were courted away – entirely legally!!

So it LinkedIn good or bad for security?
As we know from the practice of security, there are no absolutes. I think that the use of LinkedIn should be a personal decision (which most of you probably already know).

I would suggest that if you are aware that your users are using LinkedIn, you should review your security policy to ensure it covers posting company information to public websites. And then we need to find a way to teach our users about the dangers and risks, educate them about our policies and then help them find effective ways to use LinkedIn without putting your company in unnecessary risk.

My Choice and How I Use LinkedIn
I chose to use LinkedIn. I try to be careful about the information I include in my profile, but as a business owner and professional speaker, it’s to my advantage to be more visible.

As a rule, I don’t link to people I don’t know (or haven’t heard of). That said, if you want to link with me, please let me know a bit about you and that you listen to or read the Security Catalyst and we can connect. Check me out at: http://www.linkedin.com/in/securitycatalyst

Come discuss this with me and the other members of the catalyst community: http://community.santarmj.staging.wpengine.com/forums/index.php/topic,83.0.html, and we can debate if it makes sense to start a Catalyst Community Group for linked in? I’d also like to know what precautions you take and how you have advised your users to be more effective and more secure.


You may also like

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Tired of feeling defeated on Friday?

Where the stack of work to get done is bigger than what got finished. You dread next week before the weekend even begins.

It doesn’t have to be this way.