Well I promised I would update my last blog post on my data security experiences with LinkedIn. Let’s cut to the chase – I have several concerns, and here they are.
- LinkedIn’s tech support response is painfully slow. I opened the ticket on March 27. LinkedIn responded on April 8. For those of you counting at home that is 12 days. If you are going to run a business catering to millions of potential users, you need to develop a support system to respond to them. LinkedIn could take some lessons from Amazon.
- They removed the user from following my LinkedIn company page which per their Help Desk, they say they will do. Unfortunately though you do not have the ability to do this yourself, and you have to request for LinkedIn tech support to perform the action - which in my case took 12 days.
- Regarding the user claiming via their LinkedIn profile to work for my company, LinkedIn did nothing about this issue, and here was their response: “If any members indicate they are current or past employees when in fact they aren’t, it’s usually because: 1. They haven’t had the chance to update their profiles. 2. They mistakenly selected the wrong company name when they updated their profile. We generally don’t moderate or validate information that members post, but there are times when we might intervene.”
Number 1 is a problem because when you have a problem on LinkedIn, it looks like it will take a while to get it sorted.
Number 2 is a minor problem, and essentially you are unable to remove people from following your company pages. From a data security standpoint, it only really becomes a problem if the same person is trying to also pass themselves off as an employee of your company.
Number 3 is the larger problem from a data security standpoint, especially for larger companies who are unable to actively monitor all existing employees. You basically have two data security issues here. The first would be someone attempting to pass themselves off as an employee of your company and contacting your existing clients to gain some type of info from them via LinkedIn. The second data security issue would be someone attempting to pass themselves off as an employee of your company and contacting your existing employees to gain some type of info from them via LinkedIn.
So how do you protect yourself? First close your Connections status to allowing those outside of your network to be able to view them. Second do not send any type of sensitive documentation via the LinkedIn internal email system. In this case it helps to have an information classification policy in place to prevent employees from sending out sensitive documents.
As always if you have any questions or comments, please feel free to list them below.