The Unintended Consequences of Social Networking

With today being Facebook’s IPO I wanted to address an unintended consequence of social networking. I am a huge fan of LinkedIn for expanding my professional network, for learning and collaborating with other security/privacy pros, and it certainly helps with a job search. I teach advanced LinkedIn every week to 20 to 30 people in career transition.

Bad guys are using LinkedIn to create org charts of their targets. Odds are high that you are connected to your manager and your team is connected to you. If you or your team received an e-mail from your boss (or someone spoofing your bosses e-mail address) and it contained an attachment labeled “Corporate Strategic Plans – Confidential” (or any document containing malware), would you open the mail and the attachment? Highly likely.

Good guys a.k.a. your competitors are watching the new LinkedIn connections from your executives, especially the business dev team. They look for patterns. A few execs connecting to a particular company can be a clue about M&A activity. Want to know who a company’s suppliers are? Check LinkedIn. Competitors are also looking at new hires gleaming information about new products being developed.

Actionable advice: Security teams need to advise HR, business dev, and product teams about the information bad guys and competitors can learn from social networking.