The digital age has brought countless advantages to the way we do business, not least the ability to network and advertise job roles to a vast audience through platforms like LinkedIn. However, this visibility also brings with it significant risks. Cyber criminals are increasingly scraping LinkedIn to gather information on new job postings and subsequently targeting new starters by impersonating company decision-makers. This deceptive practice can lead to serious security breaches and data loss. This blog explores how Pisys, a Managed Service Provider, can safeguard your business against these threats using cyber security measures.
How Cyber Criminals Target Information from LinkedIn Job Posts
The Modus Operandi
Cyber criminals exploit LinkedIn job postings to gather crucial business details, aiding them in crafting convincing spear-phishing attacks. They impersonate leaders and HR personnel, aiming to deceive new hires. With Pisys’ Security Operations Centre (SOC), businesses can monitor for such deceptive tactics, enabling rapid detection and response to any suspicious activities linked to job postings.
Beyond Impersonation
Cyber criminals also analyse job postings to deduce a company’s technological adoption and potential vulnerabilities. Pisys’ Cyber Security services can help fortify your systems, offering solutions like Datto SaaS Protect to guard against data breaches and ensure your tech environment is resilient against tailored attacks.
Protecting Yourself and Your Organisation
Vigilance in Information Sharing
When posting on LinkedIn, it’s crucial to keep sensitive details minimal. Pisys advocates for and implements best practices in information security management, helping ensure that what you share on platforms like LinkedIn doesn’t expose you to cyber threats.
Secure Communication Protocols
Pisys supports the establishment of secure communication protocols for recruitment processes. This includes multi-factor authentication and encrypted communications, key steps in protecting sensitive interactions from cyber criminals.
Employee Education
Pisys offers FREE training for all Comcen Group customers, covering essential topics such as cyber security and phishing awareness. Regular training sessions ensure that your team, including new starters, are up-to-date on the latest security practices and threat recognition techniques. Our customers can access your FREE training here.
What to Look for with New Starters on LinkedIn
Anomalies in Communication
Be wary of unsolicited requests for sensitive information or money transfers, especially if they come shortly after a new job posting. Scrutinise the language used in emails or messages; often, phishing attempts are betrayed by unusual phrasing, excessive urgency or sender addresses that deviate from the company norm.
Unusual Network Requests
New employees might receive requests to connect from fake profiles pretending to be colleagues. Always advise verifying connections through multiple means or in-person confirmations.
Pisys Social Media Guidelines for New Employees
As part of our commitment to maintaining a secure and professional online presence, we have developed the following social media guidelines to help you navigate your interactions on platforms like LinkedIn, Twitter, Facebook and beyond.
1. Understand the Platform’s Privacy Setting
Action: Familiarse yourself with the privacy options of each social media platform.
Purpose: This helps control who can see your posts and personal information, reducing the risk of information being used maliciously.
2. Think Before You Post
Action: Avoid sharing confidential or sensitive information about your place of work, your clients or partners.
Purpose: This maintains the integrity and confidentiality of your business operations and protects against data breaches.
3. Professional Conduct
Action: Always represent your organisation professionally. Avoid posting offensive or derogatory content.
Purpose: This reflects well on you and your place of work, fostering a positive online presence and company reputation.
4. Verify Connection Requests
Action: Be cautious about accepting connection requests. Verify the requester’s identity if they claim to be one of your new colleagues.
Purpose: This prevents connections with fake profiles that might be looking to gather information for fraudulent purposes.
5. Report Suspicious Activities
Action: If you encounter suspicious behaviour or content directed at you or involving your employers, report it to your manager or directly to our IT support team.
Purpose: Prompt reporting helps mitigate potential security threats swiftly.
6. Use of Company Branding
Action: Do not use the your organisation’s logo or branding without permission.
Purpose: This ensures the brand is used consistently and correctly, aligning with corporate identity and messaging.
7. Engagement with External Content
Action: Exercise caution when liking, sharing or commenting on content. Ensure the content aligns with your organisation’s values and professional standards.
Purpose: This minimises the risk of associating the company with unverified or inappropriate external content.
8. Personal Accounts Distinction
Action: Clearly distinguish your personal opinions from those of the company when discussing industry-related topics.
Purpose: This prevents personal views from being misinterpreted as official stances of your place of work.
9. Participation in Online Discussions
Action: When participating in discussions, especially on platforms like LinkedIn, keep the discourse professional and informative, especially when the conversation relates to your field of work.
Purpose: This establishes your voice and your place of work as authoritative and respectful in the industry.
10. Regular Updates and Training
Action: Participate in regular training sessions offered by Pisys on cybersecurity.
Purpose: Staying updated on the best practices and emerging threats helps you safely and effectively use social media.
Using LinkedIn for recruitment while safeguarding against cyber threats is a dual challenge that Pisys, as an Award Winning Managed Service Provider, is well-equipped to address. Through comprehensive cyber security measures and continuous employee training, Pisys helps shield your business from the sophisticated tactics of cyber criminals targeting new job postings.