Comments on: Is LinkedIn a Bad Idea for Employers? http://www.concurringopinions.com/archives/2008/09/is_linkedin_a_b_1.html The Law, the Universe, and Everything Tue, 14 Feb 2012 11:44:40 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Logical Extremes http://www.concurringopinions.com/archives/2008/09/is_linkedin_a_b_1.html/comment-page-1#comment-47330 Logical Extremes Fri, 12 Sep 2008 06:06:56 +0000 http://www.solove.org/archives/2008/09/is-linkedin-a-bad-idea-for-employers.html#comment-47330 Jack S., this problem is more insidious than typical spam. It's now possible to do some pretty convincing social engineering, rather than just a "Dear Sir" in some strange email with a link or attachment. The remedies listed are quite appropriate. Tools are readily available to block malware attachments, filter email from spammy addresses, and even flag emails containing links to known malware domains and IP addresses. But education is key to get employees to recognize the risks of putting too much information in the public domain that can easily play into social engineering attacks. Jack S., this problem is more insidious than typical spam. It’s now possible to do some pretty convincing social engineering, rather than just a “Dear Sir” in some strange email with a link or attachment.

The remedies listed are quite appropriate. Tools are readily available to block malware attachments, filter email from spammy addresses, and even flag emails containing links to known malware domains and IP addresses. But education is key to get employees to recognize the risks of putting too much information in the public domain that can easily play into social engineering attacks.

]]> By: Bruce Boyden http://www.concurringopinions.com/archives/2008/09/is_linkedin_a_b_1.html/comment-page-1#comment-47329 Bruce Boyden Fri, 12 Sep 2008 02:48:04 +0000 http://www.solove.org/archives/2008/09/is-linkedin-a-bad-idea-for-employers.html#comment-47329 Another way to combat the problem would simply be to not have any friends. :-) Another way to combat the problem would simply be to not have any friends. :-)

]]> By: Jack S. http://www.concurringopinions.com/archives/2008/09/is_linkedin_a_b_1.html/comment-page-1#comment-47328 Jack S. Fri, 12 Sep 2008 01:19:58 +0000 http://www.solove.org/archives/2008/09/is-linkedin-a-bad-idea-for-employers.html#comment-47328 the other things though, education and better virus filtering is a good technique. This of course requires properly trained technical staff as well who keep an eye on the virus news sites via alerts or whatever, etc. many times these nasty's come out and do damage before corrective action can be taken. some can be spared if there's effective communication. the other things though, education and better virus filtering is a good technique. This of course requires properly trained technical staff as well who keep an eye on the virus news sites via alerts or whatever, etc. many times these nasty’s come out and do damage before corrective action can be taken. some can be spared if there’s effective communication.

]]> By: Jack S. http://www.concurringopinions.com/archives/2008/09/is_linkedin_a_b_1.html/comment-page-1#comment-47327 Jack S. Fri, 12 Sep 2008 01:15:02 +0000 http://www.solove.org/archives/2008/09/is-linkedin-a-bad-idea-for-employers.html#comment-47327 Employer controls? as if that ever works. By your reasoning, e-mail is bad for companies. Several viruses have transited via e-mail in just the way you describe and have been extremely successfully in shutting down a company's mail system and other things. Block all non-registered e-mail addresses? Probably not going to work in a large operation. Risk filtering out an important client mail (it happens, I speak from personal experience). Also not a good idea. Your scenario also decribes the same thing as breaking into someone's e-mail. I would hope that LinkedIn is at least close to the security of e-mail if not the same (which isn't much, all things said). The social networking sites, personal e-mail at work and receiving personal mail on work e-mail all bring up interesting risk issues. But prohibition techniques is probably not the best way to address the problem. Employer controls? as if that ever works. By your reasoning, e-mail is bad for companies. Several viruses have transited via e-mail in just the way you describe and have been extremely successfully in shutting down a company’s mail system and other things. Block all non-registered e-mail addresses? Probably not going to work in a large operation. Risk filtering out an important client mail (it happens, I speak from personal experience). Also not a good idea.

Your scenario also decribes the same thing as breaking into someone’s e-mail. I would hope that LinkedIn is at least close to the security of e-mail if not the same (which isn’t much, all things said).

The social networking sites, personal e-mail at work and receiving personal mail on work e-mail all bring up interesting risk issues. But prohibition techniques is probably not the best way to address the problem.

]]>