The following are real-life scenarios:

“LinkedIn hacked me!”

“I am seeing a list of all people I have ever exchanged email with on LinkedIn – and have never given LinkedIn my password (and I even use a different password for both LinkedIn and Gmail and I have not granted LinedIn access to my account.  What’s going on?”

We get calls and e-mails like these all too frequently these days with similar complaints from clients, friends and colleagues. If their concern is not related directly to an issue they discovered within one of their social networking sites, then it’s a question as to whether they should allow LinkedIn or any other social networks to access their e-mail account, address book or even “sync” with an application such as Microsoft Outlook.

The definitive answer is to never allow access unless you have such a compelling reason to take on the risks involved and are willing to accept those risks. But even if you choose to go that route, there are still ways to protect yourself.

So when it comes to LinkedIn asking you to enter your e-mail account info, always go with a definitive “No!” by default. Without boring you with a discussion on the different privacy policies and what is considered “protected” and what is not, let’s take on the simple approach to not trust any of these websites from the start. These are not altruistic organizations – they want your information and they want more eyeballs on their pages so they can generate more revenue and further monetize their product. We all know that, but it’s easy to forget when it comes to social networks that help keep you connected in both your personal and professional worlds.

The key is to control exposure on your end as much as possible and limit what these networks can gain access to without your permission. Here are some simple tips to consider:

  • Always keep in mind that when you are using a free e-mail service such as Gmail, Yahoo, etc. – partnerships behind the scenes between the different companies such as LinkedIn and Google could expose some of your activity without you ever realizing it.  So I always recommend using an e-mail “alias” as your primary e-mail address (the address you use to login, receive notifications, etc.) and if that account is from a free e-mail service, set it up so it forwards from that account to a different e-mail account. That way the only e-mail account on file (your primary) is not an actual e-mail account that contains all (or any) of your contacts, calendar and other related personal/professional information.  If you are using a corporate account, you’re typically more secure – but I would still recommend that you ask your provider to create an e-mail alias for you so that way you never use your actual corporate account within the networks. This also gives you complete control to change and redirect activity and account information in the future without it ever affecting your main corporate e-mail account.
  • Never agree to import or “sync” any of your account information or “allow access” to plug-ins, etc. – when in doubt, always deny access. If you want to get some of your specific contacts into LinkedIn and expand your account, then perform a manual import using their import process that way you can view exactly which contacts will be imported and that way it’s a one-time shot and your account is never exposed. It’s also important to keep in mind that none of us ever has a total grasp on who is in our entire address book – so this is also a great way to avoid having certain people included in your “automated invite process,” that you wouldn’t want to be included. I won’t go into detail, but let’s just say that not all of us may want our ex-spouses, ex-bosses, or our parole officers to be included. When was the last time you de-duplicated and reviewed your address book to clean it up?
  • Make sure you are using security software such as that from Symantec or similar vendor and ideally you should also be using a firewall both at home and at work – we recommend Sonicwall but there are other vendors on the market and this acts to protect all online activity that flows into/out of your location through a physical device built specifically for this purpose. Trust me, it’s worth the added cost and not having one will come back to haunt you plus if you have kids at home, you get the added security features such as content filtering (this would block sites related to guns, porn and drugs, for example) and you can even add monitoring features as well – plus one good firewall device can protect every machine in the house, even on your wireless network. Also, make sure you subscription is current.
  • We’ve all heard it before, but make sure you use seriously strong passwords and don’t repeat them on different sites – you can use variations of one password and make the other unique enough to provide a good level of protection. Remember that these social network sites get hacked a lot as they are a huge target for hackers – a most recent LinkedIn hack is documented here from last year.
  • Keep your operating system and browser(s) updated – this includes plug-ins that we’ve come to consider as standard or mandatory such as Adobe Flash, Java, Silverlight and Acrobat – those are all important plug-ins to make sure are updated frequently.
  • Change your password often – everyone forgets this, but do it – once per quarter at a minimum. Also, monitoring te tech news to be aware of recent hacks and breaches will also help you to act quickly when they occur.

There’s no magic here, it’s just a matter of being smart and aware in this crazy age of pseudo-automation and social networking. Yes, it’s always easier to click “Yes” when asked to allow access, but it’s rarely ever the correct move to make.