If the Shoe Fits: Security, LinkedIn and You
Post from: MAPpingCompanySuccess
A Friday series exploring Startups and the people who make them go. Read all If the Shoe Fits posts here
When you sign up for an online service are you entitled to assume a reasonable level of data security?
If so, what is reasonable?
Most of us expect a much higher level of security from our bank than we do from our social network.
However, most of us do expect basic security efforts from our social networks—especially the ones that have been around for a while, are long past the startup stage and have plenty of money—like LinkedIn.
What has surprised customers and security experts alike is that a company that collects and profits from vast amounts of data had taken a bare-bones approach to protecting it. The breach highlights a disturbing truth about LinkedIn’s computer security: there isn’t much.
It was a (relative) snap to steal the 6 million plus passwords, since LinkedIn didn’t bother with any kind of password encryption.
You might say that the kind of data supplied to LinkedIn isn’t sensitive in the same way as financial data, but I would disagree.
There is enough biographical data to spoof identity or provide a trail of breadcrumbs to seriously sensitive information, such as social security numbers, health data and bank accounts, if someone knows what they’re doing.
But that’s not all.
LinkedIn mobile app subscribers may be surprised to learn that the calendar entries on their iPhones or iPads— which may include details about meeting locations, participants, dial-in information, passwords and sensitive meeting notes — are transmitted back to LinkedIn’s servers without their knowledge.
Just think what could happen if those meeting notes included a startup’s secret sauce or the details of a term sheet.
Most people have a good sense of what is unreasonable security-wise, but it usually surfaces only after a breech.
What do you think?
What’s reasonable?
What do your users want?
What do you owe them?
Option Sanity™
Come visit Option Sanity for an easy-to-understand, simple-to-implement stock allocation system. It’s so easy a CEO can do it.
Warning.
Do not attempt to use Option Sanity™ without a strong commitment to business planning, financial controls, honesty, ethics, and “doing the right thing.”
Use only as directed.
Users of Option Sanity may experience sudden increases in team cohesion and worker satisfaction. In cases where team productivity, retention and company success is greater than typical, expect media interest and invitations as keynote speaker.
Flickr image credit: HikingArtist
