At LinkedIn, our members always come first. We take your safety and privacy very seriously. All LinkedIn accounts are already protected by a series of automatic checks that are designed to thwart unauthorized sign-in attempts and keep your data safe. In honor of Data Privacy Day today, an effort to empower and educate people to protect their privacy and control their digital footprint, we wanted to share a few additional steps you can take to protect your account on LinkedIn.
1. Update your Privacy Settings to understand how you’re sharing your information.
In addition to the security features that we’ve built into the site to protect your information, there are some additional privacy settings you can turn on or off, depending on what you want to share, display, and receive. Take a look at your settings today to make sure they are right for how you are using LinkedIn now.
Here are a few of the options you’ll find in your settings:
- Turn on/off your activity broadcasts: If you don’t want your connections to see when you make changes to your profile, follow companies, or recommend connections, uncheck this option.
- Select what others can see when you’ve viewed their profile: When you view other profiles on LinkedIn, those people can see your name, photo, and headline. If you want a higher level of privacy, you can choose to display anonymous profile information, or show up as an anonymous LinkedIn member.
- Select who can see your connections: You can share your connections’ names with your other first-degree connections, or you can make your connections list visible only to you.
- Change your profile photo and visibility: You can choose to have your photo displayed to only your first-degree connections, your network, or everyone who views your profile.
As we’ve mentioned in the past, we are also working on a setting that will allow you to block another member from viewing your profile and will prevent any unwanted contact. We’ve already begun testing this setting.
2. Opt into Two-Step Verification to protect against people who aren’t you from accessing your account.
Two-step verification requires a person to use more than one form of verification to access an account, usually by “knowing something” such as a password and by “having something” such as a mobile device. Two-step verification is a much stronger form of account protection that can greatly reduce identity theft and unauthorized access to sensitive information since most accounts become compromised from new or unknown computers or devices.
LinkedIn offers members the ability to turn on two-step verification for their accounts, which will require an account password and a numeric code sent to your phone via SMS whenever we don’t recognize the new device you’re attempting to sign in from.
3. Opt into Secure Browsing (HTTPS) for extra protection against unauthorized access to your internet activity and to ensure you’re connected to the real LinkedIn website.
A good indicator of a protected connection on a website is a https:// connection. While LinkedIn automatically secures a connection when you are on certain pages that require sensitive information (such as using a credit card), you also have the option to turn on this protected connection when viewing all pages across LinkedIn.
Learn more about turning this feature on in your account. We’re currently working on making this a default setting across LinkedIn.
4. Keep your password up to date to help safeguard your LinkedIn account.
Here are some best practices:
- Change your password every few months
- Don’t use the same password on all the sites you visit
- Don’t use a word from the dictionary
- Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word
- Randomly add capital letters, punctuation or symbols
- Substitute numbers for letters that look similar (for example, substitute “0″ for “o” or “3″ for “E”
- Never give your password to others or write it down
- Sign out of your account after you use a publicly shared computer
5. Watch out for phishing emails and spam emails requesting personal or sensitive information.
Phishing is a common tactic that criminals use to try and steal your information – and your money – so you should always be on the lookout for fraudulent emails.
LinkedIn will never ask for your sensitive personal or financial information via email. To confirm whether a message is really from LinkedIn or not, here are a few things you can look for:
- All valid LinkedIn messages will contain a security footer
- In general, it’s not a good practice to open any attachments or click any links in an email that seems suspicious, or is from a person or company you don’t know
- Here are some indicators which should raise your suspicions that the email claiming to be from LinkedIn is not legitimate:
- The message is telling you to open an email attachment or install a software update. LinkedIn will never ask you to do this.
- The message contains bad spelling and grammar.
- The message contains a threat of some kind. Example: your account will be deleted unless you act right away.
Before clicking on any links within an email, it’s a good idea to move your cursor over the links to see where they’re actually directing you. In the case of an email from LinkedIn, if it’s not directing you back to the LinkedIn website, you can treat the message as a phishing attempt.
To learn more about protecting your LinkedIn account, please visit our Safety Center.