Earlier this month, LinkedIn killed a controversial feature called "Intro," which embedded LinkedIn profiles into emails received by iPhone users. While LinkedIn defended the feature, it ultimately disabled it after drawing criticism from some security experts who were worried it could open up users to hackers.
While LinkedIn dropped Intro before it could cause problems, it's equally important for users to take control and understand their privacy and security settings in order to make smart decisions about what information to share, which links to click, and what features to opt-in to.
Here's a look at five steps you can take to be safer and smarter in using LinkedIn.
1. Enable two-step verification
To help protect your account against hackers, LinkedIn lets you opt-in to two-step verification. This security method uses both your account password plus a numeric code sent to your mobile device to protect against unauthorized access.
To turn on this feature, navigate to your Privacy & Settings page. You can find this by clicking the drop-down menu below the profile picture in the top-right corner. (You might be asked to submit your login credentials.) Click the Account tab and select "Manage security settings." Then, click "Turn On" under the "Two-step verification" section, enter your mobile phone number and click "Send Code." Once you receive the code, enter it into the box to sign in.
[Get noticed by recruiters and land your next gig. Read 10 Top LinkedIn Tips And Tricks.]
While two-step verification is the most secure measure you can use on your account, it requires a new code each time you sign into LinkedIn from a device the website doesn't recognize. If you choose to disable it, LinkedIn will forget all previously recognized devices and you'll only need your username and password to sign in.
2. Opt into secure browsing
HTTPS is a web browser protocol that lets you peruse websites securely. While certain parts of LinkedIn use a secure connection -- such as your sign-in page, advertising tools, and payment pages -- LinkedIn is working on making this the default setting across its website. In the meantime, you can turn on this feature for all of LinkedIn yourself.
Start by navigating to your Settings page. Click the Account tab, then click "Manage security settings." Check the box that says "A secure connection will be used when you are browsing LinkedIn." and click "Save changes."
LinkedIn recommends that you turn this feature on if you visit it regularly from WiFi hotspots at libraries, cafes, or airports, for example. Note that as it works on making this a default setting, there may be certain parts of its site that include content from third parties that may not support HTTPS. You may see warnings or notifications on these pages. You can turn this feature off at any time.
3. Disable activity broadcasts
Whenever you update your profile, LinkedIn broadcasts this activity to your connections. If you're beginning a new job hunt and don't want your current employer to see your latest activities, LinkedIn lets you mute your activity broadcasts so your changes are kept private.
To turn off your LinkedIn activity broadcasts, go to your Privacy & Settings page. Click "Turn on/off your activity broadcasts." This option is found in the Profile tab at the bottom. Then uncheck the box.
4. Browse LinkedIn anonymously
If you're looking for a new job, know this: Every time you browse a LinkedIn member's profile, that person receives an alert with details about who's looking. How much information the person sees about you -- whether it's a vague description such as "IT manager at Microsoft" or your name -- is up to you.
If you prefer to remain anonymous, change this setting. Navigate to your Privacy & Settings page and click "Select what others see when you've viewed their profile," under the Privacy Controls subhead in the Profile tab.
You can choose to have your name and headline displayed, agree to anonymous profile characteristics such as industry and title, or choose to remain completely anonymous. When you've made your selection, click Save changes.
5. Recognize fraudulent emails
Spam and phishing emails are common, LinkedIn said, which is why it's important to recognize them. Here's what LinkedIn said you should look out for:
- LinkedIn won't ask for your sensitive personal or financial information via email.
- All valid LinkedIn messages will contain a security footer.
- LinkedIn will not ask you to open an email attachment or install a software update.
- Legitimate messages will not contain bad spelling or grammar.
- Emails will not contain a threat. For example: "Your account will be deleted unless you act right away."
- Links in emails will always direct you back to LinkedIn. Hover over a link with your cursor to see where it's going before you click.
The NSA leak showed that one rogue insider can do massive damage. Here are three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)