Security by Design: Linkedin

LinkedIn has become the digital lobby where careers are introduced, networks are built, and trust is formed. Yet, one important gap remains: anybody can add a company or organisation to their profile, while that organisation has no direct way to confirm or remove the claim. This means LinkedIn, by design, is not secure.

At first this may look like a minor design gap, yet it can lead to practical challenges. Here are 3 examples:

1. Social engineering made easier

Attackers thrive on credibility. A profile that lists employment at a well-known company instantly gains legitimacy in the eyes of others. With this credibility, fraudsters can approach real employees, customers, or suppliers, planting the seeds for phishing, credential theft, or business email compromise.

2. Reputational damage for organisations

Imagine a disgruntled ex-employee or a complete stranger continuing to list your organisation on their profile. Their words, posts, or behaviour then reflect, at least in the eyes of the public, on that brand. Organisations invest heavily in governance and reputation management, yet they have no control over who attaches themselves to their name in this context.

3. Loss of trust in the platform

As more professionals realise that LinkedIn’s employment history is self-declared and largely unchecked, trust in the platform erodes. Networking depends on authenticity. If the accuracy of profiles cannot be assured, the value of connections and recommendations weakens in time.

So, what can be done?

• Organisations need tools to flag impersonation. LinkedIn should create a reporting mechanism where companies or other organisations can confirm or deny employment claims. This would be a significant step toward strengthening trust.

• Individuals should verify before engaging. Always cross-check a profile through other channels, such as company websites or shared contacts, before sharing sensitive information (better yet, don't share any sensitive info with strangers).

• Security awareness needs to adapt. Just as we teach people to check email headers and web domains, we should also teach them to question LinkedIn connections and employment claims.

Summary: LinkedIn remains a powerful space for opportunity and connection, but we should be mindful of the differences between visibility with verification. Until the platform evolves, organisations and individuals must approach it with the same security mindset applied to any other digital surface. Meanwhile learn from their mistakes and make your digital products secure by design and by default.

Stay Safe! Design smarter and more secure!