Episode 24: LinkedIn Profile Security for Bankers

Jack Hubbard  00:01

I've had the privilege of being in and around banking for more than 50 years. Lots of changes during that time. We've gone from Ledger's to laptops, typewriters to technology. One thing, however, remains the same. Banking is a people business. And I'll be talking with those people that make banking great here on Jack Rants With Modern Bankers. 

Hello, everybody, Jack Rants with Modern Bankers here, Jack Hubbard, and along with my good friend and partner, Brynne Tillman. Hi Brynne!

Brynne Tillman  00:37

Hi, Jack, I'm looking forward to ranting with you today.

Jack Hubbard  00:41

Well, it's an important subject. And people often say, Well, what hat are you going to wear today?  And today, I'm not wearing any because the subject is pretty serious. Here's this deal. a student came up to me at graduate school of banking and basically said her CEO would not allow any of their bankers to use LinkedIn at the bank. And his reasoning is because of security related issues. 

So today, we're going to talk about security on LinkedIn. And it's a really important topic, and you're very, very good at this topic, Brynne. So let's dive into this. Talk first, about security on LinkedIn, and how safe the platform really is.

Brynne Tillman  01:22

Yeah, that's a great question and especially for bankers, and more and more banks, obviously, are now opening up LinkedIn, but it was years and years that they wouldn't allow their bankers and then eventually, they said, “Okay, you can use it on your personal computer.” But now most banks have opened up and they realize that this is a critical tool for business development and recruitment, and so many other reasons but security is really important and how secure LinkedIn is, is really how secure your bankers make it. There are absolutely things that we can do to make sure that all the platforms that we use are more secure and we're gonna go through some of the things today to do that. 

Here's the big thing, I think, Jack, is that banks need to have this part of their employee handbook, on you know, how to use LinkedIn and other social media tools. This needs to be part of the fabric of who they are, you know, I would bet when email was launched, everyone was really, really worried about using email. And you know, now they even test right , they'll test if you click on bad emails, right? They have the IT department out there, making sure that everyone is secure. Email is essential to doing business well, so is LinkedIn now. And so it's up to the bank really, in what they do to make this secure, because LinkedIn does have the tools to do that.

Jack Hubbard  03:01

Let's start with the basics. If I joined LinkedIn, other things bankers don't realize is that LinkedIn is sort of like any tool like Microsoft that you pull out of the box and input on your computer. There are a lot of default settings that LinkedIn says, Okay, here's what you're going to get when we start on LinkedIn. But there are a lot of things that people should be doing to customize how they're using LinkedIn and since we're talking about security today, Brynne. The first one is so powerful, and it's two step verification, and a lot of people don't even know you can do this on LinkedIn, number one, and even if they wouldn't know how to get there, talk about two step verification.

Brynne Tillman  03:48

Yeah, well, actually, let's just talk for a second about how to get there. So when you are on your LinkedIn profile, there is a little me icon at the top right. When you click on that, you'll see settings and privacy. When you get to settings and privacy, you're going to see all of the things like sign in and security visibility, data privacy. Spend some time looking through that, right, like that's really, really important but sign in insecurity is where you're going to find two step verification on the bottom. Two Step Verification is simply this. If someone logs in, including you, you will get either an email or a text based on what you choose with a code that you need to enter in order to get into the profile. Why is this critically important? 

Well, there are password breaches, there just are breaches and you know one of the things side note that you can do is when you change your email password for your bank, change your LinkedIn password so that you keep that changing all the time, because that makes sense but if someone does breach your password, they can't get into your account without that code. So turn on that two step verification, mine goes to mobile, but you can decide where you want that to go.

Jack Hubbard  05:20

And is it true? And I'm asking because this happened to me. Is it true that if somebody's trying to get into your LinkedIn account, you'll be notified of a code that you're supposed to put in? And that happened to me? So I was able, because I have two step verification, to say, no, not so much and I went in and I changed my password. So you're notified with your two step verification?

Brynne Tillman  05:48

Yeah, even when you log in, you're gonna get that code, right. So it's great. And you cannot access your LinkedIn profile without that code. And if you have to change the password, then go ahead and do that but I've gotten that without my permission before. And that's right, you go, first thing you do is go change your password.

Jack Hubbard  06:11

Yeah, it happens. It happens. And LinkedIn has done everything possible to make its platform safe. It has every reason to do that. Both from a revenue perspective and a reputational risk perspective, there are 950 million people around the world on LinkedIn, the last thing they want is all kinds of reputational risks and challenges around that. Well, you mentioned a keyword, and that's profile. And there are a lot of fake profiles out there. Brynne, I'm curious, maybe next week, we ought to take a real good dive into fake profiles, because you have real good expertise there.

Brynne Tillman  06:51

Yeah, I mean, the fake profiles are dangerous from the perspective of if you connect with them, they now have access to a lot on your account. I had a situation where I connected. I don't know, it was definitely a fake profile. And I don't know if it was a competition. I don't know if it was hackers but what happened is they started connecting with my connections, letting them know that I gave them permission to do it when I didn’t and what ended up happening and I found out because they were inviting these folks to a local event. 

And they actually connected with my finish exchange student, who, although still had Philadelphia on her LinkedIn profile was now back in Helsinki and she replied to me, like, “Yeah, I'd love to see you but I don't think I can make this event.” And I'm like, I didn't invite anyone to this but when I went into my Sales Navigator, I actually saw all these invitations. So they were working in my Sales Navigator, it was bizarre. So that was the hack. I just conflated two things. So one was they went out, I got hacked once, and they were in my Sales Navigator. So that was bad. That was pre two step verification. 

The second time, I just put two stories together. The second time, they were just inviting all of my connections, and I didn't even know that was happening. So this is why I'm so adamant about settings and privacy, because I've had this truly affect me before. And so whatever it is that you do, make sure you're not connecting with people that have fake profiles and you're right, I think that's a great idea. Jack. Next week, let's deep dive in how to spot a fake profile. 

Jack Hubbard  09:00

Oh, awesome! Well, one of the reasons that sometimes we have to record these things is that we both travel quite a lot. So not always summer live. So we're, you know, recorded but we access LinkedIn from remote sites and it could be hotels, when I was at graduate school banking, conference center, etc. There is an option to sign out of all these remote sessions and you know what, Brynne I forget to do it. Why should we do it? And how do we do it?

Brynne Tillman  09:38

Yeah, so there you it's interesting if you go into your settings, and in that same sign in and security there is. I think it's third from the top is where you're signed in and this is going to give you active sessions. Now it's interesting. Absolutely where you're signed in can be affected by mobile, if you're somewhere else, and you signed in to your mobile, and it's going to a different server. So there are some times I'll look and go, boy, I wasn't, you know, I didn't have my laptop there but I did have my mobile there. So that if you sign out of that, it may not have been a risk, it could have been you but there are a lot of times that I'll use LinkedIn as a sign in platform. 

So it'll say, for example, we're on a restream and sometimes it'll say, sign into restream. With your LinkedIn profile, it comes up and you see the LinkedIn logo and the restream logo and you allow it, well, you are now logged into your LinkedIn with that third party app that will also come up here. So there are a lot of times where you may do that, and you only wanted access one time, but they're still logged into your LinkedIn profile in that third party app. 

So when you go to this active sessions area, you can actually end the active session with one click of a button and you can delete sessions as well. It may log you out of your desktop. So make sure before you do that you do know your password, because you may have to log back in.

Jack Hubbard  11:27

Yes. And I'll give you a great example, I just went to what you suggested, because I don't think to do this, and many of us don't. So I've been logged into five different sessions, and one of them two months ago was near Frankfurt, Germany. So I'm gonna log out of that one. And it's a really, really good catch to every once in a while go in and do that it's so easy to do this. Let's talk about another subject, we get so many spam invitations, let me tell you about one I got today, I won't tell you the name because it could be a real person. It's a female. She's a founder, investment partner, medical aesthetician, a sociologist, and an angel investor. She only has 65 connections. And she went to the University of Cambridge, allegedly. So she's been following me for a couple of weeks and wanted to reach out to connect. I don't know what her location is. And she has no connections to anybody that I'm connected to. So we don't have any joint connections that I'm aware of. To me, that is a spam invitation. There are tons of these going on. Brynne, how is this happening?

Brynne Tillman  12:55

Well, I mean, that one's an easy one. And when we talk about fake profiles, we'll really be able to drill down on that even more. But I think the bigger issue is automation. So what she's doing is she found you, she wants to sell to you or spam you, or whatever that might be that we can, you know, I mean, that's where we can control not connecting with people. And there are definitely options to communicate before connecting as well but what's most interesting is if she has 65 connections, and she's not in banking, why she decided to go after you? Very interesting but she did. It's the automation, they have these fake profiles that are connecting with hundreds and 1000s of connections. And it's really hard to and we'll go through it, but it's hard to identify if they're real or not. So yeah, it's a problem. And there's you know, even real people spamming is a problem. So these people's spamming is even bigger.

Jack Hubbard  14:11

Oh, no, that's for sure. And when we talk about fake profiles, I'll tell you a couple of stories about something where a banker just ignored a profile that was real, and it turned out to be a pretty sad story for the banker. Just because you don't know someone doesn't mean you shouldn't connect with him. But you do have to, as we're going to talk about in the next program, do a lot of due diligence. As you know, I always tell lenders, if you're going to make a loan, you really need to do a lot of due diligence. And I don't think it's any different on LinkedIn, because once it's in your cadre of profiles, you know, you forget about them, and they could be doing a lot of things to you and you don't even know them. Well wrap this up Brynne by asking about what you kind of talked about a little bit about Privacy and Settings. But are there others that bankers should definitely know about? That they should be kind of taking a look at?

Brynne Tillman  15:16

I mean, there are a ton, I would just say go through all of your Privacy and Settings, there's account preferences, how you want your location to show up a lot of data privacy, which demographics and all kinds of other things that you can actually control and it also gives you the opportunity to back up your profile there and notifications, not that this is privacy, but it's definitely settings. How do you want to be notified? Who do you want to be notified of, and visibility is another one. So spend some time, you know, when we launch a corporate training, we have a checklist of all the settings that we want them to click through and update, because this is the foundation before anything else, we want to make sure that your settings and privacy are set up for success.

Jack Hubbard  16:17

Yeah, it's measured twice, cut once. And making sure that before you get out there and become very active on LinkedIn, or if you are very active on LinkedIn, and maybe have forgotten the basics, which is which is the settings and privacy. Go back, go back and look at it. It becomes very, very important. Awesome. It was a great program and it was timely. And the reason that we did this was because we wanted to make sure that we acknowledged that a banker said Look, I need a program on this, give me some foundation, give me some basics. And that's what this program is all about. We wanted to make sure that we have a lot of foundational elements in this and to make it very, very practical. So thank you, Brynne. We'll see you next week. And we're going to talk about diving deeply into fake profiles. So make sure you join us next week on Jack Rants with Brynne. 

Outro 17:17

Thanks for joining us for Jack Rants with Brynne brought to you by our good friends at Vertical IQ and RelPro. We're live on LinkedIn every Thursday at noon Eastern time helping bankers turn connections into conversations. 

Don't miss an episode, visit themodernbanker.com/tmbpodcast. Leave us a review if you would. You can also listen to this program and the new Jack Rants with Modern Bankers on Apple podcasts, Spotify, Google Play and I Heart Radio. We're on YouTube as well. Subscribe at https://www.youtube.com/@TheModernBanker. Finally, don't forget, make today and every day a great client day!