Digitalization and rapid technological development creates constantly new possibilities for developing virtual encounters. While developing new concepts for these virtual encounters it should be essential that also the aspect of information security is taken into consideration.
Such writers as Michael Whitman & Herbert Mattord (2014), and John Vacca (2013) all define information security to be the protection of three critical characteristics of information; confidentiality (luottamuksellisuus), integrity (eheys) and availability (saatavuus). Meaning only those with proper privileges and well demonstrated need may access the protected information, the state of it is whole, complete, and uncorrupted, and it should be accessible for authorized users without interferences.
The three characteristics mentioned above should be protected by application of common information security policy, technological solutions, training, and awareness programs. These actions should prepare us to protect information, detect threats and react to threats.
What are the threats?
Information security is an important aspect of any recruitment process, and it is in the best interests of both employers and job applicants that the applicants’ personal data is kept as private as possible. Nevertheless if the data would get breached for some reason, the consequences might be extensive. In a worst case scenario breach could enable identity thefts and other forms of misuse of personal data, and hence lead to either financial or reputational harm, if not both.
The job applicants should at least be aware of such threats as breach of privacy (who has access to their information, where it is stored and to whom it could be distributed), common types of malware and the physical environment during online job interviews.
How can the data be protected?
At the end the extent of the consequences of data breach depends on the extent of the shared data. Therefore it would be critically important to consider beforehand which kind of information should be shared; what is relevant regarding the applied position, and what should be said during group or private interviews. As the developed concept is concentrated into group interviews, it would be recommended to go through which kind of personal information should be told during them. Most importantly it would not be advisable to share critical personal information (phone numbers, email addresses, social security numbers etc.) publicly or during group interviews in any case.
Personal information such as CVs, portfolios or other equivalents should be shared privately with the employer or the organizer of the virtual encounter before or after the online interviews. If it’s absolutely necessary to share files while attending to Adobe Connect, Skype for Business or Slack meeting, it would be recommended to use the screen sharing function (AC & Skype) or to create a public link into Dropbox or Google drive file (Slack). Uploading or attaching files directly from the user’s computer might save the files into the memory/history logs of the used application so it should be avoided.
The aspect of physical environment should be considered so that there would be no possibilities for unauthorized persons to hear the job interviews, or see the screen of the applicant’s computer. It is critical to make sure that the location is private meaning no other/unauthorized persons in the room, and any open windows or doors. The environment should be ensured at least the same way it is done while implementing traditional face to face or group interviews, as the developed concept is focusing on group encounters.
Are there any technical solutions for data protection?
The last instruction relates to the fact that by protecting your computer you will also protect your personal information. According to The Finnish Security Committee (2017) at least following technical solutions should be executed to ensure malware free computer:
- Keep operating systems, browsers and plug-ins updated
- Enable firewall at all times
- Use the administrator privileges only when it is absolutely necessary
- Protect the used local area network and use only safe networks that you are familiar with
- Keep the router updated and enable it’s firewall
- Enable reliable protection software
Job applicants can and should take actions to prevent common information security threats from happening, or at least significantly decrease the possibilities by doing so. It is important to be aware of the threats and then apply the above instruction so that the online recruitment environment is kept as safe as possible.
The author Ville Savolainen is a student of security management from Laurea University of Applied Sciences, working on a thesis which studies the information security of virtual encounters.
Turvallisuuskomitea. 2017. Kodin kyberopas. Turvallisuuskomitean sihteeristö. Helsinki
Vacca, J. 2013. Managing Information Security. ProQuest Ebook Central. Elsevier Science.
Whitman, M. 2014. Management of Information Security. 4th Edition. Stamford. Cengage Learning.