A Hiring Managers’ Wish List

Why digital hygiene has become so important for your employees

​Today’s perfect applicant must not only be experienced, personable and innovative, but they must also practice good digital hygiene. An employee who fails to protect company data is an enormous liability: One slip and the reputation of the company can be destroyed.

​Unfortunately, this makes hiring particularly difficult for HR professionals. As the need for digital discretion has increased, the likelihood that a candidate will display it has decreased. More and more people are searching for employment online, which means more and more people are sharing personal information like an email address, a mailing address or a phone number on public forums, exposing themselves to breach or compromise.

​As if this weren’t challenging enough, data security expectations for the employer have also been raised. Many U.S. companies have already felt the pressure of stricter guidelines on personal data. The EU’s rollout of the General Data Protection Regulation (GDPR) on May 25, 2018 means that managing personal data for European citizens, including as job candidates, takes more work. Non-compliance risks a heavy fine, and the regulations are comprehensive.

​As Carol Umhoefer, a data privacy expert at DLA Piper global law firm, pointed out, GDPR “applies to every single phase of the data lifecycle, even before the data exists. It includes notices to candidates before or at the time you collect their data [and it] regulates data use and reuse and what to do with data you don’t need anymore. In some cases, you’ll need to appoint a data protection officer or conduct data impact assessments before processing any data.”

Not only while gathering information but also when contacting applicants, hiring managers must exercise caution. Some have even recommended crafting a GDPR-compliant HR policy so that you can be confident you’re taking sufficient care of sensitive candidate data from the beginning to the end of the process. Additionally, it’s a good idea to conduct communications with an applicant over the phone or in person, as it’s far more secure than email.

​When an applicant arrives for an interview, the hiring manager must evaluate them with data security in mind, as every employee has a role in keeping sensitive information safe. With each candidate, you want to look for evidence that the person already uses discretion with regard to both business and and their own personal data.

​One good way to do this is to tailor your interview questions to hone in on their digital hygiene habits and background with sensitive data. Does this worker have a good history of privacy management with former employers? Have they handled sensitive data in previous jobs? Have they been involved in data breaches in any way? Do they regularly use strong passwords? Do they understand the importance of avoiding the use of public Wi-Fi when working? The right person would both see the importance of these concerns and strive to incorporate such practices into each and every project.

​It’s also worthwhile to run the candidate through a series of hypothetical scenarios in which the need for expediency conflicts with the need for security and ask them what they would do in such a situation. The ideal candidate would be both efficient with tasks and meticulous in handling data – but, when it comes down to it, would prioritize security above all else. If there’s any indication that they’d be willing to cut corners to get the job done, they may not be a great fit for a position in which they’re handling sensitive data.

​And no matter how polished and professional they seem, you should always reach out to their references and ask questions about their digital hygiene habits. While most references will expect to receive questions about a candidate’s work ethic and quality, it’s just as important to ask questions about security. No matter how accomplished a prospective employee may seem, one security slip-up can cost your organization just as much as a low level of productivity or a poor attitude.

​Another good indicator of a candidate’s suitability is their social media accounts. Does this person overshare personal information? Could you easily guess their passwords or security questions from the information they’ve posted? Ideally, you’d want someone who’d know how to effectively promote themselves and their skills through social media without giving away any information that could compromise their own security. If this doesn’t describe them, however, that doesn’t mean you should immediately throw out their application. If the candidate seems open to change and is capable of implementing new digital habits, they may well be worth bringing on.

​Finally, once you’ve selected a candidate, it’s important to train them to detect hacking, skimming and phishing attempts, as the majority of breaches in recent years are the result of such attacks, as well as to handle personal data with the utmost care so as to avoid GDPR noncompliance. Since many data breaches occur through employee actions, intentional or unintentional, choosing capable and ethical staff members is essential to reduce the risk of data loss. Although there’s no guarantee, keeping these questions in mind throughout the interview process will help you find employees who are willing to go above and beyond to preserve online security.