Before I hire you I’ll need the keys to your home…

March 27, 2012 by · 1 Comment

I wouldn’t believe it if I didn’t read multiple stories talking about employers asking prospective employees to hand over their Facebook passwords during job interviews.  This is simply outrageous yet I can see how those who have been looking for work for over a year may feel compelled to provide their credentials or lose an opportunity for employment.  This really ranks as a big thumbs down for employers who are engaged in this behavior.

Now, I’ll be the first to say that publicly accessible information in a digital world is fair game.  If you allow pictures of your pot smoking adventures or previous dime-store stealing expertise to be available to anyone on the Internet then you can’t complain when that public information ruins your chance of getting a job.  If you’ve been bashing an employer on public forums using your real name, I would think that an interviewer can fairly question you about it.  The thing is, what you decide to make public on the Internet is part of your global resume available for any potential employer to view.  You can’t cry foul.

That said, asking a potential candidate to turn over their user ID and password so you can view something intended to be private is beyond the pale.  That is no different than invading a candidate’s home, snooping through their medicine cabinet and snatching their diary from under the mattress in order to read their “private” thoughts before making a hiring decision. This isn’t an episode of House, right?

Let’s take this a step further.  Do potential employers have a right to access information related to friends and family who aren’t applying for a job?  A request for Facebook credentials gives access not just to information a candidate has deemed private but also allows them to pry into the private information of friends and acquaintances.  Insanity anyone?

The potential for abuse here is enormous.  While it is fair for any employer to do as extensive a background check as they feel is necessary to vet potential employees (criminal, financial, public records, internet search, etc.), it is not appropriate to invade into areas that someone has explicitly chosen not to expose publicly as part of the hiring process.

 

Photo credit:  ntwowe at freedigitalphotos.net

Filed Under: Ethics · Tagged With: , ,

New Dog…. Old Tricks

September 17, 2011 by · Leave a Comment

Funny how the anonymous nature of the Internet continues to mock us all.   Back on September 8th, a fake FBI profile was distributed via Twitter as shown in a recent post on Naked Security – Fake FBI Anonymous psychological profile – a lesson to all Internet users.

It takes me back to an old New Yorker cartoon that ran when the Internet was still an infant.  Enjoying the nostalgia.

Creative Commons License - Ben Larson

 

 

 

 

 

 

 

 

 

Photo credit:  Ben Larson

Filed Under: Awareness and Education, Should Have Known Better · Tagged With: ,

Social Networking – “Loose Tweets Sink Fleets”

October 26, 2009 by · Leave a Comment

Social networking has enhanced collaboration for many companies but it creates a risk of employees sharing intellectual property or other strategically important company information with outsiders.  This certainly places an increased burden on strategically aligned CSO’s who must balance the need for security with business goals and objectives.

The Global State of Information Security survey produced by Price-Waterhouse-Coopers in conjunction with CIO magazine, demonstrated a growing concern over the risks associated with social networking.  While monitoring technologies can help within the company borders, access to social networking sites such as Facebook, Twitter, and Myspace fall clearly outside the watchful eye of security technology.

This then becomes a cultural issue tackled primarily with users education and security awareness programs that emphasize that information provided on social networks is in the public domain.

Bill Brenner, Senior Editor with CSO Magazine published the “Seven Deadly Sins of Social Networking Security” back in June of 2009.  Brenner lists these social networking sins as follows:

1.  Over-sharing company activities

2.  Mixing personal with professional

3.  Engaging in Tweet (or Facebook/LinkedIn/Myspace) rage

4.  Believing he/she who dies with the most connections wins

5.  Password sloth

6.  Trigger finger (clicking everything, especially on Facebook)

7.  Endangering yourself and others.

While social media is a fantastic method to share information and collaborate, it’s important to consider the content of what you’re posting to avoid risking your company and more importantly, yourself.   Remember the final 5 tweets of Harold Wigginbottom , Tech-Savvy CEO:

CSO Magazine, May 27, 2009

CSO Magazine, May 27, 2009

Help your employees.  Help yourself.

Filed Under: Awareness and Education, Business and Security · Tagged With: , , , ,