The perks of prioritising candidate data

Sheemal Visun from KJR’s Talent Team reflects on how their partnership with LiveHire has secured and enhanced their candidate process.

Let’s face it – data is a goldmine.

Not surprisingly, this is something many of us in HR might not think about very much. When you’re dealing with the data of dozens of employees each day, it’s not unusual to become a little desensitised to the information at your fingertips.

HR is one of the biggest workplace targets for cybercriminals since we hold some of the most sensitive information on our desktops. It’s up to us to ensure the right policies and processes are in place so employee information is protected. But are we applying the same level of rigour to our candidate information?

Each time a candidate shares their resume, they unintentionally expose themselves by giving their data to unknown corporate figures, to organisations they aren’t familiar with or to potentially unsecure email addresses. Candidates’ data could remain in an employer’s inbox, on their desktop or in a company database potentially vulnerable to a cyberattack.

Consider for a moment the amount of sensitive data in a candidate’s resume – their work history, mobile phone number, maybe even their home address – a jackpot of information, all bundled in a confidential file and sent to hundreds of potential employers. At KJR we typically review 35 candidates for every hire we make – so if you’re making 50 hires a year like us, that could be 1,750+ resumes physically or virtually at risk within your organisation.

PageUp, one of Australia’s largest cloud-based recruitment and HR software providers, suffered a malware attack in 2018 that lead to a candidate data breach impacting some of Australia’s most well-known organisations. This is a result of some obvious risks organisations have been taking – in fact, only 57% of CHRO’s reported rolling out employee training addressing cybersecurity awareness in the workplace according to a global study from IBM in 2016. With this lack of safety preparation on a global level, stolen candidate data becomes a higher possibility with each resume sent, as well as its most frequent consequence – identity theft.

A Protected Candidate Experience

The quality of the candidate experience is a priority at KJR and we strive to ensure our candidates feel connected, respected and informed – but is the safety of their personal data something we’re thinking about as much as we should?

We help our clients better understand the robustness of their cybersecurity and data protection frameworks, but the protection of our own candidate data wasn’t something we considered in depth until 2016 when we partnered with LiveHire to manage ou­­­­r Talent Community. LiveHire helped us understand that in order to provide a high-quality candidate experience, it had to be a safe one too.

The LiveHire platform is unique in that it allows candidates to maintain control of their own data. “LiveHire puts the candidate in the box seat, giving them full control of their profile data and their relationship with potential employers. The candidate owns their data, and it is entirely up to them how they share it,” says Tzvia Iljon, Analytics Team Lead at LiveHire.

Giving our candidates more control over how their information is shared and stored has allowed KJR to build a Talent Community based on trust and respect. Combined with our internal security framework and policies, we are working hard to minimise the risk of candidate data being impacted by external threats.

Security + Satisfaction = Success

Data safety is an essential factor in the modern candidate journey and an important consideration for HR and Talent teams.

As talent partner for KJR, I’ve so far received overwhelmingly positive feedback about the security benefits of LiveHire’s Talent Community platform. Since candidates have control of their data, this means they know it’s not disappearing into some corporate void. That immediately frames their relationship with us in terms of mutual benefit, respect, and trust – which is a great place to start.

KJR’s Principal Consultant Sylvia Choa has also identified these benefits, explaining that “compared to having resumes spread across email services or various document management platforms, keeping sensitive data on a secure platform makes it simpler to manage risk (and our compliance) in regard to potential privacy breaches.”

When executing this however, it isn’t enough to just rely on your external provider. “Despite the use of an external system to keep our candidate data secure, it’s still important that we look at our internal policies to ensure we’re keeping data safe – for both our candidates as well as our actual employees.” Sylvia explains, “we aren’t outsourcing risk – it’s still up to us to be satisfied that our partners are providing a service that meets our security needs.”

You can certainly rely on experts and partners to provide services that help eliminate any gaps and flaws in the system. But it’s up to you to make sure the services being given converge with the policies and risks you set – whether it’s gap analysis, meeting industry security standards, or securing candidate data.

What emphasis does your organisation place on candidates’ data security? Or when was the last time you reviewed your data practices and policies or cybersecurity risk?

As a technology-focused strategic advisory firm, KJR offers cybersecurity reviews and employee awareness training to help organisations reach a solid foundation for quality cybersecurity practices. Contact KJR to find out more | 1300 854 063

And if you want to experience KJR’s Talent Community for yourself (and are interested in working at KJR), join us here.