Traditionally, employers have relied on prospective hires to provide references, whether by phone or email, to give a perspective on that candidate’s past and applicability; some fields even require criminal background checks. But in today’s world, where so much of our lives are online, that’s changed the game and opened a whole new way for employers to evaluate prospective hires.
We’ve all seen stories about prospective candidates not getting hired or getting job offers rescinded due to missteps on social media – an employer finding inappropriate posts, for instance. It can be confusing for employers to navigate the social media screening process. What do you need to look for? What should you be looking at? Should you even be looking at all?
When it comes to hiring new employees, organizations today can’t overlook social media activity. It’s not just some of the obvious things, like affiliation with distasteful organizations; a new employee’s social media activity can also have implications for your company’s cybersecurity posture as well. Let’s look at what you need to know when it comes to evaluating prospective hires and their social media use – and why.
The Rise of Social Media Screening
In a 2018 survey conducted by CareerBuilder, 70 percent of employers reported that they were using social media to screen candidates before hiring – and more than half said they’d found content that caused them not to hire a candidate. Disqualifying information, according to those surveyed, included everything from inappropriate photos to discriminatory comments or posts about flagrant drug and alcohol use.
And that was about three years ago – social media use has continued to climb, and employers are becoming increasingly aware of the impact an employee’s unsavory social media post could have on their own business’s reputation.
What to Look For
There are the obvious things most employers want to avoid in a new prospect, like racist or otherwise discriminatory posts and criminal or irresponsible behavior. At the same time, you also want to be careful as an employer about not being too quick to disqualify someone based on social media activity. It’s important to do some corroboration as part of your screening and analysis; compare the candidate’s various social media platforms.
Obviously, people can be swayed by what they read on someone’s Twitter account, but you can’t base your hiring decisions solely on a candidate’s social media. You need to make sure that you’re fully compliant in your hiring process.
It goes back to corroboration – apples to apples. You should be aware of your bias if one candidate has more social media accounts or social media activity than another candidate. If you are using social media as part of the process for scoping out new hires and doing screening, it should be done in a fair and balanced way. For instance, you can’t really compare what people write on Twitter, Instagram and Facebook with what’s on LinkedIn. Each platform has its own format and audience, so they can’t all be judged as if they’re equivalent. So, you’ve got to establish some kind of process to be able to judge social accounts with similar weight.
Oversharing as a Potential Security Risk
It isn’t just inappropriate types of posts you want to look for, however. The reality is that an employee’s social media use can also have cybersecurity ramifications for a company. The increase in remote work and the blend of corporate and home networks has made this problem worse, especially as many employees can now access corporate assets via personal networks or devices – which opens up a new conduit for bad actors.
We all have those connections on social media who overshare – the virtual social butterflies with 2,000+ friends who provide an ongoing and running update on everything they are doing, everywhere they are going, every personal problem they’re having. Unbeknownst to many, this kind of oversharing can open you up to the risk of spear phishing and similar attacks. Essentially, that’s because the more information an attacker can piece together about you, the more likely they’ll be able to create a realistic-seeming email or text that you will engage with.
How does this tie back to the employer evaluating a potential employee? Well, from your perspective, a habitual over-sharer is at a higher risk for phishing attempts, which then puts your company at risk. And while this shouldn’t be a primary reason to disqualify a potential job candidate, it is something you should be aware of. A situation like this underscores the importance of having a strong corporate social media policy in place, one that all employees are trained on and held responsible for upholding.
Finding the Balance
Organizational leaders also have to consider and carefully weigh issues of privacy when it comes to social media policies, and make sure these policies don’t overstep boundaries. For a social media policy to be successful, there needs to be buy-in from both the organization and its employees. Both sides must understand and appreciate that their actions can have consequences, and it’s important to underscore that corporate security is also personal security. For instance, if an employee adds more privacy settings to their social media profiles, that will ultimately benefit them and the company by reducing the digital footprint and thereby decreasing the chance of compromise or exploitation.
An employee who posts everything publicly is not just putting the corporation at risk but it’s also putting their own information at risk for everything from financial exposure to phishing or even catfishing schemes. Organizational leaders need to more clearly make the connection between corporate and personal security understood in order to successfully implement a social media policy without making employees feel they are being intruded upon. Explaining the personal benefits employees will gain from a more secure social media presence and making it less about a “Big Brother is watching” type of thing will go a long way. Monitoring must only be conducted to achieve the objective and employers must always be transparent, in order to show employees – if requested – what is being monitored and what logs/records are being kept. This is the only way to build trust with employees and continue to get their buy-in and cooperation.
Staying Socially Safe
We live in a time when one wrong tweet can get your organization or one of your executives in hot water. But an additional concern about social media is the possible cyber risk a new employee brings to the organization. Today’s hiring process must include an audit of candidates’ social media presence. But that audit must take into account the fact that not all people use social media and that some over-use it. As part of a well-constructed social media policy, create a policy that measures social media use as fairly as possible. That doesn’t mean restricting employees’ social media use or monitoring it “Big Brother” style, but rather, enabling them to use it in a way that’s safe for them and the organization. This will help reduce both organizational and personal risk from spear phishing and other attacks.
Darren Millar is senior vice president, operations, at PiiQ Media.