Online recruiting faces a security crisis
Tuesday, February 12th, 2008Back in August 2007, job board giant Monster.com was hit by a major security breach. Hackers used a legitimate employer account and password to steal names, addresses, phone numbers, and email addresses from 1.3 million job seekers who used the site. The information was later used to send out “phishing” emails, which used Monster’s brand to gather financial information from victims. Information was stolen not only from Monster, but also from those of USAJobs, a federal employment service which used Monster’s databases. This brought to light the problem of security for online recruiters and job hunters alike, and companies like Monster are struggling to keep up with the demand for a more secure method of storing user information.
Online recruiting is becoming more and more popular, with large companies paying a premium for job postings and access to resumes from sites like Monster.com and CareerBuilder.com. Companies are estimated to have spent nearly $6 billion on online job postings last year, and in 2005, approximately 51% of new hires were found online. That number is expected to grow. With the continued expansion of online recruiting efforts, employers and job seekers are looking for some assurances that security will improve.
Monster.com responded to the hack (albeit slowly) by issuing a letter to users explaining their plans for beefing up security. “Monster has formed a Security Task Force made up of senior management from the Monster organization. The task force is committed to develop infrastructure advances that will further enhance the security of our customers and services.” These infrastructure advances could include any number of efforts, including monitoring activity on their website in real time to “catch” any thieves in the act.
It seems this may not be enough for job seekers, who have lost their trust in online job boards. In a recent interview with HR Magazine, a recruiting firm exec says, “They’re no longer putting their information out there, so [it’s] a waste of time.” Until companies like Monster and Careerbuilder get serious about limiting who can access user information, recruiters and job hunters alike are looking towards alternative models for connecting job hunters with relevant postings.
One promising company is Job Central National Labor Exchange, which was created by a consortium of employers called DirectEmployers. DirectEmployers aims “to improve labor market efficiency through the sharing of best practices, research, and the development of new technology.” Companies using Job Central pay a flat fee of $15,000 annually for job postings, and they carefully screen to make sure that all the employers and opportunities are legitimate. The site uses no advertising, as ads can lead users to dowloading spyware or other malicious software. Best of all, Job Central uses a Google application called Base which allows listings to be gathered from employers sites and linked through jobcentral.com. This means that job hunters are sent directly to the employer to apply for the job, and no personal information is stored on Job Central’s servers.
Another solution to this security problem is being pioneered by Jobs2Web, which is an optimization strategy for companies who want their job listings to show up at the top of search engine results. They want to put the traditional job board out of business by making a company’s recruitment website more visible to the average job seeker. As their website explains, “Our career site optimization solution will optimize your open jobs and make sure they can be found on major search engines like Google, Yahoo and MSN as well as free job posting locations.”
As Monster’s apology letter points out, “Every Internet site in the world is facing the growing issue of fraudulent usage of information,” and it seems that hackers have so far had an easy time targeting job boards. Their relative lack of security and their vast amounts of user information make them a juicy target indeed. More companies will likely suffer the fate of Monster, and more job seekers will likely reach out to alternative job boards like Job Central. Until job boards get serious about security, beware of unsolicited emails from your favorite site asking for your bank account information.
By Haley January Eckels
