Cybersecurity for Job Seekers

Some time ago I wrote an article where, in passing, I mentioned that job seekers may have to be concerned about making themselves targets of Internet hackers. I would like to delve deeper into the subject.

There is an inverse relationship between confidentiality and the number of people who know you are looking for a job. The more people who know, the less confidentiality you have. Sadly, that's also true for security. The more places where your resume and personal information can be found, the less security you have.

One would hope, and would like to assume, that the major job boards - Indeed, ZipRecruiter, Monster, LinkedIn, etc. - are safe. They (presumably) protect your information. But when a job seeker becomes nervous, desperate even, they may become sloppy. There are all sorts of job boards popping up. They offer recruiters the use of their sites for free. Of course, it is always free for job seekers to post their information online. Just one thing: Some sites must be compromised (it's only logical) and some sites are, no doubt, for nefarious purposes.

Why, I can hear you asking, should some hacker on the other side of the planet care about me? Simple. You are an accountant. No offense, you are a nobody who has worked for unknown employers. But you are good at what you do. You stay a good number of years with your employers and you advance. The bad guys see that and they figure you might one day end up at a major accounting firm. So, unbeknownst to you, one of them has connected with you on LinkedIn or is following you. They have a Premium account so, even if you are not first-degree connections, they will be able to message you. And when they see that you are now working for a Big Three accounting firm, they email you or send you a message on LinkedIn, congratulating you on your new position. Totally innocent. No attachment. So, being polite, you thank them. Now the fun starts for them, and the nightmare for you.

The next email is an article they think will interest you. It looks like a great article. It appears to have been published by a reputable journal. It's a link to a PDF, not a website, or so you think. Everything seems to be alright so you click on the file, open it up, and it's a good article. You read it. You find that it has valuable information. And, by the way, you just infected your new employer's network with malware.

Here's another scenario: To add to your problems, you need a job and are nervous and anxious. That makes you a great target. Someone finds you on a social media platform, or gets your email, and sends you a link to a great job. You click on the link and if you thought you had problems before, now you really have problems.

One other thing: Your home network could make you vulnerable. Are your computer and printer connected by a cable? Good. A wi-fi network? Your printer could be an entry point for a cyber attack. And what about all those doodads in your house that make up the Internet of Things? Each one can cause you misery.

One last piece of advice, don't post your resume on any site without verifying its authenticity. Google it. Find out where its headquarters are. If you can't, don't post there. If it turns out they are not a US registered company, don't post there. If they are a US registered company, but are new to the business, be cautious. And don't take advice on cybersecurity from a career counselor. Turn to an expert. There are many things to do to protect yourself. Learn them!

In that spirit, I now turn the podium over to Peter Fidler, president of WCA Technologies and a recognized expert on cybersecurity, to do some educating.

“To augment what was stated above, it is really important to protect your identity. Bruce has highlighted some simple steps you can take; I would like to add to that. One, protect your passwords to any of these sites. Two, use unique passwords for each of the sites. Three, make sure the site you are on is really the website you are meant to be on and that there isn’t a spelling error. The most important thing is really to pause and make sure that the email attachment or the website link is real. You can do this by hovering over the email address or website link to verify. Finally, going back to what Bruce mentioned about LinkedIn accounts, keep in mind that, according to Check Point Research, phishing attacks aimed at stealing LinkedIn account credentials surged during the first quarter of 2022. Don't be a victim!”

ARE YOU AN EXPERT IN YOUR FIELD? THEN I INVITE YOU TO BE A GUEST ON MY PODCAST, BRUCE HURWITZ PRESENTS: MEET THE EXPERTS. FOR COMPLETE DETAILS, TO APPLY AND TO SCHEDULE AN INTERVIEW VISIT: https://hsstaffing.com/video-podcast

------------------------------------------

Future Articles:

• Body Language
• Reference Checking
• Overdoing Social Media
• Woke at Work
• Separate but Unequal
• Revenge vs. Retaliation
• Schrodinger's Cat and Job Search Stress
• The Uncertainty Principle and the Job Search Paradox
• Ghosting Recruiters
• Being an Effective Speaker