Resumes provide employers with plenty of personal information, sometimes too much. Many job applicants include vital information like Social Security numbers, driver's license numbers and dates of birth. This makes it crucial for employers to take security measures to protect the identities and personal information of both job applicants and employees. Some companies do nothing more than store resumes in cardboard boxes in unlocked storage closets.
Exposing Personal Information When Resume Writing
If you have applied for a job in the past 10 years, you may be at risk for identity theft, especially if you provided any sensitive personal information. Even if you didn't get the job, many companies keep executive resumes on file where any employee can access the information. Even worse, with today's online applications, e-mailed resumes, and electronic storage, identity thieves don't even have to work for a company to get this information. A corrupt recruiter or computer hacker can hijack resumes electronically. Criminal rings have even posted fake job listings to capture the sensitive data of applicants.
Many companies don't take the necessary safeguards to protect the information provided on resumes, and most companies don't inform applicants about security practices before requesting resumes. The down economy has worked to make this situation even worse, as desperate job hunters hand over information they normally wouldn't in hopes of getting a job.
The good news is that employers now recognize the importance of protecting this sensitive data. Security breaches lead to lawsuits. In addition, job applicants can also take their own security safeguards when writing resumes.
Unsecured Data Stolen from Executive Resumes
Even employment agencies with applicant tracking systems (ATS) designed to protect job applications and executive resumes often leave data open to theft to anyone walking by an unsecured computer or due to stolen laptops or lost, stolen, or misplaced USB drives. Small companies are less likely to have security measures in place while large companies are more likely to mishandle sensitive data, leading to the capture of the Social Security numbers and other personal information of applicants and employees.
Is ATS at Fault?
Forrester Research found in a recent study that more than 62 percent of the 200 the companies surveyed experienced a security breach due to insecure ATS software in the previous 12 months. Most of these breaches were due to a SQL injection attack. A computer hacker can use a Web site's online form to get control of a database in a SQL injection attack. While there are security measures to block these attacks, hackers are never far behind in finding new ways to get into these databases.
Or Is It a Handling Problem?
Technology is definitely part of the problem, but even the world's best software won't protect the sensitive data of job applicants if employers are reckless in handling this information. With a protocol that is too relaxed, any employee within a company can gain access to executive resumes simply by looking on the right computer or getting into the right database to learn the social security number, driver's license number, date of birth, and other vital data of applicants and employees.
What's the Solution?
Companies need to realize what exactly the confidential data on executive resumes is, where it goes and how it gets there (e-mailed, regular mail, interoffice delivery, and so on), and how to prevent this information from getting to the wrong people and/or leaving the company altogether. Some big-name software companies like Symantec now have the technology to offer solutions to the problem of mishandled data provided by applicants through resume writing. This software searches the entire network of a company looking for sensitive data, including on USB drives attached to computers. It can block this data from leaving the company's network and will identify potential hackers or negligent employees. However, this advanced software will only help if the company a job seeker applies to have this software and uses it as recommended.
Unlike online ecommerce websites that have strict security practices that make buying online safe for consumers who want to purchase by credit card, few employers take precautions to protect the sensitive data contained on executive resumes or employee records. When undertaking the process of resume writing, the best advice is to keep your personal information private by not including it on executive resumes.
Matthew Rothenberg is editor-in-chief for TheLadders.com, a company offering resume writing advice, especially for executive resumes.