July 15, 2019
For anyone who has ever had to go through a job interview via video, you know first hand that there is some awkwardness. Do you use the camera or not? Some candidates report turning on the live camera only to find that the interviewees had not. Then there’s always the chance that a hacker can gain access to the camera as well.
A new report from the BBC found that while there has been an uptick of video interviews, candidates actually find face-to-face interviews less awkward. “Research by the BBC shows that video interviews and screening is rising – used by over half of employers in their recruitment. But staff aren’t so keen – one recent survey showed nearly half (45 percent) aren’t happy with video interviews and most (91 percent) feel face to face is best,” the report said.
The goal of using technology to replace a face-to-face experience should be to create as natural an experience as possible, but video cameras, like many IoT devices, are rife with vulnerabilities that attackers find ways to exploit.
Getting Cozy on Camera
As the workforce grows increasingly remote, though, it is likely that video interviews are not going away, which begs the question, how can employers improve the experience and remove the awkwardness from video interviews?
“It is no surprise employers are increasingly turning to video services to carry out interviews with prospective candidates. The process is much easier than asking candidates to travel long distances for an interview and enables hiring managers, based in different locations, to interview candidates together,” said William MacDonald, chief technology officer at StarLeaf.
Today’s digital world enables enhanced modes of communication, which has – to some extend – eliminated the telephone as a means of interviewing prospective employees. Video interviews have replaced phone calls as employees report they are able to better gauge the actual person in their reactions to questions.
Companies are not only leveraging live video interviews, but they are increasingly asking applicants to record answers on video to questions and then upload those responses. What happens to that data? Is there a plan for storing and deleting it? Organizations that are leveraging video via services like Zoom or asking candidates to share personal responses via video need to have a security plan to mitigate cyber threats.
When Video Responses Fall into the Wrong Hands
If businesses are going to use video-based interviews in their hiring process, they need to make the experience engaging, but the process also needs to be secure, which may not be front of mind from a human resources perspective.
Here’s why silos need to be broken down when it comes to security: According to security researcher Jonathan Leitschuh, there’s a serious zero day vulnerability in the Zoom video conferencing app for Macs, which can allow any website to open up a video-enabled call on a Mac with the Zoom app installed. “The flaw potentially exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business,” Leitschuh wrote.
The Zoom vulnerability serves as a reminder that organizations alike should never overlook physical security, according to Lamar Bailey, senior director of security research at Tripwire. “The little adhesive camera covers available by the dozens at every computer conference or for a couple dollars on Amazon are a much better solution than relying on software to do the right thing. We install so many apps these days it is hard to keep up with the permissions they require and what they turn on by default on upgrades and reinstalls. A physical barrier is far superior.
“The same holds true for all assets. Everything should have the least common privilege. If a system does not need access to the internet then it should be blocked and any non-required services should be disabled. If you can airgap parts of the network, then do so. IoT devices should be segregated on different segments or vlans whenever possible. The more access a system or network has, the more susceptible it is to breach.”
Ensuring a Better and More Secure Experience
In an age when data security is such an important issue, it is simply unacceptable to ask a candidate to download an application or visit a website – for the purposes of a video interview – that may leave them open to security risks. Security can not be trumped by convenience.
“Whether interview candidates are recording and then sharing video responses, or being interviewed live on a video conferencing call, it is the responsibility of the prospective employer to provide a secure and reliable platform that does not introduce any vulnerabilities into interviewees’ personal hardware,” MacDonald said.
To learn more about emerging trends, innovations, technologies and information critical to security, sign up for our complimentary newsletter here.