Advertisement
Article main image
Mar 27, 2018

During her opening keynote at the 2018 Spring SourceCon Conference in Las Vegas, Jessica Clark addressed several factors of how social engineering can be used in a recruiting venture to build trust and focus the process forward to help staffing professionals utilize social engineering for best outcomes. Her expertise espouses industry experience in government, law enforcement, and the private sector building threat models to enhance information risk protection programs. These programs help protect business ventures from hackers seeking to social engineer their way into secure areas that if not protected can mean a loss of revenue, assets, and identity theft. Her work is recognized by many, and she had a unique way of opening our eyes to the big picture of social engineering.

She had a gleam in her eye as she walked us through the concepts of social engineering, summing up well the goal of the concept whether for good or for evil purposes: “Getting a Person to do something he or she otherwise would not.” One of the highlights of her presentation was when she shared this video:

So eye opening was it that with a spoofed phone number, and utilizing a crying baby video on YouTube she was able to get the support professional to change the password of her subject, and also access the account in full. Further, she was able to social engineer a change in the password and added herself to the account with a fake social security number. After this, I could see multiple attendees scrambling to update passwords, including myself! Although the situation was a demonstration video of how social engineering can be achieved, it is nevertheless a concept that is important to understand not just for personal reasons but larger real-world business applications.

She had in effect showed us how social engineering could be used to hack something, but then went on to explain the application to recruiting, that when used in the right way, candidates can be given the most solid outcomes. Looking at Maslow’s Hierarchy of Needs she highlighted the importance of understanding human needs in any of our business goals:

  1. Physiological Needs – Food, safety, water, shelter
  2. Security – Income, employment, protection, assets
  3. Social – Community, relationships, belonging
  4. Esteem – Confidence, feelings of self-worth, accomplishment
  5. Self-Actualization – Inner fulfillment

I remember Maslow’s Hierarchy well as a professor in college reminded me that whenever we are working in business, many of the points of that hierarchy will come into play on any given day. Clark showed us how this hierarchy works in the big picture of staffing, and how it can be used either for good or ill purposes. Understanding this, it drew me to my SourceCon presentation on a proactive strategy in talent acquisition and how many social engineering points are essential to the long-term engagement and building trust with candidates long before roles open, but I digress.

As she continued, she was able to focus us on the power of online communities, Facebook, Twitter, groups, etc. These online communities connect a vast amount of people and with it helps us see the big picture of what is necessary to others, and trends. Further, social belonging can be used for ill or for useful purposes, and can also strike campaigns of fake news, and spark action in a vast plethora of outcomes – again for ill or for good. In her presentation to her credit, she reminded us of our responsibility in talent acquisition to use data for the right purposes and to focus ourselves on understanding and reverifying data from several sources. Good point indeed, as even candidates may not be upfront about everything, and verifying the data can save time and money.

She discussed what she referred to as the “power of proximity” or to quote her slide: “Power is a lot like real estate: location, location, location. The closer you are to the source the higher your property value.” proximity can be trust; it can be access to a password, it can be a relationship game changer. Regardless of what it is, social engineering seeks to achieve a measure of trust to gain access, or in a recruiting sense, proximity comes when one builds trust such that a candidate feels your company has a superior career option, thus helping you close them later. For me, that was the value of Clark’s presentation. I see the importance of winning over my candidates and building long-term trust for the long haul.

Clark went on to explain ad targeting on Facebook is geared to many complex algorithms that review demographic trends, friendships, work, groups, etc. The enormous amount of data on Facebook could be a source that helps build trust for again good or ill purposes. Vital it is to check and recheck data. The other day I looked at several ads being explicitly targeted to me by Facebook, no surprise to see a lot of recruiting and HR centric focus points. Which is fine by me. Further, I noticed some product targeting that came explicitly to my focus on movies. Star Wars figures anyone? Have to smile. I think Clark opened our eyes to a lot of areas.

I have to say this was one of the more brilliant presentations and keynotes that hit on a wide variety of points. The focus on social engineering for the right reasons tied to building messaging approaches based on data one observes on social profiles was an essential component that hit home for me. I always try to tailor my messages, but thinking of the big picture as it relates to Maslow’s Hierarchy and social engineering and in essence building personas to target candidate audiences helping them respond better to recruiting focused endeavors I came away with some new ideas I saw in a new light. And there sure is a lot of data out there these days. And data is a sourcing professional’s best friend. Social engineering has many business applications when used correctly, but it is also something to be aware of and protection for those with malignant intent. Let’s make sure as staffing professionals that we enhance our profession by correctly utilizing social engineering and channeling it in the right direction.