Just Stop Asking – Identity Theft Meets Your ATS

Steve Gifford ATS, Audacious Ideas, Bad HR, Current Affairs, HR Technology, Steve Gifford

Does anyone want to be Equifax right now? Home Depot? The Office of Personnel Management? Or anyone else involved in identity theft news stories?

No? Then fix your applicant tracking system.

I wasn’t as successful as FOT Alumna Meredith Soleau at running my own business, so I’ve been applying to jobs again recently. Lots of jobs. And holy cow, the process hasn’t gotten any better since the last time I did that, a few years ago!  As something of an outsider these days, it’s a wonder anyone ever applies for a job.  Real talk: as an unemployed, nearly-forty father of two, there were still many, many jobs that I passed on because the application process was pretty painful.

In my journey, I did run into a new breed of ATS: the ATS that thinks it’s a bank. Seriously. So, without further ado here are:

Steve Gifford‘s Rules for Making Sure You Attract Talent and Avoid Identity Theft

  1. For every single step of your Applicant Tracking process, ask: Is this critical to the talent experience? If not, take it out. I know that this means more work for you, but do you really want to select for the people who are desperate enough to fill out tedious bureaucratic forms?
  2. YOUR APPLICANTS ARE ONLY GOING TO APPLY FOR ONE JOB. Check your data if you don’t believe me. There is no reason in the world to have a logon process. They won’t be back in six months, and even if they are, they won’t remember their passwords. Stop doing it. Because:
  3. Your ATS logins are a threat. To your company. Really. Because there are large, well respected applicant tracking systems out there asking for my mother’s maiden name, street I grew up on, first pet, etc. You know, all the things my bank asks for in a login.
  4. Even if you’re not, let’s face it: our passwords don’t change much from one login to another. If a hacker can access your candidate’s passwords for the ATS, and match the candidate’s email address up with some other piece of data floating out in the world, life gets hard for you. Quickly.

Folks, consider the information that your ATS is asking. Maybe you host it, maybe your vendor does. Either way, it’s probably pretty hack-able when compared to Equifax. Imagine the hacker who already has my SSN and date of birth from another hack, and now, THANKS TO YOUR ATS, has my security questions as well.  I assure you, you don’t want to be a Director of Recruiting in the first organization that’s an accomplice to this kind of identity theft.

Guys, we know this from employee files. If you don’t want the information misused, don’t collect it. Stop making candidates login to your systems to apply for jobs. You’re slowing down the process, not adding any value, and potentially exposing your company to some seriously bad identity theft headlines.


Follow Steve Gifford @BaghdadMBA