Category: Digital Identity

Managing the employer brand

Over the last two to three months I have spent a lot of time working with people on either their employer or personal brand. These discussions have lead me to believe that most organisations are not thinking about how social media can impact their employer brand. 

Organisations are spending vasts amounts of time and money ensuring that their employer value proposition (EVP) clearly articulates to the workforce benefits that are both emotive (feeling good about working here) and tangible (remuneration, benefits and career development) for current and prospective employees.

Traditionally an EVP reflects the external image that the organisation portrays to the workforce and is reflected in the actions and behaviours of public officers and by company policies, procedures and practices.  In today’s world through social media, blog posts, tweets, and video are controlled by the public and remain in search engine caches for a very long time, if not forever!

I call this new world one of a “socially generated EVP”. And your socially generated EVP is not one you can control or predict in a traditional manner.

Today I read about a survey conducted by Weber Shandwick and the Economist Intelligence Unit which found that while 67% of executives felt their companies reputation was vulnerable online. However less than 40% analysed their own reputation and 70% were either unaware or did not want to admit employees have badmouthed the companies online. The full replort is available (PDF).

This calls for social media governance within the organisation. With social media being a grass roots activity you might question the need for governance. However without a good governance model, your employees and the organisation as a whole, is left open to abuse and potential legal issues. At a minimum, put down some “rules of engagement”, depending on your corporate culture, they can be simple or complex, preferably simple!  Don’t forget that by engaging with your employees as part of the creation process of the governance model can create self-regulation.

 

Background checking as part of your hiring decision

Warning a Michael rant coming.

While regular background checkinf is a standard part of most recruitment processes, using search engines and social networks to background check candidates still seems to be the exception. I find this amazing that a quick 5 minute search online to learn about a candidate is still not part of standard recruitment workflows!  I Google anyone who I am going to meet or speak to for the first time, regardless of who they are.

I first wrote about background checking and search engines over 3 years during a week where I focused on background checking, identity, reputation and Google. Which is why finding the following story is disturbing, sad, and laughable.

A simple Google search could have saved the NSW Government the embarrassment of hiring Labor Party kingpin Joe Scimone, a State Government committee has heard.

This comes from an article today where the NSW Government hired Joe Scimone into a $200k per year role only to have to let him go 3 weeks later once his background came out.  I wonder what that has costs the NSW Government?

Mr Scimone was appointed on January 14, 10 months after he quit his job as a Wollongong City Council manager and almost a year after the Mercury reported he was facing a harassment complaint from a female employee at the council.

Now it seems things have got worse for Mr Scimone.

In February this year, Mr Scimone became embroiled in Wollongong’s corruption scandal. The Independent Commission Against Corruption later found Mr Scimone to be corrupt and recommended that criminal charges be considered against him.

Here are a couple of the news articles I found from back in 2007 that would have easily been uncovered by a simple background search. (I will note it took me 5 minutes to find these as I had to sift through the current documentation.)

  1. Sex harassment claims shock council general manager – 14 Feb 2007
  2. Councillors unaware of Scimone payout

To quote Steve Dunn Chief Executive of the NSW Maritime who hired Joe “Googling does not form part of the public sector recruitment process“. Well maybe it should!

When your social graph breaks

There is a lot of talk these days about social graphs, a newish term used to describe our online social relationships across the myriad of web sites these days. If you are unsure what a social graph is read this description from Jeremiah Owyang.

Another common discussion at the moment is the cross over of all these different social networks and pain they cause. USA Today had a story last week about this with several examples of where people’s different networks collided and too much information was shared across the boundaries.

If you are online you need to manage your social graph and decide up front how you want to manage your different identities. Will you let them merge, do they have to kept separate and what happens if they do merge? Are you concerned about what your online identity will do for your personal brand?

These are all question the think about. Especially given that it is fairly common practice for potential employers to use the internet for background searching on candidates.

Today I read a report that the Australian Industrial Relations Commission “upheld Telstra’s appeal against an earlier ruling that Carlie Streeter be reinstated and paid compensation for being unjustly sacked following the romp last February”. What happened after a Christmas party a few employees stayed in a hotel and she had sex with another male employee while other employees were in the same room. The other employees claimed sexual harassment. It’s more complex than that but I hope you get the picture. This got me thinking where do the boundaries lie online?

It is fairly common for executives to be sacked if they do something that not in the best interests of the company, mainly because they are the public face of an organisation and should be a role model.

But with everyone possibly having a public identity and if public identity is associated with their employers could they also be will also be sacked. We all know of bloggers who have lost their jobs for posting confidential information or lying this is not what I am talking about. I’m talking about the person who posts, clearly outside of work hours, on their Facebook, MySpace or other account that they might of “hooked up” with someone, got drunk on the weekend, or discussed religion or sexuality and loses their jobs. I know that an investigation would be held and it might be found that they were using company time to interact online or some other “excuse” to justify the sacking.

But where will the boundaries lie? Will we all have to become politically correct just to stay employed? Who decides what is appropriate? Will what’s appropriate for a 25 year old entry level employee be the same as a 45 year old mid-level manager?

I don’t have any examples of this so if they are out there I would really like to read them.

Cyber attacks, SaaS, SOA and your business

Over the last month or so Estonia (a small Baltic nation) has been under attack, not a traditional military attack but a cyber attack. The NY Times provides a good run down (via Kim Cameron) of what has been going on.

When Estonian authorities began removing a bronze statue of a World War II-era Soviet soldier from a park in this bustling Baltic seaport last month, they expected violent street protests by Estonians of Russian descent.

They also knew from experience that if there are fights on the street, there are going to be fights on the Internet, said Hillar Aarelaid, the director of Estonia’s Computer Emergency Response Team. After all, for people here the Internet is almost as vital as running water; it is used routinely to vote, file their taxes, and, with their cellphones, to shop or pay for parking.

Hillar thought he was prepared:-

When the first digital intruders slipped into Estonian cyberspace at 10 p.m. on April 26, Mr. Aarelaid figured he was ready. He had erected firewalls around government Web sites, set up extra computer servers and put his staff on call for a busy week.

But.

By April 29, Tallinn’s streets were calm again after two nights of riots caused by the statue’s removal, but Estonia’s electronic Maginot Line was crumbling. In one of the first strikes, a flood of junk messages was thrown at the e-mail server of the Parliament, shutting it down. In another, hackers broke into the Web site of the Reform Party, posting a fake letter of apology from the prime minister, Andrus Ansip, for ordering the removal of the highly symbolic statue.

Essentially Estonia was under full scale attack from a Distributed Denial of Service (DDOS) attack, something that is very hard to defend against and even harder to stop.

By the end of the first week, the Estonians, with the help of authorities in other countries, had become reasonably adept at filtering out malicious data. Still, Mr. Aarelaid knew the worst was yet to come. May 9 was Victory Day, the Russian holiday that marks the Soviet Union’s defeat of Nazi Germany and honors fallen Red Army soldiers. The Internet was rife with plans to mark the occasion by taking down Estonia’s network.

Mr. Aarelaid huddled with security chiefs at the banks, urging them to keep their services running. He was also under orders to protect an important government briefing site. Other sites, like that of the Estonian president, were sacrificed as low priorities.

During the attack one bank has reported losses of around US$1 million dollars, not a huge amount but enough to get the attention of any CEO and Board of Directors. To give you a size of the scale of the attacks the NY Times reported:-

All told, Arbor Networks measured dozens of attacks. The 10 largest assaults blasted streams of 90 megabits of data a second at Estonia’s networks, lasting up to 10 hours each. That is a data load equivalent to downloading the entire Windows XP operating system every six seconds for 10 hours.

This brings me to SaaS and SOA, or Software as a Service and Services Orientated Architecture the next big things in enterprise software. The team in Estonia’s CERT were good, very good but even they were unable to completely protect themselves from such attack.

Some questions to ponder:-

  • What about the company that provides your SaaS payroll, recruitment, CRM or SCM, how would they stand up?
  • As a CIO or IT Manager selecting a vendor to provide services to your organisation are you even thinking of this?
  • As the CTO of a vendor, do you have the ability in house or contact externally to defend yourself?
  • Do the lawyers understand what is going on?
  • What would be the impact to your company if you lost your payroll, recruitment, CRM or SCM systems?

Is privacy a C level concern?

Privacy of your employee and customer data should be one of the top priorities of any board for any organisation. However sometimes C level exec’s are more interested in things right in front of them, like this quarters sales or the new product introduction.

To get them to pay attention you sometimes need to be a bit smart at getting the issue on table. James Governor points to a post by Michelle Dennedy from where she lists 10 tips from Scott McNealy. As Michelle says, I don’t “recommend anyone tries these at home, but they are pretty funny to imagine” the next C level meeting afterwards.

Top 10 Ways to Make Privacy a CEO-Level Concern

10. Show him his daughter’s MySpace page
9. Tell him the external auditors lost his personal data (on a laptop)
8. Install a hum generator in his handset
7. Pre-text his phone list– okay maybe not such a great idea
6. Update his Wikipedia posting
5. Publish his recent Netflix orders (assuming your CEO would be embarrassed)
4. Tell him you lost the corporate archives
3. Re-route his security camera to YouTube
2. Remove sticky notes, with his passwords, from his computer screen
1. Spend $1,000 to do a security check on him

Googling can get you in trouble

(Via Doc Searls, via Cameron Reilly).

An Iranian, Hossien Derakshan, ended up being kicked out of the US because the border patrol officer Googled his name, finds his blog, is not with the content so takes him in for questioning. During the questioning they find a magazine with a NY address and to cut a long story short kick him out. Read the rest!

Interesting given the recent interview I did on background checking, the internet and the public domain.

Googling and society and me :-)

I mentioned a few weeks ago about an interview I did with David Stonehouse for the Sydney Morning Herald, well it was published in Icon last Saturday. The article looks at how technology is changing the way people gain access to information about you that is in the public domain. With so much information now being available online this is becoming more and more of a problem.

One thing to note for my international readers, the privacy legislation here in Australia is very different from that of other countries, especially the US, the article touches on some of these which is great.

My portion, one comment on page 4 which might not sound like a lot, but hey the Sydney Morning Herald is one of the biggest newspapers in Australia and I have never been quoted in it before so this is really cool.

Strangely neither Pubsub nor Technorati picked this up.. but Google News did 🙂

Social reputation and authority

Happened to be browsing Feedburner today and found an interesting post in their blog about a new API. The Feed Awareness API looks very interesting and seems to already have support from some of the feed reader software. The best way to describe it is to quote the Feedburner site.

Feed Awareness describes the extent and frequency with which a publisher’s feed and its content items are consumed, clicked on, and referred to by independent sources (i.e., “syndicated”).

Is it similar to Attention.xml, yes, is it the same no. While the Feed Awareness API tells you how many people have “consumed” the feed, how many people have clicked on each post and how many times it has been referred to it does not cover some of the other pieces of Attention.XML, such as:-

  • Date last updated
  • Social relationships of the author
  • Reading information such as last read time and time to read

Both technologies can help with building the reputation and authority of a specific site/digital identity. This reputation could then be used as an input into the background checking process of a candidate, I know this is a stretch but bear with me. Recruiters are already using search engines to check up on candidates so why not build that into the ATS system? The social reputation provided by your digital identity is a great foundation.