If you’re a cleared professional you’re likely feeling a little bit vulnerable right now. After all, in the past week you’ve discovered your entire personal life is now being memorized by some private in the Chinese cyber Army and that the Office of Personnel Management (OPM) database wasn’t even encrypting social security numbers for the past, oh, decade or so. To make matters even more inexplicable, it’s standard practice at the OPM to contract IT and records management to foreign contractors.
Professionals with active federal security clearance have a mandate to be paranoid and practice good OPSEC. We’re supposed to be on guard for potential risks, from acts of espionage (unlikely), to spear phishing attacks (very likely). It’s a good time to audit your presence online, and consider if you’re being safe with what you share.
The only career site with end-to-end HTTPS
Sometimes, data is stolen not from a database but pulled directly from the stream of information flowing to and from your computer or phone. ClearanceJobs.com is the only career site that employs end-to-end HTTPS traffic encryption, the same security that major banks use. This helps ensure that nobody can “listen” to your data being transmitted. HTTPS is so important that Google now rewards websites that use end-to-end HTTPS traffic encryption with higher search rankings. It’s kind of a big deal.
“The security of cleared professionals is always top of our minds” said Evan Lesser, Founder and Managing Director of ClearanceJobs.com. “In mid-2014, we deployed full, end-to-end HTTPS for employers and candidates using our site. Since 2002, every employer requesting access to ClearanceJobs.com has been manually screened by our staff to ensure suitability. As always, employers must be US-based, authorized government contracting companies, Federal agencies, or recognized search firms. All recruiters must be US citizens, and we have never allowed employer access to ClearanceJobs from outside the 50 US states.”
While broad sharing of user information is the stated aim of LinkedIn, Facebook, and Twitter, user data on ClearanceJobs.com stays on ClearanceJobs.com. Lesser states, “Ours is a closed network and we’ll never share user data with other sites. When you Google your name, you’ll never see a ClearanceJobs.com listing, and that’s intentional on our part.”
Taking critical steps for better data security
In the days since the OPM hack, Federal CIO Tony Scott has been in a whirlwind effort, launching a ‘cybersecurity sprint‘ to update government databases. He rightly noted that no site is ‘hack-proof.’ But there are absolutely steps that websites can take to keep data secure.
On ClearanceJobs.com, cleared professionals know that we don’t collect social security numbers or SF-86 information, and never will. Most websites don’t encrypt key user data, but ClearanceJobs does. We encrypt, salt, and hash usernames, passwords, and email addresses. It’s a bit extreme, but worth the effort and expense.
When breaches like OPM’s happen, our staff feels your pain, and understands the sensitivity of the data lost. After all, ClearanceJobs employees are U.S. citizens – several of whom are current clearance holders, or individuals who have previously held an active U.S. security clearance.
In the wake of the breach of OPM’s government databases, cleared professionals have good reason to be cautious. Online activity is critical to job hunting and maintaining your career. But cleared professionals would be wise wise to consider where they’re posting their information, who manages that information, and if it’s safe.
