Case Study: Securing External Data Privacy Protects Accounting Firm Talent from HR Poaching

Challenge:

• Aborted spin off of several business units alerted competitors to instability
• Competitor HR, headhunters, staffing agencies began poaching top talent
• Roughly 20% of workforce departed over a 6 month period
• Productivity, morale, and profitability among remaining workforce suffered
  
  

Solution:

• Free External Data Privacy Audit
• Employee Risk Management scoring
• Licenses for affected & vulnerable key employees provisioned and activated
• Poach Defense & Executive Protection deployed

Results:

• Visibility into risks attained – Privacy Risk Scores calculated
• Employee privacy risk tolerances imposed across organization
• External data systematically scrubbed from data brokers and other sources
• Compliance with new risk tolerance thresholds achieved
• HR Poaching solicitations dramatically curbed
• Staffing levels returned to historic norms
• Productivity, profitability and morale improved

Customer: US-Based Professional Services Firm providing tax accounting, tax law, asset management and financial strategies to midmarket to enterprise-level organizations.

Challenge: In April of 2021, [REDACTED] prepared to shift its primary business activity toward a focus on its accountancy and financial services.  The customer was working to finalize contract negotiations for the planned sale of its tax law and asset management units to another professional services company.  The announcement of the sale had been released to industry media.  In the eleventh hour, the negotiations fell apart and the customer rescinded its offer of sale.

Nearly immediately, staffing agencies and private executive headhunters launched a relentless campaign of solicitation aimed at the customer’s mid-level management and executive teams across regional offices and even within the global headquarters offices.  The resulting drain on talent impaired the customer’s ability to quickly recover from the damaged market perception that followed the failed split.  Productivity, morale, and profitability suffered as the customer struggled to stanch the outflow of talent and backfill critical roles quickly enough.  At the height of the poaching frenzy, the customer suffered a loss of roughly one in five employees in critical roles.

Internal HR leadership met with C-suite executives to determine how the poachers had been so successful in strategically targeting critical employees.  Their most immediate goal was to stop the bleeding.  The assembled group worked to reverse-engineer the strategy used by the staffing agencies to steal key elements of the customer’s workforce.  HR leadership explained some of the tactics they’d been forced to use in the ongoing fight for talent in the tight labor market.  They identified leveraging data broker sites to find individuals with a specific, in-demand job title.  Then scrubbing public information on competitors’ corporate websites and even scouring social sites like LinkedIn and Facebook to develop highly tailored pitches and job offers to specific candidates. 

It became clear that the customer needed to make it more difficult for staffing agencies, headhunters and other HR departments to find out who was in their employ and how to contact their workforce.

Solution: The customer engaged Privacy Bee for Business to deploy a series of privacy solutions focused on improved management of external data.  Privacy Bee for Business demonstrated to the customer how greater than 90% of their executive and middle managers were exposed to poaching, phishing and doxxing.  The personal data of a very high proportion of their best human resources was exposed across scores of data broker sites and hundreds of people search sites.  As a result, these critical resources were easily targeted by talent scouts, headhunters, staffing firms and others.

Privacy Bee recommended engaging the Poach Defense and Executive Protection elements of the Privacy Bee for Business platform.  These external data privacy management services mapped the most common brokers known to sell this data to recruiters. Poach Defense service also identified where the customer’s employees’ unsecured external data appeared on the internet.  Privacy Bee teams then scrubbed this data, making it more difficult for tenacious recruiters to find and use to solicit.

The customer also took advantage of external data audits and other diagnostic scanning functions – many of which are provided free of charge to customers – designed to assess risk and improve digital hygiene.  The External Data Privacy Audit functions delivered an analytics report on the aggregate privacy risks the customer organization faced based on hundreds of available data points found in the scans of the Dark Web and Clear Web.   Employee Risk Management tools delivered real-time, dashboard visibility into the external data privacy risk profiles of all the critical employees the customer identified as high value to the organization.

Results: Within the first several weeks of the engagement, the customer was able to gain a data-driven perspective of the risks and vulnerabilities they were exposed to with respect to unsecured external data.  A Privacy Risk Score was calculated for each individual employee and the customer established thresholds and tolerances for exposure levels. 

Within a few short months, as the Privacy Bee team worked to remove the unsecured external data from the newly identified sources, the Privacy Risk Scores of mission-critical employees began to fall into acceptable tolerances.  The volume of inbound solicitations from headhunters, staffing agencies and other HR poachers dropped precipitously.  The customer’s HR department was able to decrease sourcing cycle times and back fill open positions, training in new employees to replace those lost to poaching.  The headcount returned to the levels at parity with headcount before the failed spin off of business units and worker productivity and morale improved too.

As an unintended consequence of this sequence of events, the customer learned a good deal more about the contemporary threat to cyber and information security posed by unsecured external data and poor external data management.  They subsequently engaged most of the Privacy Bee for Business platform to ensure their entire enterprise is protected from end-to-end.