Preparing for “fake HR”: combating HR fraud and dark-side technology

There is a small percentage of rogue players who are capable of considerable disruption, and HR must deal with new cybercrime and deviant behaviour across HR processes and technologies, writes Rob Scott

At a recent AHRI (Australian HR Institute) event I got caught in an interesting discussion with a small group of attendees who were debating how HR leaders should be thinking about “Fake HR” – a play on the fake news/cyber-crime endemic and whether modern HR and other technologies could help prevent it or promote it.

We concluded that recruitment processes in particular, have been a traditional and obvious place of deceit (embellished CVs, fake degrees, and more recently stand-in’s for pre-recorded video interviews and even lip-syncing your way through a live online interview).

On the flip side, the group noted how new technologies like blockchain, facial recognition, voice and speech tone assessment, gesture recognition and written assessment tools could be very useful in highlighting or preventing fraudulent and deviant behaviour.

But it did get me thinking that there is a strong likelihood that powerful technologies in the wrong hands could be used across more than just recruitment to essentially commit fraudulent HR activities and even industrial espionage.

“The advent of AI and machine-learning-based technologies is providing would-be rouge applicants and employees with new opportunities to be disruptive”

Things like “deep fake” – using specialist machine learning tools which create highly realistic fake videos and pictures could be used undermine or blackmail a CEO, a colleague or a manager who gives a poor performance review. AI bots could be doing your online compliance training, or even manipulating internal gamification initiatives (such as wellness programmes) by faking how many steps are recorded on your Fitbit. Another example is using Google-type glasses to fake a psychometric evaluation for promotion to make you look like the next Jack Welch and even fake-voice calls to HR to approve a salary adjustment.

As HR professionals we build checks and balances into our key processes and systems to identify and prevent deviant behaviour, but it’s likely we will need far more sophisticated approaches and tools to be effective against technology that is fast becoming commoditised, easily accessible and cheap.

The other stark reality is this is not science fiction anymore. This year at Defcon27 (the top open hacking conference) they ran a conference thread called ‘AI in hacking’. If this is happening in an open conference, then you can rest assured that the dark hacking community is way ahead.

I reached out to my good friend Lyle Cooper who keeps a close watch on the dark side of technology. He reminded me that even technologies such as blockchain touted as “safe” are flawed. All blockchain really does is prevent a record from being changed, it does not mean that the record itself is true. So, if one can create fictitious credentials on an internal machine and have them published to the blockchain then they will be totally trusted fake qualifications!

“Even though new digital technologies such as blockchain which are regarded as ‘safe’, are susceptible to fraudulent activity”

And while hacking HR systems is not that enticing for serious hackers, the ability to get into current HR systems and change data without trace is quite low on the complexity scale.

Once again HR needs to take ownership of this emerging space and not shy away from tackling something foreign. Working closely with IT, cybersecurity and analytic teams to rethink HR processes in the modern digital age will become the new ‘normal’. AI tools specifically for HR security and deviant behaviour identification will mature, making it easier to counter AI and machine learning tools with similar clout. Other AI tools will take a broader monitoring role and seek out employee behaviour and patterns which suggest ulterior motive.

And while most applicants and employees are honest people, the small percentage of rogue players are capable of considerable disruption for HR and the broader organisation.

3 key insights for HR: preparing for dark side technology

  • The advent of AI and machine-learning-based technologies is providing would-be rouge applicants and employees with new opportunities to be disruptive
  • Even though new digital technologies such as blockchain which are regarded as ‘safe’, are susceptible to fraudulent activity.
  • HR leaders must take ownership of dealing with new cybercrime and deviant behaviour across HR processes and technologies.

Image source: Depositphotos