Trillium Insights

Thoughts and Insights from Trillium's Practice Leaders

Does Honesty Pay Off?

Does Honesty Pay Off?

A key challenge for candidates looking to land their next opportunity is how to manage concurrent pursuits.   From a candidate’s standpoint, they want to make sure that they do not eliminate an opportunity until they have landed one; this includes candidates faking illnesses or creating other arbitrary conflicts to stall one pursuit while they are pursuing another.   Here are two recent examples: 

1.       A client lost both their two top candidates, because they were waiting to final interview a candidate that had lied about an illness to pursue another opportunity, and their other top candidate landed another opportunity during the wait.  

2.       A candidate was completely transparent with the hiring manager about a second pursuit that they had.  In this instance, the client sped up their hiring process, so that the candidate could evaluate both offers together.  He took the job with our client. In the end, our client raised our candidates offer, because his actions showed his level of integrity.

Which side of the fence would you fall on?

What Caused the Cybersecurity Breach?

What Caused the Cybersecurity Breach?

Over the last 12 months, we have all read news stories about cybersecurity breaches that have occurred at very well-known organizations.  The stories tend to focus on the number of people that are potentially impacted by the breach – a good piece of information to know.  Many of the news stories then talk about a known security vulnerability that the cyber attacker was able to exploit, because the company’s servers were not current with their patching.

When you dig a little deeper, you will likely see that those high-profile organizations have specific policies and standards in place regarding security and patch management.  In most cases, the breakdown occurs because the controls are not in place to ensure adherence to the policies.  Some key questions that should be asked are:

  • What controls (reporting) were in place to notify the Security Officer that the patching was not done?
  • Was the Security Officer notified and no action was taken? 
  • Did the reporting exist, but the server that was exploited was not being tracked? 

For many mid-market companies, the policies and standards are not in place, so their risk is even greater.