Safeguarding Commercially Sensitive Information 

Client and candidate data count among the recruitment sector’s most valuable assets. These assets are also valuable to others, and the industry is facing specific threats. These threats come not only from the outside, but inside too.    

As well as coping with the dramatic increase in cyber-attacks on UK business the sector is known for its high staff turnover. Leavers may feel a sense of entitlement over information they’ve helped to build, unaware that it’s a criminal offence to take it with them.  

A former recruitment consultant was prosecuted for taking client records to her new job and paid a heavy price. While the consultant’s former employer was not prosecuted for failing to take reasonable precautions against the theft, the GDPR now places greater onus on businesses to safeguard personal information: Lessons for recruitment and staffing companies as GDPR looms.      

IT Lab’s three-pronged approach to the GDPR: legal, cybersecurity and IT is helping your sector to meet these challenges. Aside from the spectre of eye-watering fines frequently quoted in adverts for GDPR services, there are other factors at play.

As Warren Buffett observed: It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.”  

The consequences of inadequate or outdated security measures may not be confined to financial pain. In a crowded sector, an increasingly privacy-savvy market can choose to vote with their feet. 

Download our eBook: How to Protect Sensitive Recruitment Data.  

How Can Recruitment Companies Protect Their data?

Recruitment businesses commonly use a variety of systems and applications day-to-day. Having visibility over who is using what – and whether they should be - can be an ongoing challenge. Clearly it’s vital that ex-employees can no longer access sensitive information. Changing passwords every time someone leaves can be tedious, and there’s always the risk that some apps will be overlooked.

Identity and Access Management tools are straightforward and cost-effective to implement and run. All devices are catalogued and viewed on a dashboard, enabling IT personnel to manage access to both on-premise and cloud applications.

The user-experience is enhanced with single-sign on (SSO) which allows them to login to different systems with one set of credentials. SSO affords another elegant simplicity: one point of disablement means that access can be switched off wholesale.      

But what about before the employee leaves? What if - prior to handing in their notice - they start  syphoning off your records? The recruitment consultant who landed in the dock emailed the contact details of over 100 clients to her personal email address. How could this have been prevented?

Detecting unusual activity is key to good cyber-hygiene. IT Lab’s Security Operations Centre monitors client systems 24/7/365. We can detect and notify you of suspicious events or irregular employee activity.

We can also provide you with the right tools such as Data Loss Prevention (DLP), Security Information and Event Management (SIEM), 2FA (Two-Factor Authentication) and Identity and Access Management (IDAM). Importantly, we'll also ensure they're correctly configured and that the output is meaningful and proactively acted on. 

A combination of the best technologies and human intelligence will give you peace of mind and ensure your recruitment data is protected. To explore how we can help safeguard your information, please click here to contact us

 

Written by Michael Bateman