Peter Hack is the Business Development Manager for Mirus IT. With more than 8 years of IT industry experience under his belt, as well as his time spent developing solutions for the recruitment sector, he’s well-versed in the tech requirements for the demanding and data-centric recruitment sector.
Here, Peter covers the many threats of data leakage affecting the recruitment industry and the steps recruiters can take to tackle them.
Nothing dictates the running of the modern business more than its data, and few sectors manage more data daily than the recruitment industry.
Yet while data is integral to the running of any modern business, it’s also fragile and potentially volatile; breaches are a very real, ever-present threat, and the fallout from these devastates companies and clients alike.
The high staff turnover of the recruitment industry, plus the large volume of personal data handled, means it’s especially vulnerable to some specific, often unrecognised threats. Here, we detail the most pressing – and how best to overcome them.
Any new recruiters joining your organisation should be subject to the same privileges and restrictions – with access to only to the folders and servers they require access to. Naturally, you’ll want to avoid global shares of all client and candidate data, both within your operating system and within your recruitment database, if possible. This is one of the most integral steps in your security setup and shouldn’t require any paid software solutions.
Long working hours, and the need for swift responses to client requests, make Bring-Your-Own-Device policies increasingly popular for recruiters. Staff that request access to work documents via their phone or personal device will first need managing via a strict BYOD policy. This will protect their data and devices from theft, using a combination of passwords and Multi-Factor Authentication.
A ‘sandbox’ environment for your company’s private data helps to separate it from the personal data on your employee’s device – and means it can be safely deleted if an employee leaves the company.
Both Microsoft Exchange and Office 365 allow for ‘Litigation Holding’. This option can be configured at an admin level and prevents users from permanently deleting all their emails, or a designated amount of content. While Litigation Holding is technically designed to secure emails in the event of any legal requirements, there’s little to stop you from using it as a backup for sensitive data. A similar option is an In-Place Hold, which is set up similarly, but adds a filter that allows you to specify and retain certain kinds of email.
This option allows you to retain any sent or received emails and review them if you suspect any personal or sensitive data is in danger of being shared. However, be aware this is not a replacement for true email backup, and deleted emails are significantly harder to retrieve through this system.
With the transfer of data increasingly facilitated with virtual solutions such as the cloud, the need for USB storage is waning for all but the most specific file types and situations.
USB sticks can increase the chance of data theft, loss or infection, so it’s wise to disable the USB feature on all desktops and laptops. In the instance that USB access is required, this can be reapplied, but it’s recommended to judge these uses on an individual basis and – if necessary – log reports on that user’s activity.
Internet Content Filtering
The wealth of cloud data services available make it easier to share files over the internet - which also makes it easier for data to be copied and stored outside of an organisation. A commercial content filtering solution coupled with strict firewall rules can forbid access to any unapproved websites. For extra contingency, you might consider further restrictions on private emails and social networking sites.
Much like email archiving or USB usage reports, a Managed Print solution can audit any and all jobs sent to print devices – including those sent outside working hours. A number of solutions can alert admins to any unexpected or suspicious print activity, whilst keeping a virtual paper-trail of all print jobs sent to the device.
Any employee that considers leaving the company – and intends to take classified data when they do – would begin scouring drives and files for the sensitive data. With Security Logs configured, any failed or unexpected access to these files is detected and flagged. Enabling security logs is easy; trawling the logs for anomalies, however, is not. The best solution is to enable real-time alerts for any failed access attempts – so you can catch these efforts as they occur.
Many voicemail solutions arrive with a manufacturer’s default password – which organisations will want to change at the earliest opportunity. Not having a unique voicemail password (or worse yet, relying on the manufacturer’s default) makes it easier for staff, external sources or even the voicemail provider to retrieve your company messages – a major threat to the privacy of colleagues and clients.
While physical tape backups are increasingly rare – and surpassed by the multiple alternative available – that doesn’t make your cloud or off-site solutions completely invulnerable to threats.
It’s a common misconception that cloud storage is a protective solution data. This is something of a half-truth, as while it creates duplicates of all your sensitive information, it also requires protection of its own. For your cloud storage solutions, you’ll want to ensure all data is encrypted in transit – a reputable cloud solution will take care of this for you while removing the need for any physical copies of data.
It’s also worth noting that Office 365 - quite surprisingly - has no dedicated backup solution for your Office files. A SaaS Protection Solution is therefore imperative for the safety of all documents created in Word, Excel or any other Office 365 software.
The recruitment industry is subject to high staff turnover, so a stringent leaver’s policy is integral. If a consultant leaves your company, then IT support staff will need to ensure the following:
• That the leaver’s inbound emails are forwarded to the next most appropriate consultant, so client
and candidate requests are processed properly
• That the leaver’s Windows and Office 365 login credentials are changed or delisted
• That the leaver’s database login credentials are changed or delisted
• That common passwords for job-boards are changed
• Passwords for any voicemails devices are changed
• Passwords for remotely accessible storage devices are changed
• Emails are archived for future reference
• Access to the company premises is revoked
With the wealth of security threats in the recruitment sector, it pays to take a proactive approach to your data – and this begins with your company’s IT infrastructure. A monthly review of your access rights and security logs, conducted by your IT administrator, comes highly recommended.
For anything else, get in touch with Mirus. Our Free IT Health Check ensures that your infrastructure is fine-tuned for performance and protection, with software and solutions to help you manage everything mentioned here.
The MTeam are able to assist our clients within the Recruitment sector transform their IT into a truly powerful, secure and GDPR compliant part of their business strategy.
Is Your Recruiting Within Regulations? GDPR still a 4 letter word?
Our free eBook, GDPR Assistance for Recruiters, explores the lesser-known terminology of GDPR legislations, as well as the principles that keep your clients protected from lost or mishandled data.