Q&A: data-driven challenges faced by the recruitment sector and the solutions to solving them
February 18, 2021
The digital era in which we now live, combined with the Coronavirus-triggered worldwide switch to working from home, means more of us are online than ever before.
While this has pushed lots of organisations, recruitment agencies included, to seek more-effective management tools and move their existing processes into the 21st century literally overnight, it has unfortunately made the risk of data protection compromises and cyber-security attacks ever more prevalent.
For some recruiters, the pandemic has given them the chance to take a step back and review their current data management handling. However, for others, having to suddenly change the way they’ve always worked may have inadvertently opened them up to being more susceptible to data breaches.
In this special Q&A blog, our Commercial Account Manager, Jo Donnelly, who spent 20 years within the recruitment industry before joining the
Q Associates team, discusses some of the most pressing data management issues facing the recruitment sector right now and how they can be addressed.
Q: What are key challenges faced by the recruitment sector when it comes to managing data?
A: Unfortunately, the recruitment sector is a prime target for cyber criminals due to the very nature of the work involved.
From the way data is handled, to all of the many different ways contact is made with both customers and candidates – there’s a wealth of information handling involved via multiple channels. This includes CVs that are full of personal data, including home addresses, email addresses, telephone numbers, as well as passports, driving licences, birth certificates and bank details, the list goes on…
Email has long been the most vital business tool for recruitment teams which, as essential as it may be, comes with a plethora of cyber-security risks, such as:
Malware – is designed to intentionally damage systems, servers, equipment and so forth. This includes email accounts, which are one of the most important day-to-day business tools used throughout the entire recruitment sector, as well as professionals across many other industries.
Phishing – due to the fact the vast majority of recruiters’ work is conducted via email, they’re easy targets for email phishing scams. All it takes is for one convincing-looking email with a malicious link to bring down an entire business, in seconds.
Ransomware – this spreads fast through phishing emails or infected websites and can have a devastating effect on an individual or company until a ransom is paid to the cyber criminals. Given the nature of the sensitive data held by recruitment agencies, particularly about candidates and their personal details, ransomware poses a significant risk. (For more on this, watch our video, ‘Ransomware Protection from Rubrik.’)
Distributed Denial of Service (DDoS) attacks – is a method that’s used to bring down entire websites, email servers and other services that are connected to the internet. These attacks can render your data inaccessible which, for recruiters, is incredibly damaging. Without all of their essential tools – their website, their candidates and employer files, online job posting and application portals, their operations would grind to a halt.
Q: What are the main reasons for these challenges?
A: It’s believed that around 90% of cyber-attacks are down to human error*; the moment you let something in and it’s in your network, it’s very difficult to reverse that action.
Data breaches can happen when you least expect it – the second a consultant clicks on something they’re not supposed to and don’t realise it until it’s too late. For example, simply clicking on a malicious link within a phishing email (that doesn’t look malicious or like a phishing email) can give hackers instant access to your internal systems. And once they’re in, they’re in.
Unfortunately, pandemic-induced working from home has also seen more-and-more companies fall victim to cyber-attacks. According to research carried out by internet service provider, Beaming, businesses faced a 20% increase in cyber security threats last year compared to 2019. UK companies each faced 686,961 attempts on average to breach their online systems in 2020, which equates to an attempted attack every 46 seconds.
The solution? Ideally, entire networks need to be fully secured, from the edge and internally. And everybody, company-wide, needs to be aware of the risks and receive appropriate training and equipment to ensure they don’t become the next cyber-attack statistic.
Q: What are the consequences of recruiters not being more mindful about how they’re managing their data?
A: From an operational perspective, falling victim to a cyber-attack can literally grind an entire agency to a halt at the blink of an eye.
As for specific data breaches, there can be both short and long-term repercussions – hefty fines, negative publicity and a bad reputation that can be difficult to shake off, and court cases. In some circumstances, it can result in somebody losing their job, or even worse, the entire company closing down.
Q: What can recruiters do to make sure they are doing things right?
A: First and foremost, it’s essential all recruitment agencies are fully aware of the UK General Data Protection Regulation (UK GDPR), which came into force in 2018. All organisations that handle data have a duty to comply with this legislation, which is enforced by the Information Commissioner’s Office (ICO). The GDPR and other laws that follow in its footsteps, are changing the face of data management.
In addition, conducting compliance and quality audits and penetration testing is a highly effective way of identifying any network vulnerabilities and providing companies with an action plan of weaknesses in need of addressing. Staff awareness training is also key to making sure everybody fully understands the importance of robust data management and their role in helping make it happen.
Q: Are there any IT solutions that can help recruiters protect their systems and data?
A: Yes, there are several. They include:
- Regular software and systems updates – patch management is crucial and therefore must be well managed. Not updating patches can leave businesses wide open to threats.
- Disaster recovery and business continuity plans – are key to ensuring contingency plans are in place should access to data, CRM systems and customer contact details become compromised or lost.
- Penetration testing (as mentioned above)
- EndPoint protection for mobiles, devices, laptops etc – it’s essential you have a clear picture of all of the devices that are linked to your network, especially with so many people working from home at present.
- Data backups
- Control access to systems
- Wi-Fi security
- Staff logins and passwords
Cyber-security and data protection aren’t new challenges that recruitment agencies have to think about. But this doesn’t make them any less important. Rapidly-evolving technological advancements combined with greater reliance on working remotely and online means all companies, not just recruiters, are at risk, if they allow themselves to be.
At Q Associates, we can help you determine the right solution for your business’ needs, budget and objectives.
We understand that every customer’s circumstances are different. Drawing on our independent knowledge, our goal is always to present the IT solutions that best suit your unique requirements, and provide the insights you need to confidently make the best technology choices for your organisation.
For more information or to discuss how our range of networking and security services can help protect your agency from the threat of cyber-attacks or data breaches, contact us today on 01635 248181 or email firstname.lastname@example.org.
If you’re planning on moving away from your legacy system in favour of a more secure and up-to-date IT infrastructure, this article, ‘Ready to upgrade your legacy system? Here’s what you need to know’ discusses all of those fundamental things you need to consider first.