Cyber-attacks are real. Every day businesses are being hit around the globe and the impact is both financially and reputationally damaging. The focus on data security is more crucial than ever. So just because your agency is not Facebook or Google you’re not going to get hit, right? You couldn’t be more wrong.
For the recruitment industry, candidate data is what differentiates a successful recruitment agency or recruiter from those that fail to hit target. Recruitment agencies spend many years building up and nurturing their lists, and therefore they are valuable IP.
Once upon a time this data existed in the filing cabinets that used to flank the walls of a recruiter’s office. Contained in each would be the candidates’ CVs and contact details, as well as client information, on small cards in the ‘hot box’ that was equally as valuable. To get hold of this data – without permission – would necessitate a break-in or an insider job, where a criminal or disgruntled employee steals files or photocopies documents.
These days this data is all stored digitally. It has made the recruitment consultant’s job easier; allowing them to work remotely, access information out of office hours when candidates may prefer to be contacted, and pull up data on a mobile device rather than being tied to a desktop computer.
It has also made it easier for those with malicious intent to access or threaten this valuable IP too. Attacks could come from external or internal threats. Recruitment agencies may be targeted by cybercriminals who know that a ransomware attack would disrupt business so severely that a ransom is likely to be paid. Cyber criminals who understand the value of your data and have potential customers prepared to pay for it. Or an employee, thinking of setting up a recruitment business alone or moving to a competitor, might be tempted to take candidate or client information with them to further their career.
Accessing data illicitly is potentially easier than when it was when locked in a filing cabinet.
Cyber-attacks have evolved at an alarming rate over the past few years and it is an ongoing challenge for your IT support to keep up to speed with the hackers who are after your most precious resource. DATA.
It is not just that recruitment agencies hold significant volumes of data that lure hackers (whether that’s personal data, financial data, Intellectual Property etc.), but by gaining access to your IT systems, which you rely on to run your business, cybercriminals can extort large sums of money through ransomware. Smaller organisations are targeted and at risk because they can provide access to bigger organisations, and often, SMEs have much weaker security.
Companies can be fined if their security is deemed insufficient following a breach, but such incidents not only bring about financial penalties but also cause extreme damage to reputation and future business potential. Add to this the financial damage to a recruitment business that suffers a data breach and is subsequently removed from a PSL.
Ask yourself these 5 questions:
1) How would your candidates feel if your IT systems were hacked and their data was accessed and sold on the dark web?
2) How do you think your clients would feel if their confidential information was leaked? Or got into the wrong hands!
3) You’ve built your business on trust over many years, but this could be destroyed in one cyber incident. How would this impact on your business’ reputation?
4) How would your clients & candidates feel if their IT systems were infected by a virus from your agency’s IT?
5) How would your business survive if as a result of a data breach, or cyber incident, you were removed from a PSL?
It’s no longer a case of if you get hit but when you get hit.
Cybercriminals take advantage of the reliance agencies have in their technology, systems, and data, and the obvious impact this would have on their business operations should an attack be successful.
The most common forms of attack on recruitment agencies include;
Malware is any malicious software intentionally designed to cause damage to a computer, server, client, or computer network.
distributed denial of service (DDoS) attacks
A distributed denial of service (DDOS) attack is a common method hackers use to take down websites, email servers and other services which connect to the Internet. This form of attack may make access to your data inaccessible.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication ie. Via an email message.
Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization.
So how can recruitment agencies that hold the kind of information cybercriminals want to get their sticky virtual hands-on, protect their valuable data?
Simply activate your human firewall and give your staff essential cyber awareness training. Cyber-criminals are masters in the art of deception, the reason that they are so easily able to socially engineer us, is because they use our emotional triggers to make us do things we would not do in our rational mind.
The Layer 8 Hackers’ Perspective Workshop provides your employees with practical and actionable solutions to make them less likely to fall for a social engineering attempt, and your business less likely to have to deal with the consequences! Read more here.