Let’s talk about Cyber Security: 5 things your recruitment agency needs to know
A cyber attack can clearly be disastrous to a recruitment agency’s reputation, not only damaging existing client and candidate relationships about the safety of confidential data but detrimental to an agency’s ability to be seen positively by new relationships that are carefully built.
In today’s environment security threats are more prevalent - it’s no longer a case of what if you get attacked, but rather of when it might happen.
Cyber attackers take advantage of the reliance businesses have on their systems and their data and the subsequent impact an attack would have on these. The popular forms of attack include malware, denial of service (DoS) or distributed denial of service (DDoS) attacks, phishing, ransomware or attacks driven by downloads. But, ransomware has particularly started proving highly effective for hackers and cyber criminals. According to a survey, around 54% of the surveyed companies in the UK have recently been attacked by ransomware.
However, despite the threats that cyber-attacks pose, most businesses are still extremely vulnerable to security breaches. Whilst it is hard to be completely safe there is always the opportunity to limit the risk of your agency coming under attack.
Our advice and what should you be aware of to improve prevention of cyber-attacks at your recruitment business:
1. 90% of all cyber-attacks begin with a human weakness.
Most security breaches happen when consultants do something they’re not supposed to, which more often than not is by accident, for example, clicking links within phishing emails which can result in attackers securing access to your internal systems.
Our advice is to educate your team about why information security matters so much and ensure they know about what policies and security protocols you have or are putting in place.
2. 60% of small companies would be out of business within six months of experiencing a cyber attack
SMEs need to be especially cautious due to cyber criminals often seeing these smaller companies as easier targets with lower defences. Last year’s Government Security Breaches Survey noted that around 74% of small organisations had experienced a security breach in the last year.
In some cases, for example ransomware attacks, your system would be made inaccessible and a ransom would be demanded from your business to get access back to your data. Even after paying the ransom it is possible that your IT team may not get the system back which could result in needing to shut it down completely.
Our advice is to invest in cyber insurance. Even if the cyber security insurance premiums are high, they are worth it when compared to the potential loss and damage to your agency.
3. Outdated antivirus, anti-malware software increases risk at your agency
Our advice is to only use the latest versions of antiviruses, anti-malware software, operating systems, internet browsers in your agency. Get into a regular habit and process of ensuring your software is updated – making it more different for cyber criminals.
4. Even with security measures in place, cyber attacker may be able to breach your system
In this instance you will need to understand the impact of such attacks on your data or recruitment business. Accordingly, you’ll need to be able to rewind your system to a point in time before the attack, as fast as humanly possible.
Our advice is to ensure you have a clear and documented disaster recovery plan in place for data protection. This should include ensuring you have regular data backups to reduce the impact of data loss due to a security breach.
5. Most security risks are associated with internet facing systems or devices
Given this is the case, our advice is to limit these - decrease the number of open ports and services. In addition ensure you have firewall tools in place, along with a policy that offers bare minimum privileges to everyone in your enterprise.
Still looking for more advice?
As the sophistication of security attacks continues to rise, security needs to be firmly on your boardroom agenda. However, a significant amount of time and effort is required in order to create a comprehensive disaster recovery plan, fool proof security policies and updating software. This can be a daunting task when you are busy focusing on running your recruitment agency.
At Access we have an in-house team of experts who regularly review the IT infrastructure of our customers and help them by developing specific and robust cyber security solutions to suit their needs. By moving your software systems to the cloud the pain much of the pain and worry is taken away as we can help with your security, disaster recovery and back-ups.
