New to recruitment – Security & Compliance | recruitment consultancy tips

“Is data compliance a big deal when I’m just starting out?”

Overview

Here’s a typical situation to find yourself in as an entrepreneur. You’ve just set up your recruitment enterprise. You are hungry for clients and eager to attract candidates. You’re possibly working at your own kitchen table. A distraction is the last thing you want right now. And that is exactly how many people view data security, when they start their business.

But there are some compelling reasons why securing recruitment data is a task to tackle from day one of running your own recruitment enterprise.

Strong Foundations

The best time to get your data processing set up properly is when you have very little data to process. In other words: right away. Why? Because it’s better to plough through the workload early on and think “what is the point of all this?” than to leave it until later. Otherwise, you will tie yourself in knots over whether you are allowed to keep any of the data you have already collected. And, if you’re not allowed to keep it – are you sure you’re even allowed to delete it?

It sounds daft, but that is the double-bind situation businesses can find themselves in if they get data security wrong. So let’s make sure that doesn’t happen.

Privacy by Design: a legal obligation

There is a legal obligation to secure client and user data at every point of its use. This is known as Privacy by design. It says that any new software, system, or workflow must be able to demonstrate that it was created with data security at the core of its planning.

The good news? Nobody expects you to develop your own software systems. After all, there is already an excellent and affordable option for you to use. But you will need to prove that you are handling, processing and securing user data in a safe manner. Here’s where you can make a difference.

Securing Recruitment Data: A Practical Approach

You can kick things off with a sound data policy. This is a user agreement that sets out best practices and your commitment to adhering to them. You can write your own terms, but it is perfectly acceptable (and, perhaps, more common) to use a pre-made document. The self-service legal document generator service Docular has several options to cover this, including an off-the-shelf Privacy policy

Identifying risk

You also need to know a little bit about the risks and threats you face. The first thing to remember is that data theft is usually an opportunistic crime rather than a targeted one. Bad habits and socially engineered attacks are far more likely to cause you problems than a sophisticated digital attack.

What does this mean? That you are more likely to be the target of a lazy phishing email scam than a malicious hacker. It means that a data thief is more likely to target a USB stick left on a coffee shop table as you go for a refill than they are to break into your office overnight.

Privacy by design means to minimise all of these risks. Yes, that means choosing a trustworthy supplier for your software. But it also means modifying your own behaviour to ensure data is never placed in unnecessary danger.

Compliance checklist

Here are some of the crucial starting points for securing recruitment data in a new business. We are focusing especially on issues facing a startup with perhaps minimal resources in terms of office space and IT hardware. But these are points which affect enterprises of every size.

• Keep working environments quiet, private, and secure.

It’s doubly important when working from home to ensure that your ‘office’ environment is free from disruptions and intrusions. Yes, that includes family members – even if they are too young to pose a direct security threat!

• Use separate digital devices for your work and home life.

This is not only data management best practice, it helps you to delineate between work and rest times. This also helps you to relax and focus, meaning you make fewer judgement errors while in work mode.

• Dispose of devices in a safe and secure manner.

Remember what we said before about crimes of opportunity? One of the most prevalent vectors of attack is to obtain old and discarded pieces of IT hardware. Sure, you might have burned out your laptop with long nights of overtime. But you shouldn’t simply sling it in the nearest municipal tip. By changing one or two internal components, a data thief might have your whole business system up and running again and you would have no way of re-accessing the compromised device. Use a designated IT disposal service to ensure the safe removal of old devices from your company network.

• Do not share accounts with colleagues or co-workers.

Your system is as secure as its weakest link. Can you guarantee that your colleagues will adhere to the same strict principles as you? No. Never share your accounts. Set up a separate account for each user. That way, if the worst should happen, it is much easier to identify and isolate the source of a breach without taking your entire system down with it. Explain to colleagues that this is never about apportioning blame after a breach. It is about data management best practices. If you need to place one account into quarantine, it’s much better that the whole company does not need to go on hold until a resolution is found.

• Do not share passwords or login data with anyone.

This one should be self-explanatory. If, for any reason, you are required to share a password or login with anyone, you should change it to a new, secure phrase at the first opportunity.

• Further help for securing recruitment data

Still looking for more advice? Perhaps you’re looking for answers to a specific data management question? Head on over to our GDPR Hub for even more helpful content.