The recruitment agency industry is privy to highly confidential information that few other private organisations have access to. Candidates and clients trust that their information will be treated with respect by the recruitment agency they provided it to. Any breach of data security could cause significant distress or loss for the clients and candidates concerned and has the ability to destroy the agency’s business over night. Compromised or lost data is one of the largest threats to your business so it should never be taken for granted that it will never happen to you.

In the past decade, governments around the world have put in place laws and regulations for the way private and public organisations store and handle information. In the UK, businesses must comply with the Data Protection Act which states:

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Therefore, your agency must have systems in place to ensure the data you hold cannot be deliberately or accidentally compromised.

Principle 7 – Security states that you must:

‘design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach;
be clear about who in your organisation is responsible for ensuring information security;
make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and
be ready to respond to any breach of security swiftly and effectively.’

All too often small recruitment agencies begin business with lax or no security measures in place. Within a year or two they have collected hundreds of CV’s containing candidates’ address, work history and possibly copies of successful candidates’ identification records.

The agency has also met with clients that have divulged confidential financial and personnel information that could result in significant loss and distress if it ever became public. The lax security measures of the small agency may allow staff to carry around the information on unsecured laptops left in cars, houses and public transport.

Being small and having limited funds is no excuse for a recruitment agency not to invest in high security IT systems. Candidates and clients have placed their trust in the agency to look after their information, their personal information and business rely on it.

A spreadsheet or database with a simple password is not considered an appropriate level of security for the personal information. Investing in a robust system is a cost of doing business in the recruitment sector.

Your database can be further protected by using Multi-Factor Authentication (MFA). MFA is simple to set up via the Google Authenticator App. On the login page there should be a QR code that is scanned by your smart phone and a unique authentication code is generated from your smart phone to enter on your computer to gain access.

If you need to send your data off-site to a third party supplier, ensure they take data security as serious as you do. It is your responsibility to ensure your data isn’t compromised while it’s with them. Make sure you encrypt the data before transferring it anywhere. Ask the supplier to sign a confidentiality agreement and request details of their process for ensuring data security is maintained. While they might deal with data from organisations much larger than yours, if it’s your data that is compromised, it quickly becomes a big deal for your agency.

Other simple measures you can take include using proactive software protection on your computer systems. Even if your data is stored in the cloud, protecting your hardware is an important part of security in your agency. Anti-malware protection software is the first defence against viruses and spyware which can degrade your computer’s performance and destroy data.

Use a firewall to block dangerous programs, viruses and spyware. Sure there may be some costs in setting this up but as they say prevention is better than a cure. And the cure for a bad virus can be very expensive. Keeping your operating system up to date by downloading the latest versions from Apple or Microsoft is another line of defence against hackers.

Remember if something looks dodgy it probably is. Some emails will get through the best defence so if the email doesn’t look legitimate, don’t open and just delete it. Don’t visit websites that aren’t reputable as they can harbour nasty viruses and spyware waiting to unleash themselves on your system.

Insurance companies provide cover for companies wanting to insure themselves against data corruption and cyber hacking. The cover can compensate a company for the cost of restoring their systems, advising customers/clients of a cyber breach and reimbursing or compensating customers/clients who have lost money or reputation.

UK businesses have even more incentive to upgrade their data security systems. The Privacy Act is due to be replaced by the EU General Data Protection Regulation (GDPR) some time in 2016. The Regulation will have stricter requirements and tougher penalties – up to 4% of annual global revenue or £20million, whichever is greater. Take steps today to review your data security and make the necessary changes.

Data Security is Crucial for Recruitment Agencies

Recruitment Solutions

Recent News

Security