In recent times, there have been more and more cases of hackers and spammers attempting to fleece big corporations as well as individuals. The latest big brand to experience this is Optus. The telecom giant has had thousands of customer’s data hacked and is currently dealing with the aftermath of the breach that could cost the company billions of dollars. A breach that has forced thousands of customers to require new IDs like driver licenses and passports, putting many at risk of fraud.. This kind of data compromise can happen at any scale and in any industry.
For recruiters, it is a well known fact that agencies are sitting on a goldmine of data. That data is extremely valuable, considering the personal information that recruiters need to gather about candidates, and even about their clients. If you are managing payroll for temp or contract workers, you’ll likely have much more risk in terms of keeping details such as pay, bank details, personal ID, etc. secure.
Hackers looking to target valuable corporate players have in the past attacked them via their recruitment partners, accessing treasure troves of personnel data worth significant amounts of money. These hacks are debilitating to a recruiter, not only being expensive to remedy but often causing a sharp loss of trust in the firm by current and potential clients, leading to secondary losses after the fact.
New demands on recruiters driving change
In an industry that’s all about relationships, you can’t afford to let this happen. As a recruiter, you have a legal and professional responsibility to protect your clients’ data, but due to a number of factors, achieving this has never been harder.
The rise in shared office spaces and remote working means that this data is being accessed more often and from more places than ever before. As recruiters turn to more data-driven ways to place candidates, manage client expectations and predict market movements, clients’ valuable data is required to pass through a huge number of systems and hands – every one of which is a potential point of access for a hacker.
Something as simple as a recruiter using an older model iPhone that’s no longer supported by updates could mean that high-value client data is being accessed on a device with a significant security vulnerability. Not to mention the ease with which a mobile device or laptop can be physically stolen.
In an office/shared space environment, recruiters should not be leaving their laptop/phone unattended or unlocked for others in their business or co-working space to access. Printing out a resume? Ensure it is kept safe and all details remain confidential.
Balancing flexibility and security
Like every business, recruiters need to understand the consequences of embracing new technology and new processes. While these systems open up new and more effective ways of working that can help recruiters forge closer relationships with clients, better manage talent and more efficiently complete administrative tasks, these opportunities need to be balanced with a clear-eyed perception of the risks of moving everything on to portable devices.
When it comes to the data that you manage internally, ensure that they are kept in locked files. A good idea is to implement 2 factor authentication as a layer of security to access any of your accounts or devices. This means when you log in from one device, a password or code is sent to another device that you use, to ensure it is really you that is accessing the account.
Many applications across the digital space now have clever security monitoring that alerts you if your account is being accessed from a device or location that is not usual for you. Just like with banks, they keep a record of your IP and your location.
If anyone outside your organisation needs to view data, make sure it is going to the right person and that they are aware of the confidential nature of that information.
Hackers don’t rest, neither should you
It’s easy to become complacent with data security. You are busy running an agency, managing workers, clients and project after project. But as an agency owner, you’re responsible for and liable for the safety and security of this data so make sure you have a framework in place.
Internal security training courses and general information for your own team is beneficial as hackers can target email accounts with spam and fake links that can end up sending viruses into your systems. If in doubt, do not open or click on suspicious emails.
A key part of this is also considering data that is shared or collected by 3rd party providers and partners in the management of your business.
True partner and full back office support for recruiters
Recruiters across Australia and New Zealand trust Oncore to keep their data secure. Oncore takes data security seriously, utilising leading-edge technologies & practices to minimise exposure & risk of data breach.
All client data is stored within leading Australian cloud data centers that meet ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015 certifications. The data itself is secured using strong AES-256 encryption. Regular vulnerability scans & third-party penetration tests are performed to ensure we stay ahead on updates & configuration changes. Advanced security controls are also in place to protect from unauthorised access such as web application firewalls & intrusion detection systems.
By continuing to align the security of our technology with leading standards, Oncore remains a trusted provider for Recruiters to rely on for workforce management & payment solutions.