In the recruitment industry you may be handling both personal data from candidates and confidential business information from your clients. Data security is key and is an important responsibility for any recruitment business. Here are 3 top tips to ensure you don’t fall short of expectations.
Data Storage and Backup
Think about what data you hold and where you store it. This might be local, in your computers, external storage and any on-site servers; remote, in off-site servers or other machines, such as a home PC; or, cloud-based, stored by a cloud server provider, for example like DropBox or a CRM like Salesforce.
In terms of physical on-site storage, you should require a certain level of security and many small business systems allow the central management of this. It should require features such as compulsory password or passphrase that must be changed every 90 days, remote wipe on portable equipment and encryption on all drives with strong passphrases. Any remote storage should be similarly well secured; you’ll also need to think about the physical security of the remote machine and who has access.
Cloud-based storage can be a blessing and a curse. Generally, reputable cloud-based providers invest heavily in data security and you can likely rely on them to do a good job. However, there are other issues that may come into play such as geographic location of their servers, inflexibility of their security settings and ownership with regards your data.
Protection and Management
Another important aspect of your data security is ensuring you have adequate protection on your systems. This should include anti-virus or anti-malware and computer scanning software. You should also have a firewall in place to protect you from any malicious traffic and, ideally, an email spam filter to protect you from malicious emails and attachments and to filter out phishing attempts.
If you’re running servers, portable electronics like smartphones, cloud-based storage or website hosting, don’t forget these. Just like a PC running in your office, they all need protection and most will have some sort of firewall and encryption available.
In addition to ensuring you have the right protection in place, you should be proactive in managing your security and systems. Key to this is keeping your computer and anti-virus up to date so that you get the latest patches and malware protections.
Diligence and Training
Insider threats were the main threat for 2017 and this is likely to continue to be the case. This doesn’t mean sabotage or hacking by an employee; in fact, it normally means negligence or a lack of training – an accident. Loss of log-in details through phishing, theft or negligence allows malicious actors or software into your systems, at which point it is often too late. Employee training in this area is key and the ICO Training Checklist is a great place to start.
For more information on this topic, check out the ICO’s practical guide to IT Security.