How to protect your recruitment company from cyber-attacks
At the end of September, it was reported that Recruitment agency Giant Group had been hit by a sophisticated cyber-attack, which resulted in a delay in contractor payments. Cyber-attacks continue to cause business interruptions to businesses big and small. Just a few weeks ago, supermarket giant Tesco’s website was recently hit by hackers. We’ve put together some tips to help ensure your recruitment company is doing what it can to reduce the risk of cyber-attacks.
How can recruiter companies stay protected from cyber-attacks
In order to stay protected, having an in-house process on how to handle data can help. You should ensure all staff are aware of processes and working compliantly. Read on for 6 tips that can help you and your recruitment company stay protected from cyber-attacks.
1. Work with vigilance
Work with vigilance when receiving any communications, in particular email and text messages. You should be on the lookout for typos, especially if the communication has come from a known brand that will likely have been through a rigorous sign-off process. For emails, you should also check that the sender email address matches up with who the email claims to be sent by. You should consider setting up multi-factor authentication on all email accounts.
2. Check your verification process
Do have a verification process in place when you get requests for bank details or changes in details for first or third parties? Ideally, a business should rely on previous verified contact information and validate that you are speaking to the correct person. The GDPR legislation caused waves when it first came in 2018, but with changes to work patterns over the pandemic, best practices may have slipped. You should review that your staff are still working compliantly.
3. Have a business continuity plan
Do you know who handles cyber-attacks? And is everyone in the business clear about what should happen in the event of a cyber-attack? You also need to think about how you would liaise with clients during this time and the process for your IT team. In the event of an attack, you would need to consider how the business can operate until the issue is resolved.
4. Back up data
Does your recruitment business hold a lot of data? We imagine the answer to this is yes. You may wish to back this up on a separate server, in the event of a company-wide attack that leaves you unable to access your database. You should also maintain regular housekeeping of your data and delete old data when no longer needed or required by law.
5. Staff training
Once you have the above processes in place, you should ensure that your entire staffing workforce is aware of the cyber liability processes and are confident with dealing with them. You could have the most robust system in place, but poor procedures and training can easily defeat this. Human error is often reported as the most common cause of cyber-attacks.
Staff training should be ongoing, to remind your staff of the potential risk. A government cyber security survey carried out earlier this year revealed just 14% of businesses offered cyber security skills training to employees. As a recruitment company, you will have lots of sensitive data so you need to ensure your staff is handling this data correctly.
As well as training new staff, you could set up a regular monthly training session, where you provide reminders on your company process and how to work safely. You could encourage staff to share any weak points they may have identified in their day-to-day work and discuss ideas on how to reduce this risk.
In addition to training your staff, when onboarding contractors you should fully brief them about cyber risks and ensure they are working with data security and the risk of cyber-attacks in mind.
6. Consider cyber insurance
Unfortunately, a cyber incident is often a case of "when", not "if". For cover for data breach incidents, business interruption, ransomware, crime and more, you should consider cyber insurance for your recruitment business. Get in touch with Kingsbridge to see how we can help.
For insurance for contractors, you could recommend (or require) that your contractors take out cyber liability insurance. This can be selected as an add-on to the Kingsbridge contractor insurance package. The cyber insurance policy provides cover for business interruption, system and data rectification costs, regulatory defence and penalties and extortion and ransom costs. Contractors holding this cover will also have access to ReSecure, a dedicated 24-hour helpline. Recommending this insurance to contractors will give you both you as the recruiter and the end client an extra layer of protection against the ongoing battle against cybercriminals.