In a previous post we looked at the heightened risk that the recruitment industry faces when it comes to cybercrime. Holding a wealth of personal information on individuals has made recruitment businesses a target for cyber criminals, a fact demonstrated by the PageGroup hacking affecting 710,000 of the company’s applicants which were exposed last year. This case, which follows the hack of Monster in 2009 where the confidential details of more than 1.3 million users were stolen, coupled with the increased vulnerability of the recruitment sector, leaves us wondering why some recruitment businesses are still allowing themselves to be exposed to unnecessary risk.
A quick visit to the websites of some of the world’s biggest names in recruitment reveals all. As you’re probably aware, the address bar of any website reveals whether you’re entering a https data protected area. On Google Chrome, it’s displayed as a green padlock and the word ‘Secure’ before the web address or, if the website is not secure, a grey ‘i’ will appear in its place. Most recruitment websites provide a secure connection in areas where data is transferred such as the login/register sections or contact/feedback forms, while the static pages such as the homepage are insecure.
Multiple Failure Points
So far, so good. Why should a business be concerned about establishing a secure connection for the pages where no confidential data is being exchanged? The key area containing data exchange is protected after all. However, a split in secure and non-secure pages could mean that a website is being managed by more than one service provider. It is this patchwork approach that presents increased data security risks for recruiters.
We know that the larger the supply chain the greater a company is at risk of cybercrime. Third party weaknesses have been responsible for several high-profile breaches in recent years, including the aforementioned Michael Page hack, which exposed gaps in Capgemini’s testing practices. And, back in 2013, the Trustwave Global Security Report found that 63 percent of data breaches from that year were linked to a third-party.
Counting the Cost
Of course, having specialist providers to look after certain areas of a website has been common practice for businesses for a number of years, so why change now? The reason this has become a concern is because data breaches are on the cusp of becoming a lot more expensive. The EU General Data Protection Regulation (GDPR) which was passed by European Parliament last year means businesses must review their data processes vigorously. Those failing to be compliant with the new regulations by May 2018 could face a fine of either four per cent of their turnover or €20 million, whichever is the highest figure. Previously, the most serious breaches of the UK Data Protection Act would get a maximum fine of £500,000, meaning data protection has been elevated to become a top business priority.
With this in mind, more attention is being paid to business supply chains than ever before, especially those involved in data transfer and storage. When it comes to websites, there are now specialists, like Volcanic, that provide complete end-to-end solutions without the requirement to look elsewhere for particular services. Streamlining your entire website service to one trusted provider, whose credentials are sound, means you’re safe in the knowledge that user information is not being shared across multiple businesses, dramatically reducing the risk of cyberattacks.
For more information about cyber security and how you can ensure maximum protection for your recruitment website, drop our team a line today. drop our team a line today.