Let's face it, security matters - and in Recruitment, data is vitally important. It is the lifeblood of any Recruitment Company.
I was reading last week about the internet security company Kaspersky who revealed that their own systems had been hacked but no damage done.
This reminded me of the training I had regarding data security a few years ago. In the UK and other countries, the responsibility for data security rests with the actual business - those businesses and their owners have a legal duty of care under the various Data Protection Acts & Regulations to prevent personal data being accidentally or deliberately compromised.
Taking a closer look at a company's legal duties is useful when considering security:
- The levels of security a company has must reflect the nature of the personal data they hold and the level of harm that could occur if there was a security breach
- You should have a single individual within the company who is responsible for ensuring all information is secured
- Ensure you have the right physical and technical security including robust policies and procedures
- Ensure your staff are well-trained in all matters of security, including personal security.
- In the event of a breach of security, your team should know how to respond swiftly and effectively.
So here are my top tips for security:
- Have someone in the company appointed and responsible for security.
- Have an effective security policy in place
- Ensure that staff fully understand about security. For example: -
- If someone calls, make sure you can verify who they are and never give any details out over the phone to someone you don't know, even if though you may recognise the name. Call them back.
- Never give any details of your systems, it helps understand weaknesses.
- Make sure data is always secured: laptops with saved passwords are an easy way to hack into a companies data or network.
- Have a robust system back up plan in place and ensure it is regularly run.
- Are your suppliers upto the mark? Do you have copies of their security policies; ask about their procedures, or about how they back up their systems? What would happen in the event of a fire or if they ceased trading?
- Remember the most common security breaches happen when employees get upset or decide to leave, ensure you have robust employment contracts which protect the companies and it's data. Remind staff of their obligations. have a staff exit plan so that passwords are revoked.
- Both personal security and allowing people access to office need consideration. In one of our offices we had an attempted break in from someone claiming to need to read metres (luckily for us we have a managed service but it still caught the staff out) but we also have a procedure where staff can alert people through our phone system.
- Finally in the event of a disaster or business interuption (power outages are becoming more common, we had two in the last 12 months in different locations) we solve this issue by having completely cloud based systems that allow any one to work anywhere, we can redirect the landline numbers to mobiles in seconds or answer from different offices, Our CRM, Accounts, Document Libraries, Legal stuff actually everything are cloud based.
These are only a few of things you should do, but my observation of running a company is that it's not a case of "if" someone will try to breach security, it really is a case of "when", so be ready.