October 31st may be most famous for being Halloween – but it also marks the end of Cyber Security Month in the UK, which was designed to help raise awareness of the important of creating safe systems and software. This is a mission critical element of any recruitment business, so we spoke with our cyber security and IT specialist partners about how to ensure you don’t get tricked at any time of year.
Here, Clive Madders, Cyber Tec’s Chief Technical Officer, gives us the essential gen.
We hear the phrase “Cyber Security” in business a lot – but what exactly is it? At its core, cyber security is how individuals and organisations reduce the risk of a cyber attack. It’s the practice of protecting your devices, services and systems from malicious attack.
How important is cyber security to a recruitment startup? Recruitment startups need to build trust with new customers and establish relationships in their network. They hold the personal and sensitive data of many stakeholder and the financial costs and damage to your reputation caused by a data breach could be impossible to overcome. Passport scans, visa details, employment agreements and performance warning can all be left compromised. Documents including invoices, work placement documents, offer letters and copies of emails can all be exposed too. The risk to business cannot be over emphasised. It’s imperative any data-driven startup puts this kind of thinking at its heart.
What cyber security threats do companies face on a daily basis that they wouldn’t know about? According to a recent government report, 32% of British businesses reported an attack or breach from April 2018 – April 2019 and of these 32% businesses. The main threats were:
- phishing attacks (identified by 80% of these businesses)
- others impersonating an organisation in emails or online (28% of these businesses)
- viruses, spyware or malware, including ransomware attacks (27% of these businesses)
So, there is still a wide open goal here and it’s not something a recruitment business can do itself. When these things happen you need to have covered as many bases as possible because the buck stops with you.
What are the main cyber security threats that face a recruitment company? This is software that’s specifically designed to disrupt, damage, and gain unauthorised access to your computer systems. Social engineering is another major risk. This is mainly the use of deception to manipulate your employees into divulging confidential and personal information that will be used for fraudulent purposes. And in any business, there are specific bespoke vulnerabilities. These are a weakness in your system which can be exploited by an attacker and you need a bespoke solution to look at where these weaknesses are in order to strengthen the defence.
How can a startup take to protect themselves from any cyber security threats? We recommend becoming Cyber Essentials Plus certified. This guarantees a reduction in risk of breach of 80%. Look to bridge the further 20% with tools such as SOC and SIEM But the main thing is that the attitude toward this as a culture must be in place also from the top down.
What is the worst case of a cyber security breach that you have heard of? The worst I’ve heard of was when a hacker stole information from more than one billion Yahoo email accounts in August 2013. There was a $175 million settlement fee reached in court, but the damage was done.
What are the repercussions if you have a cyber security breach? The most important one for recruiters is around GDPR. Without being able to justify to the Information Commissioner’s Office that you had adequate measures in place to protect personal data can result in a 4% fine of global turnover for data loss. Outage rectification also presents a major impact to any business following a breach and the costs associated to this can be high, not only in financial terms but in recovering any reputation damage.