Tips to protect your recruitment business from cyber attacks

Mike Ianiri, sales director at Redsquid, offers his advice to prevent your business falling prey to a cyber attack.

Cyber attacks are targeted at businesses of all sizes. However, 43% of cyber attacks are aimed at SMEs so recruitment firms need to ensure they are protected. What can you do to protect your recruitment business?

Training
Unfortunately, humans are still the weakest link in cyber security protection. Threat reduction requires employee training reinforcing messages such as:

  • Be watchful of new contractors. While most will be legitimate, some cyber criminals will simply walk in and try to infect your machines. If you’re unsure, stop and check. 
  • Query requests for large or urgent payments. This is a common form of cyber attack.
  • When you’re busy, beware: don’t open emails you don’t recognise or if the topic is worrying. Don’t open attachments or click on links designed to infect your machine or network. Fraudsters use addresses and URLs that are very similar to legitimate ones.

You can check training effectiveness with regular simulated phishing attacks. You’ll identify who is following their training and who needs more. We did this internally at Redsquid and reduced click-throughs from 54% to 4% in only three months. 

Protecting your network

Gateway prevention
Email gateways are a great way to reduce mistakes. By passing all your emails through a gateway, you block the malware, phishing and spam emails threatening your network.

Firewalls: If your firewall is a few years old, its ability to protect your network needs to be upgraded, as the threats to your network will have increased. 

Patching: Keep your PCs fully patched. Your operating system provider regularly publishes security updates to protect against the latest cyber threats. 

Windows 7: Microsoft stops supporting Windows 7 on 14 January 2020. You must upgrade to Windows 10. If you also upgrade hardware you’ll benefit from the physical security and performance enhancements built into new machines.

Vulnerability and penetration testing
Vulnerability scanning helps to ensure the security of your systems, services and applications from a number of common attack vectors, exploited by both automated and manual attackers. Vulnerability testing should ideally be done continuously, but at least every month.

A penetration test is an authorised simulated cyber attack on a computer system, performed by a suitably qualified third party. We recommend these are done at least once a year by an independent body (not your IT provider) for the peace of mind it provides.

For recruiters, these tests are particularly valuable to prove you are properly ticking the GDPR box – showing you’re protecting the Personally Identifiable Information (PII) you hold on candidates, clients and staff. 

APIs and web applications
Most businesses are using multiple web applications and APIs to streamline productivity. Check whether the ones you use have been tested for intruder prevention. They can become a back door into your network.

Multi-factor authentication
Multi-factor authentication (MFA) uses multiple devices to protect your network. Your phone can act as confirmation you are who you say you are, for example, logging into an application. Multiple layers of security make it harder for unauthorised users to access your network.

Cyber insurance
Getting advice on the cover you need for insurance against cyber threats is recommended. It can’t replace what’s stolen, however cyber insurance will help your recruitment business recover more quickly. 

• Mike Ianiri is sales director at Redsquid, one of the UK’s leading independent providers of business Voice, Data, ICT, Cyber Security and IoT Solutions. 

• Comment below on this story. You can also tweet us to tell us your thoughts or share this story with a friend. Our editorial email is [email protected]

Microsoft teams up with SThree to improve operations

SThree, the leading STEM-specialist staffing group, has announced a collaboration with Microsoft that is intended to power its industry-leading Technology Improvement Programme.

Contracts 26 March 2024

NEW TO THE MARKET: 25-30 MARCH 2024

This week’s new launches include: ID Crypt Global, Indeed, N2S.Global, Quesam, Talmix

New to Market 26 March 2024

Businesses must use AI in ‘all its formats’ says Martin-Fagg

UK businesses need to use technology such as AI to increase productivity, emphasise a ‘customer first’ attitude and grow by increasing market share.

22 March 2024

HeadFirst and Impellam groups join forces

HeadFirst Group and Impellam Group have joined forces to become one of the world’s leading STEM talent and managed service providers.

Contracts 22 March 2024
Top