How secure is your recruitment system?

With many recruitment firms using cloud-based systems and the rise of mobile recruitment, recruiters must be aware of the security risks that exist, and therefore the measures that are – or are not – in place to combat them. Here are five key questions that recruiters should ask their IT system suppliers in order to safeguard themselves and their candidates’ data.

How vulnerable is my system to hacking?

Ask your system supplier when they last had a penetration test carried out by an external and suitably accredited company. Such tests should be carried out at least once a year and whenever software is changed or upgraded. Ask to see a copy of the report and also whether the supplier’s software has a history of attacks.

How stable and resilient is my system?

You also need to assess the robustness of your system. Hackers can flood a system with requests for information (called distributed denial-of-service attacks or DDoS) in an attempt to bring it down which could mean your IT infrastructure comes to a standstill and impacts day-to-day operations. Ask your supplier how vulnerable their system is to such an attack and once again quiz them on the regularity of external independent testing. Also ask them what back-up they have in place if their servers effectively keel over: for instance, is your data being hosted at multiple data centres? And if so, if one centre goes down can another take over without there being any disruption to business?

Is my data safe from internal threats?

While a good software supplier should be committed to ensuring the security and robustness of your IT infrastructure when using a hosted solution, it can do less about the internal threats that lurk. You must, therefore, ensure you have the right policies, password protection procedures and best practices in place to make sure your data can only be accessed by those authorised to see it.

Is my system secure in the mobile environment?

Recruiting is becoming increasingly mobile. You have to accept that recruiters will access your system and data in real-time from a mobile device whilst out of the office. The advent of bring your own device (BYOD) and what is referred to as the consumerisation of IT means that a recruiter uses the same technology for home and work. This exposes recruitment companies and their data to a new level of risk so you must ask your supplier whether their security measures extend to the mobile environment and what you need to do to make your data more secure.

What industry standards do you hold?

Ask whether the system supplier holds any recognised certification. One of the best is the internationally recognised Information Security Standard ISO 27001:2005 –  only awarded to companies that maintain best practice for their information security management systems and associated processes and follow a strict auditing process. The standard demonstrates an ongoing commitment of an organisation’s efforts to guarantee the security of its products and takes into account legislation around data protection.