Wednesday, 28 June 2017

Preparing your Recruitment Agency for GDPR: Protecting your Data from Insider Threats



Over recent blogs, for obvious reasons, I've been talking a lot about cyber security. But today I wanted to go back to the topic of preparing for GDPR, as I know it is an issue that is concerning many of you at the moment.

In preparing your recruitment agency for GDPR it is important to realise that as well as securing your personal data from external cyber threats, you also need to be securing it from insider threats. So what do I mean by insider security threats?

Well this can be something like a rogue employee, or a disgruntled ex-member of staff, but more likely it will be a genuine member of staff who accidentally causes a security breach or data loss.

Human error, or our natural tendency as human beings to take the easy option, is actually one of the commonest causes of such an incident, so it is good practice to put in place policies and controls that will minimise the risks of such an occurrence.

Password policies would be one such control. I'm sure for ease of memorability, we would all naturally tend towards an obvious password, but these are very easily guessable and as such do not provide the level of care and protection of your confidential data that GDPR demands. Equally, there is a fine balance to be struck, as overly complex password policies, which demand long and complex passwords which frequently change, can result in staff feeling the need to write their passwords down - and having passwords recorded on sticky notes, certainly doesn't demonstrate due care of confidential data under GDPR!

Having appropriate processes and procedures around starters and leavers is also key in ensuring that only authorised personnel have access to your confidential data. Equally, it is best practice to only give staff the minimum access to systems and data that is needed to do their job, in order to minimise risk from a data breach or deletion, whether accidental or deliberate.

Staff education is also vital in ensuring that your systems are not compromised by security threats like malware or ransomware, which are often transmitted via rogue emails. I know many of you have seen and downloaded my white paper "Best Practice for Staying Safe Online", a copy of which can be found here if you missed it first time round.

The mobile working revolution has also opened up a plethora of new challenges, and preventing data loss or data leakage from mobile devices is a key area that needs careful management under GDPR. With company emails now frequently being synchronised to personal mobile phones, and data often being held on laptops to enable remote working, it is all too easy for confidential data to accidentally get lost if a device is mislaid or stolen. Equally staff can sometimes be unaware of the implications of having certain pieces of software on their laptop and may be unwittingly backing up or synchronising confidential company data to an unsuitable or insecure location, or even outside the EEA.

Nowadays, it is also likely that external organisations or third parties may have legitimate access to some of your IT systems or data. In this case this needs to be secured in just the same way as it is for your own staff , so you are clear who has access to what parts of the system, why this is needed and how it is controlled. There also need to be procedures in place to review, amend and remove access for third parties, as business relationships evolve and change.

If you would like to discuss ways in which Xara Computers can help you secure your agency’s data, and prepare for GDPR compliance, please do not hesitate to contact myself, or my colleague Andrew Banning, on 0208 732 5656 or email us on at@xc360.co.uk or ab@xc360.co.uk when we will be happy to help.

Xara Computers flagship product, the XC360 for Recruitment private cloud platform, provides recruitment agencies with a fully managed, highly secure, UK based remote desktop running all their own agency’s software. This allows fee earners to work and collaborate in real-time, from any location, using any computer, laptop or tablet, safe in the knowledge that their confidential client data is centralized and secure. For more information please visit our website https://www.xc360.co.uk/recruitment/

Friday, 2 June 2017

Protecting your Recruitment Agency from Cyber Threats.... Free Staff Training Resources



As those of you who have read my previous blog, "Cyber Security for Recruitment Agencies… 8 Top Tips to keep your Agency Safe", will know, effective protection against cybercrime involves much more than just technology.

Indeed, we only have to look at the devastation caused to the NHS and many other organisations by the recent WannaCry ransomware attack, to see that simply having a firewall and some antivirus software is nowhere near enough to protect against today's complex cyber security threats.

The reality is that, to be effectively mitigating cyber threats, recruitment agencies need to implement a complex jigsaw of pieces consisting of multiple technologies and a raft of policies and procedures around issues such as mobile working, Bring Your Own Device (BYOD), applying system updates in a timely manner, managing starters and leavers, controlling data access by third parties, effective password and authentication procedures and much, much more.

On top of all this, implementing staff training around cyber security is a critical part of the jigsaw in successfully reducing the threats that cybercrime poses to any business.

It is important to remember that your security is only ever as good as your weakest link on any given day. That could be the temporary administrative worker who opens a seemingly legitimate attachment or website link which turns out to be something much more sinister.

For this reason we thought it would be useful to produce a white paper "Best Security Practices for Staying Safe Online", which outlines some of the key user education issues around protecting your business from cybercrime. We are making this free resource available to all our contacts to help them reduce their risk from cybercrime, and as such the white paper may be distributed to your staff and/or used as a training resource.

To request your free copy of the white paper, please email at@xc360.co.uk.

If you would like to discuss further ways in which Xara Computers can help you secure your recruitment agency’s data, as well as prepare for GDPR compliance, please do not hesitate to contact myself, or my colleague Andrew Banning, on 0208 732 5656 or email us on at@xc360.co.uk or ab@xc360.co.uk when we will be happy to help.

Xara Computers flagship product, the XC360 for Recruitment private cloud platform, provides recruitment agencies with a fully managed, highly secure, UK based remote desktop running all their own agency’s software. This allows fee earners to work and collaborate in real-time, from any location, using any computer, laptop or tablet, safe in the knowledge that their confidential client data is centralized and secure. For more information please visit our website https://www.xc360.co.uk/recruitment/