Skip to main content
Can we help you find something?
Recrutiment & Employment Confederation
Insight

Think Your Recruitment Agency is Not at Risk from a Cyber-attack? Think Again

Business advice

Mitigo Group avatar

Written by Mitigo Group

Cyber-attacks are real. Every day businesses are being hit around the globe and the impact is both financially and reputationally damaging.  The focus on data security is more crucial than ever. So just because your agency is not Facebook or Google you’re not going to get hit, right?  You couldn’t be more wrong.

Cyber-attacks have evolved at an alarming rate over the past few years and it is an ongoing challenge for your IT support to keep up to speed with the hackers who are after your most precious resource.  DATA. 

It is not just that recruitment agencies hold significant volumes of data that lure hackers (whether that’s personal data, financial data, Intellectual Property etc.), but by gaining access to your IT systems, which you rely on to run your business, cybercriminals can extort large sums of money through ransomware. Smaller organisations are targeted and at risk because they can provide access to bigger organisations, and often, SMEs have much weaker security.

Companies can be fined if their security is deemed insufficient following a breach, but such incidents not only bring about financial penalties but also cause extreme damage to reputation and future business potential.  Add to this the financial damage to a recruitment business that suffers a data breach and is subsequently removed from a PSL.

Ask yourself these 5 questions:

1)    How would your candidates feel if your IT systems were hacked and their data was accessed and sold on the dark web?

2)    How do you think your clients would feel if their confidential information was leaked?  Or got into the wrong hands!

3)    You’ve built your business on trust over many years, but this could be destroyed in one cyber incident.  How would this impact on your business’ reputation?

4)    How would your clients & candidates feel if their IT systems were infected by a virus from your agency’s IT?

5)    How would your business survive if as a result of a data breach, or cyber incident, you were removed from a PSL?

It’s no longer a case of if you get hit but when you get hit.

Cybercriminals take advantage of the reliance agencies have in their technology, systems, and data, and the obvious impact this would have on their business operations should an attack be successful. 

The most common forms of attack on recruitment agencies include;

  • malware

Malware is any malicious software intentionally designed to cause damage to a computer, server, client, or computer network.

  • distributed denial of service (DDoS) attacks

A distributed denial of service (DDOS) attack is a common method hackers use to take down websites, email servers and other services which connect to the Internet. This form of attack may make access to your data inaccessible.

  • phishing

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication ie. Via an email message.

  • ransomware

Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization.

So how can recruitment agencies that hold the kind of information cybercriminals want to get their sticky virtual hands-on, protect their valuable data?

It is essential that you carry out a proper risk assessment of your systems and security arrangements, and cure vulnerabilities, in respect of the three key areas.

Technology: firewalls and anti-virus software are a given, but unless they are properly set up and configured correctly, criminals will get round them. Undertake penetration testing and scanning to pressure test everything and find out where the leaks are (and there will be some!).

People: give your staff proper cyber awareness training.  Have them complete some tests to see what they have learned.  And then test the effectiveness of this by undertaking some simulated phishing attacks to discover what else needs to be done.

Governance: ensure you have the correct policies, procedures and maintenance arrangements in place to cover the risks of e.g. Bring Your Own Device (BYOD), password control, remote working, use of cloud platforms, etc.

But doing nothing is not an option.

Talk to the team at Mitigo to see how they can protect your agency against cyber-attacks and data breaches and keep your business alive.  For more information on how Mitigo can support your business, click here

Get in touch with the Mitigo team via email rec@mitigogroup.com or via 0161 88 33 180 to book an independent consultation. 

“Our cybersecurity partners, Mitigo, provide managed affordable protection to REC members to counter the threat of cybercrime. We work with them to ensure specialist cybersecurity support for our members.” 

Neil Carberry, Chief Executive, Recruitment & Employment Confederation

Share this article