Auridian Consulting Value through People Value through People
FocusProductsThought LeaderAdvisoryCoursesAboutResources		 Enter Our Shop  
Auridian    
Resource Centre articles Return to Resources 

Secure recruitment

Very few of us can avoid conducting business electronically, ie managing data in-house and communicating with the outside world. Thus we are faced with both internal and external threats to our business. This short article reviews the issues and what you can do about them.

External Threats

Whilst all such threats originate from an individual or an organisation it is worth dividing them into viral and human.

Viral threats are software based. These are either executable files, ie. programs, or are embedded within data files. These threats can be minimised with good antivirus software. In recruitment organisations this is particularly important, given the number of CVs and job specifications you receive. Ensure that the antivirus vendor updates their virus files on a regular basis and that the software is downloaded automatically onto all user computers.

Be aware that the staff, innocently, or otherwise may upload software onto your system via the various drives built into their computers. It is strongly recommended that these are disabled. All files coming into and leaving your organisation should be via your IT department or at least your server.

Human threats These can be classified as follows:

  • Script kiddies: Typically youngsters, these rascals download ‘hacking’ software from the web. For a bit of playground kudos they will take control of US spy satellites, at least until mummy calls them down for supper
  • Hacktivists – Ethically motivated, if they do not like your organisation they will endeavour to deface it. If your business overlaps with what others see as controversial/unethical then you could well be a target
  • Cyber warriors – Think e-swampy. There is nothing subtle about these characters. If they don’t like you they will endeavour to damage your business. Their favourite ploy is the denial of service attack (DoS). They typically ‘flame’ your site with emails until your server crashes
  • Cracker – This individual is much more subtle. She typically modifies the software in your firewall (a key part of your e-defence) and then come and go as they please. Do any of your rivals have amazing insights into your business?
  • Confidence trickster – They comprise conmen, shoulder surfers and masqueraders. Their social skills enable them to use a low tech approach to breaking your defences.

Investment in a firewall, penetration testing from security specialists and user briefings will give you the best peace of mind on the human threat front.

Internal Threats

Recruitment for some reason or other appears to generate many jaundiced ex-employees. Similarly recruitment organisations seem to spawn a high level of rival companies. Both of these were at some point current employees.

As mentioned previously they could well be the source of viruses. Equally if not more devastatingly they could copy your ‘crown jewels’, eg. your contacts database.

Options here include partitioning the database on a ‘need to know’ basis. This would need to be supported with a culture that recognises the importance of access control. How seriously do your staff take usernames and passwords? Do they lock their computer when they go out to a meeting? How many staff use the term ‘password’ for their password? These are indicators of a need for a cultural overhaul. Damage limitation options include:

  • Inclusion of ‘sleeper records’ that will prove that your database has been stolen, making prosecution easier
  • Minimising the size of files that can pass through your firewall without the intervention of your IT staff

Policy

Ironically as the world becomes increasingly aware of the need for greater security there is a feeling amongst security experts that too much is being spent on security technology. The smart move is to ensure that a significant proportion of your security-spend is allocated to staff-attitude training and the enforcement of your security policy. There is no point having the most sophisticated firewall in town if your staff use a post-it on the monitor as an aide memoire for their password.

Ade McCormack is MD and founder of Auridian Consulting, the REC’s chosen IT training provider. Ade has 19 years experience at the sharp end of IT. He has worked with many recruitment companies in a consultancy and training capacity.

This article was recently published in the Recruitment and Employment Confederation’s Recruitment Matters publication.

 

Alert your colleagues, boss or learning and development department. Click here


Go Back

Search Site   
Site Map  | Contact Us  | Your Privacy  | Terms and Conditions  |  Webmaster  |  © Copyright 2008 Auridian Consulting Limited