HR and recruitment agencies receive thousands of emails and file attachments from job seekers and aspiring talent. Because there is no way HR staff can avoid reading the emails or opening file attachments this vulnerability makes them an ideal target for cyber criminals and hackers.
The HR department of any organisation also holds vast amounts sensitive personal data and financial information that by itself makes them a prime target for cyber criminals. There’s personally identifiable information such as home addresses, bank details, dates of birth and National Insurance numbers that criminals can collect and use for their nefarious activities.
Not only can they attack, or target employees personally, but also use this information to launch phishing attacks against the business or its partners in the future. In fact, this is exactly what happened in 2018 when a well-known UK business’ online recruitment system became the target of a cyber-attack. The following data leak exposed biographical and contact details stored in their databases, which subsequently affected other parts of their organisation. The cost to the business is estimated to have been in the hundreds of thousands of pounds to fix.
Recruitment agencies and HR teams also store intellectual property such as scans of personal documents and a list of top talent for a particular job role or industry, for example.
What we intend to show you here are few tips to get the ball rolling in your own organisation and start making it harder for hackers to steal, destroy or hold you to ransom over your data.
And remember small is not safe – many attacks are conducted by bots that randomly search for vulnerabilities in networks and then report back to their criminal masters when they find them. If you haven’t patched the latest security updates you can put yourself and your organisation at real risk.
So, if you work in any part of the HR or recruitment industry read on!
Incident Reporting
All the police forces across the Eastern region have dedicated specialist cybercrime teams who are highly trained and experienced in investigating cybercrime and at putting the victim’s needs at the forefront of the investigation.
It is important if you are a business, charity or other organisation which is currently suffering a live cyber-attack (in progress), that you call your local police at any time on 101 or report the attack to Action Fraud on 0300 123 2040 immediately.
Click to Open Code Editor