The recruitment sector is particularly vulnerable to cyber attacks due to recruiters processing large quantities of valuable data, making you a big target for cybercriminals.
With 82% of UK recruitment firms adopting some form of hybrid working, you also need to ensure any staff working from home are secure.
Recruitment agencies are built on trust – your clients and candidates need to know their personal data is safe in your hands. If you haven’t thought about your cyber resilience before, you must know the cyber security risks the recruitment sector faces and how to mitigate them.
A recruiter based in Manchester has an external meeting in Birmingham on Monday morning. He travels by train to and from the meeting, returning to the office in the evening. When he returns to the office, he realises he has left his laptop on the train.
What controls should be put in place to mitigate the risk if this happens?
What could happen if these controls aren’t in place?
Rachel, a Liverpool-based recruiter, is checking their personal LinkedIn account on Thursday afternoon. Earlier that day, Rachel had attended a local networking event, and she noticed several new connection requests and messages in her inbox. Scanning through the names, they all look like people she met that morning, so she clicks accept on all the requests without any further checks.
Amongst these requests, there are several fake profiles; the attackers behind these profiles quickly scan Rachel’s full profile, downloading key personal information (including; full name, a recent vacation, home address, work address, children’s names, pet name and details about her new company car) as part of their social engineering efforts.
What controls should be put in place to mitigate the risk if this happens?
What could happen if these controls aren’t in place?
A Chester-based recruiter is checking their personal LinkedIn account on a Monday morning after posting a new job advert last week; he notices several new connection requests and messages in her inbox.
Scanning through his inbox, he sees some replies, including CVS. Without checking the message, he opens the CV file ‘Ben Nevis.pdf’; upon downloading this file, his computer quickly crashes. Unbeknown to him, malware has now spread into his computer and his company’s computer network.
What controls should be put in place to mitigate the risk if this happens?
What could happen if these controls aren’t in place?
Click to Open Code Editor