Protecting your organisation’s systems against malicious users and data corruption should always be your immediate and ongoing priority
There was a time when you could build a wooden palisade and you and yours would be safe from the nasty horde intent on mischief, or so you thought; they would burn it down and your plans were thwarted. You’d build a castle made of stone and they would invent gun powder and bring cannon to bear. You make the walls and towers round and the cannonballs deflect off. They tunnel underneath, burn the pit props and the wall comes tumbling down!
This isn’t meant to be a history lesson; this illustrates how the battle between attacker and defender is an ongoing evolution of strategy that is as relevant today for data security as it was when we started carrying shields to protect us from others firing arrows. The hacker is getting smarter, so we must be more vigilant.
Software vs Hardware
Many organisations rely on software-based security measures to protect their systems from data theft and/or data corruption. While these software solutions are effective up to a point, there are still vulnerabilities. Even if a malicious hacker cannot steal your data, they can cause untold damage by corrupting the code until whatever data you have is unusable.
Hardware-based security is considered safer because they offer strong protection against those who are not authorised to access the data. It allows you to set privilege levels so those within your organisation who shouldn’t have access to certain aspects of the stored data are not allowed access to it. Biometric technology can be employed to ensure those without permission can’t log in or out or have the ability to change permission levels.
Any system is only as secure as the practices of the user so secure system administration policies are a must. The users at every permission level must be fully aware of the consequences of improper interaction with the system. They must be vigilant against attempts by hackers to introduce worms or viruses through email links etc. They must also treat any confidential data with the utmost care.
Back it up!
Everything you store has to be backed up; if not, if you lose it that’s it, it is gone. Make sure you regularly back up everything you hold dear. You can use a separate hard drive, but it is recommended that you store it in the cloud. The first priority in the huge data storage centres is data security. If they get breached then they lose more than a customer’s data, they lose their customers. They do everything possible to stay safe both electronically and physically. Here is Simon Taylor of Next Generation Data offering advice on the physical security of a data centre:
- Make the building as invisible as possible – don’t advertise its function.
- Manned entry ways.
- Carparks as far from the building as possible.
- Minimal windows that should be bombproof.
- Reinforced double or triple skin walls (for new builds)
- Strong fences, CCTV, speed intrusion prevention systems (IPS) and strategically placed anti-ram defences.
- Consider positioning the data centre further away from metropolitan areas.
- Security and operations staff should be properly and intensively vetted.
Recruitment websites, by their very nature, receive the details of a large number of people. The company then processes and stores those details of past, present and potential candidates leaving itself a juicy target for miscreants. Any data breach that has not been properly guarded against, not announced immediately and has lost details that shouldn’t have been stored without proper permission will land the organisation in some pretty deep and uncomfortably hot water due to The General Data Protection Regulation (EU) 2016/679 (GDPR).
When GDPR became law in May 2018, it meant businesses needed to be more transparent and documented regarding the data they use, store and share with other businesses and organisations. If you are not fully compliant you can expect a fine of up to 4% of your global revenue or €20m, whichever figure is greater. If you are not following the rules it has laid down already then it is time to take a serious look at how you collect and store data.
Any website should be built from the ground up with security as a priority. Recruitive is the most trusted name in recruitment websites because we build multi-faceted security into our websites. We are also trusted by some of the biggest names in a wide range of industries all over the world because we offer the most advanced recruitment software available.
Contact Recruitive today and treat your candidates’ data with the security it requires.