Data security is an important topic throughout the entirety of any organization, but it could be argued that it matters, even more, when it comes to recruiters. Recruiters directly interact with a number of different third party individuals and groups, collecting and storing information that’s supposed to be kept private and secure.
Should the data ever become compromised, or land in the wrong hands, it’s the recruiter who could ultimately be held responsible.
In order for recruiters and their firms to protect data and stay above reproach, it’s important that there’s a specific plan in place. Here are a few data protection tips to get you started.
1. Establish best practices with staff
Anyone on your recruiting staff needs to be aware of the importance of data protection and the practical things they can do to reduce breaches that result in lost or compromised data. This means establishing and focusing on best practices, such as these:
- All computers, tablets, mobile phones, and other devices that are connected to the network must have updated and approved security software installed.
- Private and secure information should never be given over the phone – only via fax, encrypted email, or in-person.
You’ll have additional best practices that you’ll want to establish, but remember to reinforce them so your staff takes them seriously. If you’re having trouble encouraging compliance, remind them of the consequences.
2. Ensure you’re using email encryption
As a recruiter, most of the correspondence between yourself and candidates happens via email. If you want to protect personal information and data that’s accumulated during these conversations, it’s imperative that you use email encryption.
Many leading email platforms, like Google, come with built-in email encryption. While that’s a start, it’s not enough.
If both parties use Gmail encryption, the risk of your message being compromised is very low. However, if your recipient’s email service doesn’t use TLS [transport layer security], messages won’t be encrypted,” data protection leader Virtru explains. “Even if both parties use TLS, the message could pass through a hacked or improperly configured server outside of Google’s network, allowing a 3rd party to decipher and read it.
In a situation like this, you’ll need additional security in the form of a plugin or added software. But regardless of the case, make sure there’s adequate encryption protecting both the sending and receiving of email between recruiters and candidates.
3. Require strong passwords
Strong passwords are your first defense against data breaches and hacks. If you can prevent hackers from deciphering passwords, your risk of losing private data is greatly diminished.
One of the easiest ways to give yourself a strong password would be using a full sentence,” says Kurt Muhl, member of an ethical hacking firm based out of St. Paul, Minnesota. The first letter of each word in the sentence then becomes part of the password. So, for example, the sentence “I bought my first car for $10K” becomes “Ibmfcf$10K.
There are plenty of other strategies, but this is one of the best (especially when you use a variety of characters). “That’s going to give your uppercase, lowercase, a number, and special characters in there,” Muhl says. “It’s something that’s easy to remember. All you gotta do is remember that sentence.”
It’s also a smart idea to encourage employees to reset their passwords on a regular basis, as well as to use unique passwords for every account they have.
Prioritizing data protection
Data protection isn’t something you can take lightly in 2017. It’s a big responsibility that recruiters have to own up to when dealing with private information. Make sure you’re doing everything you can to strategize around this all-important obligation this year.