In any industry the loss of data from an internal source can be devastating. The average cost of an insider threat is £6.7 million annually and when you add in reputational damage it is a significant issue that all companies should be vigilant about.
This is especially important for recruitment agencies. Throughout the recruitment sector there are always stories of employees going it alone and setting up their own company. When this happens it brings with it the threat that they might take customer and candidate data with them in order to help them get their new business off the ground.
How would your company cope if vital intellectual property e.g. candidate and customer data was stolen? What damage would it do to your reputation if ex-employees started contacting your customers direct trying to take business off you? Your data is the lifeblood of your recruitment firm, you need to protect it and in turn protect your reputation.
However, as recruitment is such a fast paced business with a never-ending parade of new vacancies to be filled and candidates to see it can be hard to keep so many plates spinning. This can lead to you being so busy that IT related issues, like implementing data protection procedures, fall further down the pecking order. When this happens it just makes it easier for insider threats to grow.
What are your options?
So what can you do to protect your intellectual property? Where do you start? Fortunately, there are a range of solutions available to your company in order to keep data where it belongs.
Here are some of the solutions out there that we have put in place for other recruiters, which can be quickly setup in your business.
Restrict Web Access – the quickest way to lose data is to allow employees access to file sharing site so you should look to block access to these first. But don’t stop there, you should look to limit the amount of freedom users have with their personal email accounts. With a product like Citrix Workspace you can set alerts to notify you if large files are emailed out and you can block the ability to upload files to Gmail (or you could block webmail entirely). You should also think about blocking access to social media sites as these are often used as back door methods for extracting data via the messaging features. It is also possible to block any files being sent externally unless they have been authorised, but this may be too restrictive considering how many CVs your users need to email out each day.
USB access – the next most popular method someone looking to steal data will take is to save data onto a USB device. If your system currently allows users to plug in a USB device, you need to get this locked down asap as chances are someone is already using this method to take data out of your business.
Screen Captures – from working with recruitment agencies we found that they were having issues with users using print screen to take data out of the company. Removing the ability to do this is easy to do and a solution we highly recommend.
Endpoint Management – if your users have been given work phones then implementing a Mobile Device Management policy is vital so you can control their access via their endpoint devices. This gives you the ability to remotely wipe the device if a) they leave; b) you suspect them of posing an insider threat or c) they lose their phone.
Printing – you will always need to print out various paperwork each day, either contracts or candidate application forms but are you monitoring the printer? I’m not talking about sitting next to it watching what comes out but you should have some system in place for monitoring the print logs as some like the old fashioned approach for stealing data. Look out for certain file types being printed a lot or suspicious times e.g. is someone coming in early and printing things off before others arrive for the day.
Clipboard restriction – if you use a cloud hosted desktop solution then blocking users from using and copy and paste between the hosted session and their local machine is a good thing to set up. Some users try to get around the controls which are in place on their cloud based session by copying data from it onto the local machine where similar controls might not be applied.
Employee monitoring – this last one sounds a bit big brother but the technology now exists which easily allows you to monitor user’s behaviour in order to ensure no data is stolen. You can set it to flag up suspicious behaviour such as users accessing client accounts too often, accessing accounts they don’t have anything to do with or logging in at unusual times of the day. Citrix Analytics part of Citrix Workspace currently offers industry leading employee monitoring including automated session recording. Key logging software is another useful employee monitoring tool that you might want to look into ward off inside threats. Usually just by letting users know you have precautions like these in place is enough of a deterrent.
To find out more about how you can protect your customer data get in touch with us today as we’d be happy to go through the various solutions available to you.