Protect your Staffing Company and Clients from Data Theft

Protect your Staffing Company and Clients from Data TheftProtect your Staffing Company and Clients from Data TheftProtect your Staffing Company and Clients from Data Theft Berkowitz, Esq.Think your staffing companys data isnt of interest to hackers? Think again, warn the experts.When it comes to cybercrime, hackers thrive on opportunity says Bill Carey, vice president of marketing for the Roboform password manager. If hackers have the chance to get into your system, they will take it.The task can be doubly tricky for staffing companies that manage millions of individual pieces of confidential data about potential placements and must keep track of who sees each one. Many staffing companies also offer comprehensive onboarding and other HR services that require them to have access to their clients computer systems.The good news is that protecting your business from security threats and the confidential information of your clients and their placements doesnt have to cost a fortune.It d oes however require some effort up front and on an ongoing basis. Here are five things to do to protect your staffing company from cyber-hacks1. Know What to ProtectKnow what you need to protect and why that information is at risk, says cyber security expert Ray Cavanagh, member of the American Society for Industrial Security and its cloud computing subcommittee.He suggests sitting down with employees in dienstgrad of HR, IT, operations and security and identifying how your business transfers data or shares information and the person or department responsible for protecting it. This list will form the basis of a cyber security plan.Of particular importance for staffing companies is that they have access to their clients computer systems to know who has authority to log-in to each system, the IP address of the computer being used and the scope of the data being viewed or transferred.2. Create a Written PlanBoth Carey and Cavanagh agree that any cyber security plan should be written o ut. It should list every step required to keep information secure. Free resources on the Internet can help you develop a plan, which should cover protections from both external and internal threats includingFirewallsAnti-virus software (and updating)Malware protectionPassword managersSocial media controlsEmployee trainingAuthentication protocolsIn cases where a certain employee or group may regularly work with a clients computer system or data, a comprehensive plan might also address limiting log-ins to certain IP addresses. Controls can also be put in place regarding the amount of time thata particular staffing employee is given access to a specific client.3. Be Diligent About Due Diligence How are smaller companies managing this effort? Brandon Metcalf, founder of staffing and recruitment software as a service company Talent Rover completed a lengthy review and due diligence process before deciding to build the companys business on Salesforce.coms cloud-based platform.The decision means that Salesforce.com, not Talent Rover, is responsible for protecting all of the companys zugnglich activities, including log-ins, data management, information storage and transfer, IP address tracking and password protection.Thus when a Talent Rover employee works with a client to implement a comprehensive staffing plan, or logs into a clients system, these activities take place thorugh Salesforce.com.But Metcalf warns its not enough to rely on a buzzword such as cloud-based as assurance that a service provider truly incorporates sufficient cloud protections.Ray Cavanagh agrees. Make sure you investigate every company or provider who will handle your data or interact with your servers. Just because a provider says they have migrated their services to the cloud or take security seriously doesnt mean they offer comprehensive cyber protections.4. Train Employees Carey, Cavanagh and Metcalf all stress the important of proper employee training around issues of cyber security.Do no t assume your employees will always use common sense when it comes to protecting against security breaches, warns Carey. He suggests having in-person meetings to explain the companys cyber policy including examples of threats, risky behaviors and the companys bring your own device (BYOD) policy.Cyber safety best practices for employees are similar to those for personal computer use. They includeTeaching employees how to create strong, memorable passwords when creating accountcredentials. These should be based on things other than family or pet names and dates that can easily be gleaned from social media.Instructing employees that they should never click on a link to access a clients website or to enter a work or customer system. Better to type the new address themselves.Providing specific examples of phishing language or malware that can trick employees into infecting computer systemsProhibiting downloads of anything onto a work computer or network without explicit authorization5. K now What to Do if Your ordnungsprinzip is BreachedIf, despite your best efforts, you find yourself the victim of a cybercrime, Ray Cavanagh recommends unplugging your servers and going offline as quickly as possible until the threat is located and isolated.Bill Carey also suggests immediately changing the passwords for all hacked systems and communicating openly and honestly with employees and customers about what happened and what is being done to fix the situation.Such a scenario may require that you call in an outside expert to help find the source of the leak and fix it, both experts say.Legal Disclaimer None of the information provided herein constitutes legal advice on behalf of Monster.