77% of all cybercrime is targeted at the SME business. They target SME’s of all kinds, but rich pickings can be had with any SME who stores lots of personal data. Recruiters are mostly SME in size and store lots of personal data. So, you are at risk depending on which website supplier you use.
The best kind of risk when it comes to cybersecurity is no risk. So, to give our clients the no-risk option we have made our site in such a way that the candidate and clients to not need to register with the site and make a portal page where they are forced to store personal data. Instead, we now have straight through job applications, CV registrations to your preferred secure source be it your email, job posting vendor and/or ATS/CRM, provider.
We took this option on the principal that having no data to steal or ransom you with is best practise. Our competitors prefer to massage their egos with talk of ISO 9000 this and Cyber Essentials that, but the harsh truth is no data is ever truly safe, so why risk keeping it in your website when you are going to use it in your ATS.
There is a secondary benefit to this approach in that you also do not have redundant/duplicate data being stored that will get you into trouble with the ICO and GDPR. No data to go out of date or be stolen means no exposure to GDPR.
There is also a massive benefit to your website’s users in that the process to engage with you is more straightforward slicker and more accessible.
Not all vendors are created cyber equals.
Ok so this is going to read like we are the proverbial Turkey voting for an end to Christmas here, but the best vendor for any recruitment company to choose is a vendor who made their own code for the features their website offer. Why? Glad you asked.
The reason is simple software like WordPress, Joomla, Drupal, Umbraco and Unspecified PHP is inherently security flawed by the nature that vendors of these tools have to go to other vendors they never meet and do not know to get plugins to make the tech work. What is a plugin? A plugin is a piece of code created by a random vendor to perform a task like be your job search, or your contact us page.
So where is the problem in having plugin tech? The problem comes that the plugin vendors do not work with each other and so their code is not synched and nor is the updating of that code to patch security flaws. A typical site will need 10-20 plugins, so potentially 10-20 different suppliers. All software has security flaws, including the core code (WordPress, Joomla, Drupal, Umbraco and Unspecified PHP). Which means your site will get out of date and out of sync, quit quickly with your plugins and with your core operating system. Now ask yourself this question is any other software you use made up of 20 other suppliers? Like is your ATS using 20 different suppliers code, your accounts software? The answer is no and nor should your website be.
WordPress, Joomla, Drupal, Umbraco and Unspecified PHP platforms are the natural hunting ground for hackers, as code being out of sync is the easiest way for a hacker to enter the code and then do their worst. Dedicated vendors do not have the problem of using multiple plugins, so are no so widely exposed.