77% of all cybercrime is targeted at the SME business. Cybercriminals target SMEs of all kinds, but rich pickings can be had with any SME who stores lots of personal data. Recruiters are mostly SME in size and store lots of personal data. So you are at risk, depending on which website supplier you use.
The best kind of risk when it comes to cybersecurity is no risk. So, to give our clients the no-risk option, we have made our site in such a way that the candidate and clients do not need to register with the site and make a portal page where they are forced to store personal data. Instead, we now have straight-through job applications and CV registrations to your preferred secure source, be it your email, job posting vendor and/or ATS/CRM provider.
We chose this option on the principle that having no data to steal or blackmail you with is best practice. Our competitors prefer to massage their egos with talk of ISO 9000 this and Cyber Essentials that, but the harsh truth is no data is ever truly safe, so why risk keeping it in your website when you are going to use it in your ATS?
There is a secondary benefit to this approach in that you also do not have redundant/duplicate data being stored that will get you into trouble with the ICO and GDPR. No data to go out of date or be stolen means no exposure to GDPR.
There is also a massive benefit to your website’s users in that the process to engage with you is more straightforward, slicker and more accessible.
Not all vendors are created cyber equals
Ok, so this is going to read like we are the proverbial turkey voting for an end to Christmas here, but the best vendor for any recruitment company to choose is a vendor who made their own code for the features their website offers. Why? Glad you asked.
The reason is that simple software like WordPress, Joomla, Drupal, Umbraco and Unspecified PHP is inherently security flawed: vendors of these tools have to go to other vendors they never meet and do not know to get plugins to make the tech work. What is a plugin? A plugin is a piece of code created by a random vendor to perform a task, such as your job search or your ‘contact us’ page.
So where is the problem in having plugin tech? The problem is that the plugin vendors do not work with each other, and so their code is not synced, and nor is the updating of that code to patch security flaws. A typical site will need 10-20 plugins, so potentially 10-20 different suppliers. All software has security flaws, including the core code (WordPress, Joomla, Drupal, Umbraco and Unspecified PHP). Which means your site will get out of date and out of sync, quite quickly, with your plugins and with your core operating system. Now ask yourself this question: is any other software you use made up of 20 other suppliers? Is your ATS using 20 different suppliers’ code? Your accounts software? The answer is no, and nor should your website be.
WordPress, Joomla, Drupal, Umbraco and Unspecified PHP platforms are the natural hunting ground for hackers, as code being out of sync is the easiest way for a hacker to enter the code and then do their worst. Dedicated vendors do not have the problem of using multiple plugins, so are not so widely exposed.