The recruitment and staffing industry is vast, with a reported 76.5 million people taking new jobs in 2021, and more than 1.2 million active recruiters on LinkedIn alone. Data is at the heart of the sector with thousands of terabits being processed around the world daily.
This data is filled with personal information on applicants, candidates, customers, jobs, and can include things like bank details, various forms of ID, and even special category data such as medical history and racial or ethnic origin. This makes recruitment agencies who control or process this data extremely susceptible to cyber-attacks and security breaches. It is estimated that a business is successfully attacked every 10-15 seconds with personal and financial data being the biggest target.
Security of this data is of the upmost importance and the everchanging demand for up-to-date defence and protection against cyber-attacks is key for most businesses. So, does moving to the cloud solve this and should all recruiters move to the cloud?
We work with many recruiting and staffing companies when reviewing their CRM software, from small start-up recruitment agencies and medium size businesses to large enterprise level customers with various global offices, multiple databases, and usually vast amounts of data.
Often small to medium size businesses may have either a very small, or even a large amount of data that has been collated which may be stored on a small business server or even individual (sometimes personal) devices. The storing and protection of this data (no matter what size) can be time consuming, expensive, and can also leave the company vulnerable if a data breach were to occur. For many of these types of customers and recruiters, opting for a cloud-based recruitment software is an easy option and offers them peace of mind as well as flexibility accessing whilst on the move. The new supplier would automatically become the data processor and therefore responsible for the secure storage and processing of data. The recruiter or recruitment business would remain the data controller, and should still follow the ICO guidance around how that data is used in accordance with their GDPR obligations.
For enterprise businesses, they may have many more things to consider including multiple in-house systems, projects, processes and third-party tools or stakeholders. Some again choose to simplify this with cloud-based tech providers; however others choose to setup their own private cloud infrastructure so they have full control of their own data and systems. This can be costly but presents few technology barriers because it is easily scalable and the computing power available is incredibly vast, allowing companies to draw resources as and when they need them. This is important because projects involving technologies like artificial intelligence and machine learning require the analysis of large amounts of data, some off the shelf software, particularly browser-based systems can offer limited control and intelligent processing power. Many enterprise level customers believe that hybrid cloud software is the future for the recruitment industry as it offers them the ability to maintain both data processor and controller responsibilities. This allows them to better control both their data and processes but also offers them the security of their own private cloud and flexible access for their end users. Typically, these types of systems (such as itris 9) are not accessed via a browser and are a deployed app that can be packaged and controlled by the business rather than the supplier. They tend to offer far more flexibility, user permissions, configuration, access options, and security.
So, should all recruiters move to the cloud? Yes, on-premises data is risky and more vulnerable to attack. You should consider whether letting your recruitment software supplier host your data is right for you, but ultimately cloud offers better security and flexibility. The question therefore is whether you get your own cloud infrastructure or rely on the supplier’s software providers. Either way, your data is still on a server somewhere and being processed which therefore leaves it vulnerable to attack (all be it less likely than sitting on your PC at home), so here are a few things you should take into consideration with your current or future cloud setup:
- Third-party assessments and security certifications (including ISO 27001)
- Robust backup routines (Size and Frequency)
- Data storage location and Co-location (Do you need it to be UK based?)
- Software that offers end to end data encryption (critical for when data is being passed from the cloud to your device)
- Password protection or 2 step authentications
- Security on the user’s machine (up to date Antivirus, Firewalls, and Ransomware)
- Secure internet connection (Do not use public WIFI to access sensitive data)
If you would like to find out more about cloud technology and how itris 9 can offer a state-of-the-art hybrid cloud solution, then get in contact with us today. We are happy to offer free, no-obligation advise on both software and cloud data storage. We offer a hybrid cloud solution so our customers can decide whether they want to process their own data, or host with our fully accredited UK cloud supplier Microsoft Azure.