At Pan Eight Consulting, we have worked with a number of clients who have experienced candidate or customer data theft in some shape or form.
The economic downturn is leading to an increase in data theft, with recruitment agencies the worst hit sector and most susceptible.
Increasing competition for a diminishing number of client job offers among agencies is causing a rise in data theft.
Based on a recent survey, among recruiters, three quarters of data theft was via a computer, including burning data on CD, USB (28%) and email (19%). And 75% of data theft was carried out by males aged 25-35.
85% of data thefts are carried out by consultants who are promised a better job as a reward from a competitor.
Your candidate data is your primary asset.
However, your sensitive business information may be stored by leaving consultants on a portable storage device, which means it could be transported out of the office.
USB drives (also known as jump, flash, pen, memory or thumbnail drives), MP3 players, mobile phones and digital cameras can store a lot of data. These devices have relatively large storage capacity given their small size. For example:
1. These days, a thumb-sized memory stick can store upto 32 gigabytes or more than enough for a personnel database and hundreds of Word documents.
2. Many phones, Personal Digital Assistants (PDAs) and cameras can be connected to personal computers with a cable or infra-red link and can be used to transfer computer data.
3. With broadband internet connections, employees can email vast quantities of data out of the office without anyone knowing.
4. A portable music player could store 60 gigabytes of dataenough to copy a typical hard disk.
The risks to your business can include:
1. A Recruiter quits and takes your Candidate or Customer database with them.
2. An employee sells private data to another company or criminals.
How do we prevent this?
Well the bad news is that there is no 100% preventative solution, however we can make the process more difficult using a number of techniques that you can use to protect your data:
1. Conduct a risk analysis
Look at the kind of information that is stored on the company networks, including who has access and what would happen if they were able to take it out of the office.
2. Restrict access
Determine peoples access to data on a need to know basis. Does everyone need full access to the customer database or accounts? Can you give people more limited access? Use passwords to protect sensitive information or files.
3. Have clear policies
Outline what employees can do with confidential or business-critical data. For more information see Train your staff.
4. Remove access
You can simply ban these devices, block USB ports on computers so they cant be used and remove CD drives.
5. Review your system Audit Trail
Ensure your Candidate database application or ATS has a clear audit trail of who is exporting large quantities of data out.
To learn more about preventative measures to combat data theft, reach out to us.