Recruiters - do you know what to do if you are hacked?
The hacking of Emmanuel Macron’s presidential campaign in France and the cyberattack on the NHS this year have put cyber crime back in the spotlight. Without access to vital patient data, operations had to be cancelled and patients had to be turned away at NHS Trusts around the UK, clearly highlighting the importance of robust cybersecurity and data management.
Access to data is essential to the running of any successful organisation nowadays and for recruiters the information they hold on candidates and clients is essential. Without it, recruitment and business activity would come to a standstill.
Even though larger firms are often the targets for such attacks, many smaller SME firms are also at risk due to a perceived lower level of security. So what should you do if you find yourself on the receiving end of a data breach? Although it would be easy to become overwhelmed in this situation, do not delay action. Your checklist should include:Inform individual’s whose personal data may have been affected - Once you are aware a breach has occurred, you are legally required to inform individuals affected without unnecessary delay if the breach could adversely affect their personal data or privacy. Send a written notification to the individuals’ affected including details on the kind of information that has been compromised and the steps you are taking to remedy the incident. Alert the authorities. Report the crime to your local police or Action Fraud, the UK’s national fraud and cyber crime reporting centre. You should also be mindful of the General Data Protection Regulation (GDPR) which comes into force from May 2018. The GDPR will require you to notify the relevant supervisory authority (the Information Commissioners Office in the case of the UK) within 72 hours of becoming aware of a data breach. You could face a fine of 2 per cent of your company turnover or €10 million, whichever is higher, if you fail to report a breach that could result in a risk to the rights and freedoms of individuals. For further information on the GDPR and how the REC is helping the recruitment industry to prepare, visit our GDPR hub. Enlist the support of a cybersecurity expert - You are likely to need specialist advice following an incident. Cybersecurity specialists will be able to test your network to find out what kind of attack occurred, why it happened and what steps are needed to prevent an attack in the future. Activate your business contingency plan - If you have a business contingency plan, then waste no time implementing it. Make sure your plan includes a suitable data back-up schedule as a serious attack could affect your system for a considerable period of time. Contact your insurance provider if you have one. You should begin your claims process ASAP. If you aren’t insured, you may want to consider it as the right cover can help avoid a major loss of income and potential reputational damage. Contact our business partner Jelf for further details.
The online world has transformed industries including recruitment, bringing many benefits. It is important however that businesses are alive to the risks and the importance of data protection and cyber security. Sign up to one of our GDPR seminars and come along to our next Marketing Forum on 5 September where we’ll be focusing on the evolving world of cyber security and what marketing teams can do today to protect their assets and brand online.
Written in association with Jelf
This entry was posted on Tuesday, August 22nd, 2017 by:Karen O'Reilly is the REC's Stakeholder Engagement Manager
Karen O’Reilly works with the policy team to represent the interests and concerns of members to policymakers and stakeholders in a number of sectors including executive search, interim management, financial and legal services, HR and office support. She also works on cross-sectoral issues including employment tax and social mobility and inclusion policy. Prior to joining the REC, Karen worked at the British Chambers of Commerce.