Its Time to Fortify your Staffing Firms Cybersecurity

Its Time to Fortify your Staffing Firms CybersecurityIts Time to Fortify your Staffing Firms CybersecurityIts Time to Fortify your Staffing Firms Cybersecurity RossheimAs a staffing firm executive, all of your energies are focused on matching clients with great talent. But then the unnerving news headlines catch your eye ransomware attacks like Mays WannaCry and Junes Petya hit thousands of organizations, with direct and indirect costs often reaching six or seven figures per company.Unfortunately, most businesses, regardless of industry, are hit by one sort of cyberattack or another. Not surprisingly, the threat has increased demand for cybersecurity hiring.Where do you begin to build cybersecurity for your staffing company? And how can you enhance your existing measures against the advancing threat? Here are some guiding principles to protect your staffing company.Recognize that your staffing firm holds sensitive data. In addition to internal company data, your firms strategic aspla tzsets include confidential data on both client companies and job candidates. Bad actors may be tempted to try to steal that data and exploit it for any number of purposes.You can tell a lot about a person from their resume, says Darren Hayes, director of cybersecurity and an assistant professor at Pace University in New York. You may find their email address, Social Security number, skills set.Be aware that staffing firms are very vulnerable to a cyberattack. Sectors such as financial services and government are widely recognized as targets of cyber criminals the staffing industry not so much. This has led to woeful unpreparedness for the ever-morphing cyber threats.Its a challenge for staffing firms just to be able to track the assets they provide to staff, the information stored on laptops or phones, to make sure its secure and is retained by the staffing firm, even when workers leave the company, says Christopher Roach, national IT practice leader for CBIZ Inc.s Risk Advisory S ervices.Dont assume that your IT folks have got you covered. Your technologists have demands coming at them from every direction.Even the technical specialists responsible for security are likely spread too thin to fully comprehend and appreciate the new threats to digital organizations, says a report from trade group CompTIA.Its up to your top management to give IT the resources required to make information security a top priority. For starters, make sure backups are happening, says Roach.Dont assume your workers are acting prudently with every keystroke. Employee cybersecurityliteracy in safe practices should be a key element of your cybersecurity strategy, but its not enough.More than three-quarters of users who said they understood the risks of clicking on links in emails clicked on them anyway, according to a research summary by security vendor Barkly. Be sure employees know how to respond to suspect emails.Bring in an outside expert to assess your cybersecurity. At larger firm s with multiple offices, it makes sense to bring someone in to do a vulnerability assessment, says Roach.The best kind of security protection is help from the outside, says Hayes. Outside providers can give you betterphishing protection. Internal network people tend to think cyber threats dont apply to them.Demand proof of all of your vendors security measures. If your agency is like most, you share data with vendors and may even have given them access to some of your internal systems. Beware.Staffing firms need to vet any vendors they use for information security, says Roach. With cloud-based applications, ask for a detailed explanation of security measures before you buy.Counter your agencys potential role as a third party to a hack. Your firms liabilities for exposed data may go beyond your clients and candidates.Analyzing stolen resume data, hackers can easily learn what kinds of systems candidates were working on at previous employers, which can enable them to identify potenti al vulnerabilities at those companies, according to Roach. Attackers like to go to third parties to find vulnerabilities, he says.Keep up with emerging security threats. Last years cyber threats, and even yesterdays, may not top the list of newfangled hacks that your organization should prepare for. Witness WannaCry and other ransomware attacks of 2017. Ransomware is a threat that can really stop your business unless youre prepared to respond, says Roach.Budget for ongoing employee security training. Do your employees know what company rules say about BYOD security? Laptops brought home? Apps brought in to work? Make sure they do.A key vulnerability is the employee who doesnt know the companys acceptable use policy, says Roach. More and more companies are extending training efforts to the overall workforce, the CompTIA report says.Treat cybersecurity as an investment. Cyber threats are so numerous and varied that its not possible for any one firm to fully address them all. You can o verspend on cybersecurity, Roach says. Theres a diminishing rate of return. So we try to set a baseline, but then the company has to own it.Its wise to retain a consultant to periodically recheck the companys systems, policies and practices for vulnerabilities.