

Recruitment agencies are built on trust – your clients and candidates need to know their personal data is safe in your hands. If you haven’t thought about your cyber resilience before, you must know the cyber security risks the recruitment sector faces and how to mitigate them.

With 82% of UK recruitment firms adopting some form of hybrid working, you also need to ensure any staff working from home are secure.

What cyber security risks does the recruitment sector face?


  • A lot of the data that is stored in the recruitment is Personable Identifiable Information (salaries, 性别, 联系信息, 工作描述, 以前的雇主, 参考文献等.). T在这里fore it is critically important that only those who are authorised to do so can access it. 这意味着确保所有帐户都有强大的, 启用唯一密码和多因素身份验证. The best practice would also be implementing a data classification tool to prevent sensitive data from leaving your organisation intentionally or accidentally.


  • As a recruiter, you will receive vast amounts of CVs as email attachments. As any one of these could be disguised malware, you need to stay vigilant in checking them. The same goes for hiring managers and finance staff or recruitment businesses, as these staff and departments are also more likely to receive malicious email attachments

远程工作 - lots of staff working remotely, high volume of client meetings

  • A lot of staff working remotely brings a lot of cyber security risks as senior leaders will have less tangible control over w在这里 their employees work, 也就是说他们可能是在不安全的公共wifi上工作的, they could be working on a crowded train leaking sensitive data to anyone closeby who happens to be shoulder surfing, they could be leaving devices unattended in public working spaces.


  • The high volume of staff turnover - taking leads, clients with them, devices

  • Recruitment is an industry that has historically seen a high staff turnover rate, with top recruitment consultants often being headhunted by rival firms. 记住这一点, it is vitally important to secure your data and restrict a staff member's access to data and devices as soon as possible; to limit the amount of client & 他们可以窃取并带走候选数据.


  • The past 3 - 4 months have seen a rise in the number of scam job postings aimed at harvesting key Personal Identifiable Information from candidates who apply. 点击这里阅读更多



  • A company's cyber security posture must be emboldened by all staff, 最好是从董事会开始, 拥有多个安全冠军. 保安意识培训 应该每季度做一次, 和理想, content should be amended each quarter to reflect gaps in staff members' knowledge.


  • Anti-malware (anti-virus) should be installed on all work devices as a mandatory defence; this should also have automatic updates enabled. Another defensive measure ensures firewalls are activated locally on all laptops and desktop computers. These are set to the most secure settings to prevent as many unauthorised connections as possible.

Controlling devices - encryption, backups, auto-updates, remote locking, MFA

  • All devices should ideally be enrolled in a Mobile Device Management (MDM) solution, as this allows the organisation control over what devices can be used for, 可以安装什么软件, 以及操作系统的更新频率 & 安装杀毒软件. Other features can include: ensuring encryption is enabled on all devices and ensuring all devices are backed up as frequently as possible within business processes


  • Security policies are a must within businesses, especially for new hires. 他们可以说明可接受的用法, 帐户密码强度, 处理网络钓鱼邮件和更多. They are a fundamental component of having all staff members working towards a co在这里nt cyber security stance.

远程工作- VPN,安全屏幕

  • 除了防火墙和杀毒软件, it is important to have a VPN enabled on all devices used by staff working remotely. This provides security by changing the devices IP address and encrypting all data sent, so colleagues working on unsecured public WiFi vastly reduce their exposure to threats/attacks

  • 以下的最佳实践 远程工作者 is also to consider installing security screens on all devices; this will reduce the risk of shoulder surfing and sensitive data exposure as only the screen will be un-viewable to anyone but the user.


  • 网络生活必需品 is a government-backed scheme that allows your business to become certified, displaying to your clients that you have robust security measures in place. 欲了解更多信息,请阅读 在这里.

