KJR CTO, Mark Pedersen spoke about the potential data threats that come with handling candidate data in insecure ways.
This is an excerpt of an original article published in CSO Online on 24th February 2020. Read the full piece here.
Does your HR department protect Candidate Data?
Let’s face it – data is a gold mine. Whether it’s credit card information, login credentials or a list of names with email addresses, all data must be treated equally. However, this isn’t always the case.
One valuable piece of data that is regularly overlooked is candidate data – the personal information received by the HR departments in the form of resumes, cover letters and university transcripts.
Consider for a moment the amount of sensitive data contained in a candidate’s resume – their entire work history, mobile phone number, email address, or even their home address. This is a jackpot for cyber criminals who can use this information to execute highly targeted attacks.
Therefore, each time a candidate applies for a role, they unintentionally expose themselves by giving their data to unknown corporate figures, to companies they aren’t familiar with or to potentially unsecure email addresses. A candidate’s data could then remain in an employer’s inbox, on a desktop or in a company database, and be potentially vulnerable to a cyber-attack years after they’ve sent it.
The concerning part is that a HR department will typically receive anywhere between 50 – 150 applications per role, dependant on the size of the organisation. This means that companies are storing thousands of candidate records and are most likely unaware of the risk this poses.
With the start of the year being the busiest time for the job market across Australia, what can companies do to protect candidate data?
Take the typical hiring process as an example – a job description is posted online, resumes are received, applicants are shortlisted, interviews are conducted, then a position is offered to the most suitable candidate.
Lack of awareness or a lack of data security policies means the sensitive information collected in the early stage of the hiring process could be stored inefficiently by HR departments and forgotten once a candidate is selected.
Therefore, HR departments, as well as those higher up the decision-making chain, should be educated on how to securely manage and store the candidate data that’s received for the role and manage it responsibly once the hiring process is complete.
Want to know if your organisation is handling candidate data correctly? Contact KJR today for an initial discussion – 1300 854 063
KJR is a technology-focused strategic advisory firm specialising in Assurance, Cybersecurity and DevOps. With over 100 consultants working with clients across Australia, we provide expert advice and delivery for digital transformation programs.