Information security ñ Hype or Reality for the Recruitment Industry?

Is the Recruitment Industry taking steps to ensure that data and systems are secure from the many threats that are prevalent today?

The IT Industry has often been accused of scaremongering. If it is not viruses then itís hacking or phishing or some other new security issue. Is it hype or is there really an issue for businesses and organisations to be concerned about?

The latest DTI Information Security Breaches Survey (2006) certainly provides plenty of independent evidence to persuade even the most cynical of user that protection is a necessary evil.

The survey concludes 62% of UK businesses suffered a security breach which compares favourably with the same survey published in 2004 (74%). However, there is at least one notable anomaly; the proportion of large businesses suffering a security breach rose from 46% to 87%.

The dependency upon IT systems requires business to find ways to avoid such breaches, the cost of which has increased on average from 10,000 (2004) to 12,000. These costs can relate to cash outgoings to repair systems or reinstate data but also to the more intangible costs of loss of sales and potentially worse still loss of reputation.

Practical examples from the recruitment industry would include:- Databases are the life blood of any recruitment business. What would be the effects if the client / candidate database was passed onto a competitor? In addition, have considerations to secure the bank details of temporary workers been taken. The threat of identity theft is increasing daily.

The misappropriation of valuable data has become more readily achievable with the development of high data capacity removable devices such as USB memory sticks. Presently 55% of companies do not have controls to protect against data copying using USB memory sticks.

The DTI survey includes a number of recommendations:-

ï Draw on the right expertise to gain the protection required
Integrate security into normal business practice through training and education
ï Use Risk Assessment to target investment in security controls
ï Keep key security defences up to date and address emerging technologies
ï Develop contingency plans to minimise business disruption

Whilst not necessarily viewed as a security breach, the cost of email and web misuse can be significant to a business. The survey provides an insight to the trends emerging in particular with the adoption of acceptable usage policies. The proportion of all businesses having implemented an acceptable usage policy has increased from 43% (2004) to 63% and likewise the proportion of businesses now restricting Internet access to some staff only has increased from 29% (2004) to 42%.

Interestingly the survey shows the proportion of misuse of email and Internet access within large business is significantly higher than overall proportion affecting all businesses. One explanation is ability of smaller companies to even identify misuse. The survey identifies that smaller businesses are much less inclined to install technology to block access, or monitor access of, to inappropriate web sites. 74% of large business have implemented such solutions whereas only 38% overall had such solutions installed.

There are many tools available to deal with the threats to the integrity of the information important to a business, the difficulty lies with the management of such tools. The ever changing threats, some on a daily basis, need to be monitored and in some cases this can mean using many different solutions. One approach to consider an all in one product such as Total Traffic Control. This innovative server based solution provides a single management consol for the majority of the threats and can help organisation maintain a secure and controlled system. .

David Capper, Yellowspring plc

Profile:-
David Capper has a decade of experience in IT and Recruitment together with a degree in Business Information Systems. He will be championing Yellowspringís IT Consultancy and Solutions for the Recruitment Industry.

Yellowspring plc, Tel:- 01268 494 100