Jobvite Blog: Today’s Recruiting Trends

Your Applicants’ Data Might Be Under Attack—Here’s Why You Should Care

When was the last time you, as a recruiter, worried about your company’s data? Your job is hard enough—between creating teams, hiring new employees, instituting policies, and keeping your company afloat, why be burdened with something like data? That’s for the IT team.

Unfortunately, as a recruiter, you need to care—primarily because the data that you’re collecting in your ATSs and spreadsheets is very, very sensitive. It actually has a name, PII (Personally Identifiable Information), which is data that can be used to identify, contact, or locate a single person. Things like name, social security number, date of birth, or even medical or educational information, all count as PII—and that’s where things like resumes, onboarding forms and contacts can get tricky.

Here’s what you need to know about your applicants’ data—from how to keep it safe to what happens if you’re attacked.

1. Your data is extra sensitive.

Unfortunately for your applicants, personally identifiable information is the most valuable info when it comes to cybercrime. These kinds of records typically sell for $50/record on the black market (compared to just $5 for a bank account number!).

And while data like bank account numbers or credit cards can be changed, social security numbers and personal identification cannot be—so it’s a nightmare for those whose information gets compromised.

2. Security isn’t focused on HR.

Of course, many of our companies have security teams in place to handle sensitive information like this. But recent security attacks like the DDoS attacks of 2016 and Target’s infamous credit card breach have drawn extra attention to privacy issues. The result? Many IT departments have cracked down on customer data and precious internal information—but that laser focus can create a bit of tunnel vision, particularly away from HR data.

3. Your ATS should take care of this for you.

The thing is, if you use an applicant tracking system, like Jobvite Hire, you (and your candidates) just may be safe. The services and software hosted in the cloud (any SaaS application) have the same security precautions that virtually every other cloud product does. For the ATS, that means data is physically stored via a physical data center, like Amazon Web Services, which vows to protect this information fully. But while this system protects the ATS vendor from physical risks, cyber and cloud-based attacks can occur.

A good ATS vendor should take security concerns further, though—they should actually monitor data and develop an application that keeps encrypted data safe. Any vendor that solely relies on the cloud provider to secure its data is leaving many opportunities open for potential attack.

4. Choose the right one.

Clearly, making sure you select the right ATS for your company matters more than just for hiring. Ensure you’re making the right choice by asking these two questions to your potential vendor:

  • Where is the data hosted? If your vendor hosts its application in the cloud, make sure they take backup security measures to protect private data by the hosting provider and on the application layer.
  • What are your certifications? Make sure they mean what they say by asking about certifications, which mean that an auditor has deemed them safe and credible. In the U.S., a SOC2 certification should do the trick. By the way, Jobvite has the only SOC2 certification  among all of the best-of-breed recruiting software applications.

Ensuring the safety, privacy, and success of your applicants might sound like a bigger issue than HR—but truly, it’s part of your responsibility to create a secure environment for employees and non-employees alike. Make sure that’s on your to-do list from now on.