As early as 2015, we had already addressed the subject of securing candidate data in recruitment software. Recent news confirms that it was time to reopen the case.
The news had the effect of a bomb: in 2019, Desjardins revealed to have been the victim of “ the biggest personal data leak in the history of Quebec“. Shortly after, Olymel and IGA also made headlines on the same subject. Even at the start of the year, the Autorité des marchés financiers said it was “ concerned by 30 cyber incidents reported in two years “.
In this context of increasing threats related to our digital practices and awareness of our vulnerabilities, the lines of defense already in place are strengthening, both on the side of university education and on the side of entrepreneurs. But what exactly is computer security? And what are its challenges?
Computer security: what are we talking about?
When we want to talk about computer security, we open a door to a very vast field which presents innumerable facets and concerns several fields of expertise, at the same time technological, legislative, and ethical.
Concretely, IT security is developed on three levels of protection:
- Physical protection of equipment and facilities;
- The digital protection of data against consultation, modification or deletion by a person not authorized to do so;
- Data backup and conservation over time.
We can therefore, in the wake of the Government of Quebec, define computer security as “the set of measures physical, logical and administrative security, and emergency measures, implemented in an organization, in order to ensure the protection of its IT assets the confidentiality of the data of its information system “. In short,any action taken by a company to protect its computer equipment or the data stored therein is an IT security measure.
From a legal standpoint, computer security issues translate into a growing legislative arsenal and a desire to protect the user: Bill 64 in Quebec, PIPEDA in Canada, but still GDPR in Europe. . Their common point is to focus on the second level of IT security: the protection of personal data. All, therefore, want to be restrictive to different degrees vis-a-vis companies that collect and use the personal information of individuals. The analysis of these legislative measures and their impact on businesses will be the subject of a future article on this blog.
Cybersecurity or IT security: what are the differences?
Often, the terms computer security and cybersecurity are confused, considered synonymous. If the two concepts are close, I think it is still appropriate to present the nuances.
To put it simply, cybersecurity is a branch of computer security that concerns interconnected systems,i.e., networks. These are protocols, rules and protective measures that aim to prevent cyber attacks, that is, attacks originating from outside the network.
Computer security encompasses both threats related to networks (viruses, cyber attacks, etc.) but also related to the IT infrastructure and fraudulent use of the system itself.
The challenges of computer security: why is it important?
The recent examples of personal data leaks are the most telling illustration of the issues related to computer security. In addition to the legal damage to the company concerned, there is also damage in terms of public image: how can you trust a company that has not been able to prevent the leak of potentially sensitive confidential data?
This is a hot topic for a temporary or permanent employment agency. Indeed, the placement agency collects confidential information from candidates but also from clients with whom it does business. Its recruitment software must therefore have sufficient security measures and meet certain standards to ensure the trust of third parties.
It is not enough to protect yourself with a good antivirus and hope to escape malicious attacks: beyond sensitive confidential data (bank details, social insurance numbers, etc.), a temporary employment agency manager and permanent would not want either one of his collaborators to be able to leave with the list of contact details of the customers and to start his own business.
Does the recruitment software of my temporary or permanent employment agency guarantee data security?
When it comes to security, the first parameter to consider when evaluating the effectiveness of recruiting software is access to stored information. Who can access it? What access are we talking about?
In a temporary or permanent employment agency, not all employees use the same information: the recruiting team, for example, does not need to have access to payment information. Compartmentalizing access to data in this way is an important first step: your agency’s recruitment software must be able to allow the coexistence of several security groups with different authorizations to access, modify and use data. This is particularly the case when it comes to exporting data in the form of Excel tables. To guard against any risk of leakage, it must also be able to be configured, controlled, and limited.
In addition, the encryption of the connection data should be evaluated: are user passwords well protected? This is more important in the context of candidate and client passwords to their personalized platform. Your staffing and recruiting software should encrypt passwords in a way that will not allow them to be decrypted. A candidate forgot their password? Agency staff can reset it with a temporary password but will never be able to recover the original password because the software will not display it. Access to a candidate’s or client’s files and information is thus protected both internally and against a fraudulent external connection attempt to the agency.
What security advantages does and installed staffing and recruiting software offer over a web solution?
These measures are essential, but are they sufficient? Not necessarily! When it comes to sensitive and confidential data, two protections are always better than one. Thus, good staffing and recruiting software must be able to ensure double validation of access to the system. This means that it should be possible to set both user permissions and computer permissions.
In this regard, software installed on a computer offers a major security advantage over competing solutions which offer solutions entirely connected to servers. In the case of a staffing and recruiting software with the body installed on a computer, the agency’s IT security manager can control both “who” connects to the system, but also “from which machine” .
While this solution makes it possible to control user connections, it does not forsake the security provided to the storage of sensitive data. Thus, while access to the software is secured by a dual connection protocol, access to data benefits from additional protection since this data is not stored on the machine, but on dedicated and secure servers.
Temporary or permanent staffing agencies that use the PRIM Logix recruitment software are thus assured of benefiting from the best possible protection standards about client and candidate data.
Regularly find on our blog information and advice on the latest news from employment agencies and new technologies. Also, join us on social media to stay up to date with our latest posts and share your experiences. Finally, subscribe to our newsletter and don’t miss any news.