Do you believe your business is too small to be a target for cyber-attacks? You could be right, or you could be one of the thousands of businesses which find out the hard way they are absolutely not too small for hackers and other cyber threats.
And, what’s worse, believing you are too small of a business entity to gain the attention of cyber criminals - despite the high volume of personal data you receive and store as a recruitment business – does more damage as you are leaving yourself open.
This is the opinion of Michelle Joosse, (pictured right) CEO of Hotline IT, who will present a free webinar for
RCSA members on May 1 looking at the Cyber Threat Landscape: How it's evolving & how to respond.
“I feel in general businesses are unprepared and under protected against the threat of cyber-attacks,” Joosse said. “They are far too complacent and trusting of their digital security.
“The recruitment industry in particular holds important privileged and personal data of employment candidates and contractors. If that is breached, it would be costly to defend and to repair trust.
“In the webinar for RCSA members, we will be discussing the common methods of cyber-attacks, consequences of a cyber-attack or data breach, how to mitigate your chances of attack and where to get help in ensuring you are protected.”
Joosse said the biggest current threat to cyber security to a business is its staff who either have a lack of training about cyber security or have become complacent about it.
Recent reports following the introduction of the Notifiable Data Breaches Scheme (NDBS) in Australia and the General Data Protection Regulation (GDPR) in the EU clearly point to user error as a key factor in data security breaches.
“The cyber criminals are always one step ahead and with all the protection in place, it only takes one person to click on a link in a dodgy looking email link to cause damage,” Joosse said. “Too many businesses think it won’t happen to them. But SMEs are prime targets and you could be leaving yourself vulnerable to attack if you have not covered all the bases.”
Joosse explained Hotline IT was offering the free seminar on cyber security to RCSA members because of the need to ensure members are educated about the potential risks and how they can protect themselves against them because of the volume of personal data they receive.
“We already work with a number of RCSA members, so feel that we have a great understanding of the challenges and pain points of the industry,” she said. “We feel the recruitment industry, with its share of personal data, is at a high risk of a cyber-attack and we want to educate members on what they can do to mitigate a successful cyber-attack.”
Joosse added that hackers had already reached a point of sophistication where they are able to develop viruses and malware which businesses will be unable to protect against. Joosse says this is called the Zero Day Threat and is actually “very common”.
“This is why having systems that are able to query live security threat assessment systems is so important,” she continued. “Just having a firewall and antivirus is no longer enough.
“Having an Advanced Threat Protection (ATP) that is part of a worldwide security reporting system is so important. This means that anything that is found can be analysed by an AI service. “If it looks suspect, it can be stopped just on it being suspect. It will then be further analysed and if found to be harmful, will be added to the list for all the systems to know about.”
While the motivations for hackers are varied and often hard to fathom, from a quest for money to simply showing they are smart enough to beat systems, the need for strong cyber security is clearly less difficult to understand.
“Cyber security doesn’t have to be expensive,” Joosse said. “Many customers do not understand the systems they have so they use the band aid approach where they buy something that fixes a problem, without realising they already have a solution.
“We see this often with sales people going to a customer and selling a single solution such as AntiSpam. The client will most likely already have a solution in place, which may not be turned on, or requires some further configuration.
“The cost of not having strong cyber security can be your whole business, reputation and the potential exposure of personal data. This can be mitigated against by starting with simple steps such as having strong passwords, but it is also a multi-layered approach so no single step will fix the problem. "There are several solutions that are tailored to SMEs on a budget. It can be a painless process moving from insecure systems into a secured one.”
Her top tip for businesses when it comes to combating cyber security is simple: “Do not ignore it, do not think you are not a potential target,” she said. “Anyone is a target and the easier you make it, the more you will lose.”
Registrations for the Cyber Threat Landscape: How it's evolving & how to respond webinar can be made here.