Your Quick-Start Guide to Protecting Candidate Data

If the phrase “cybersecurity breach” has you picturing a scene from a hacker movie, you’re not alone. While the threats to your job candidates’ data are very real, it can be hard to imagine them within your own company. Together with Paul de Naray, ClearStar’s Director of Cybersecurity, we created this list of the most commonly overlooked ways that companies put their cybersecurity at risk and how to fix it. Unexpected Ways Security Can Be Breached

• Authorized Access A system doesn’t have to be directly “hacked” in order to reach sensitive data. If the attacker is able to use phishing to collect user credentials, then he/she can gain access to candidate data through normal user access. If the attacker is able to apply for and gain a normal user account, then he/she will have authorized access to steal candidate
• Threats Don’t Always Come From Outside of Your Company A malicious employee may steal candidate data through an “insider attack”. In addition, human error and coding bugs are mistakes that can be just as damaging to your company as an external threat.

3 Easy Safeguards That Every Company Should Consider

• Train your employees on email security to self-detect malicious content Attackers use email attachments and links as primary methods to exploit an employee’s vulnerable system. Simply clicking a malicious link or a file with malware can put your entire company at risk.
• Encrypt candidate data stored on any transportable device Laptops, external hard drives, and other removable media have a high likelihood of being stolen or lost when outside of the company. Encryption will deter an attacker from easily accessing the data.
• Train your employees to detect social engineering attacks Well-crafted attacks will use social methods such as phone calls, emails, and in-person visits to gain access to your company and steal candidate data. Training will help employees spot these attacker methods and thwart their success.

How to Dispose of Background Information All data that is no longer needed should be permanently destroyed in a physical or digital manner. Physical destruction of paper includes using cross-cut/micro-cut shredders; or contracting with a secure document destruction company that delivers locked storage bins, schedules regular pickups, and destroys documents through incineration or other irrecoverable methods. Digital destruction includes secure deletion of data (by overwriting all deleted data) or physically destroying digital devices to prevent data recovery. For more ways to protect your company’s data and security, work with a trusted background screening partner. Contact ClearStar today and we’ll help you get started!

At ClearStar, we are committed to your success. An important part of your employment screening program involves compliance with various laws and regulations, which is why we are providing information regarding screening requirements in certain countries, region, etc. While we are happy to provide you with this information, it is your responsibility to comply with applicable laws and to understand how such information pertains to your employment screening program. The foregoing information is not offered as legal advice but is instead offered for informational purposes. ClearStar is not a law firm and does not offer legal advice and this communication does not form an attorney client relationship. The foregoing information is therefore not intended as a substitute for the legal advice of a lawyer knowledgeable of the user’s individual circumstances or to provide legal advice. ClearStar makes no assurances regarding the accuracy, completeness, or utility of the information contained in this publication. Legislative, regulatory and case law developments regularly impact on general research and this area is evolving rapidly. ClearStar expressly disclaim any warranties or responsibility or damages associated with or arising out of the information provided herein.