The recent story published on Recruitment Grapevine of how a recruiter allegedly stole valuable client data from his employer before taking it to his new firm, should raise serious concerns for owners and directors of all recruitment companies about the security of your data.
The value of your business is made up from the relationships you have with your clients and candidates – and their information, your data, is vital to the longevity of those relationships and ultimately, your business. So how can you protect yourself?
First and foremost, you need your consultants to use your CRM. All contact and candidate information and all activity should be recorded in there, so that the business is in control of the data.
As business leaders you need to ensure that your database is secure. Look at how your system is configured and how much data is available throughout your business.
Access management tools will control user access or hide records, so consultants only have visibility to those they legitimately need to see. This is particularly useful if you have separate divisions of the business or different teams working on specific industries, locations or markets.
Giving consultants the opportunity to export clients or candidates en-masse leaves you open to the possibility of data theft. The ability to export data from the CRM should be restricted to only those who need it for their day-to-day role (e.g. marketing may need it to export mailing lists). Limits can also be set on how many people a consultant contacts via email. As well as preventing someone leaving with your data, this has an added advantage of preventing your team from ‘spamming’ with email.
Security modules can track data that has been changed and/or deleted from your system, providing you with a reliable audit trail that identifies which users have performed particular actions.
If you run your database on your premises, it may be time to consider a cloud-based solution. Your data is stored off-site in a high-security, disaster-proof location, making it impossible for anyone to physically steal or attack your server hardware.
If the media reports are correct, clearly one business has already paid the price for not securing their data. Fortunately, stories as extreme as this are rare and in the main we can trust our colleagues to work for the best interests of the business and to respect the ethics and law of the situation. But don’t take that risk. Preventing data theft can be relatively simple. Take some time to review your processes and system security, it really could be the most valuable action you take.