Data security has become one of the principal concerns executive search firms have today. Candidate and client data is the foundation of any successful search firm and your firm’s largest asset. Where is your data living? How is it secured? Who is responsible? What steps do you need to take in case of a predictable ‘disaster’? These are questions your search firm should know the answers to.
Assuring that your information is protected against data breaches is a top priority for executive search firms. Whether you are a small boutique, have a big team or a global footprint, this should matter to you. Below are some tips to help your search firm establish an information security and disaster recovery strategy:
Develop a Backup Plan
- Ensure you are using cloud providers that can certify your information remains compliant with data regulation for your location and industry
- Make sure your data transmissions are encrypted, as well as any data backups or archives
- Contemplate what could possibly go wrong and set up a plan to ensure you have access to your information should disaster strike. Test your plan periodically
- Dispose of any data that is irrelevant or your firm no longer needs
Determine Your Security Policies
- Set and enforce security policies throughout your organisation
- Determine who should have access to your database and tools
- Understand your obligations in controlling and processing the information of your clients and candidates
- Educate and train your users on IT security measures such as password policy, appropriate file storage locations, and avoidance of phishing scams and ransom-ware threats
- If your search is confidential and not yet fully public, avoid social media
- Releasing information relating to an open search in a place where it is shareable can lead to a disaster. When in doubt, pick up the phone to source instead
Implement Security Audits
- Monitor you users’ activity across different applications and devices
- If established security protocols are breached, ensure that the security teams are alerted to potential abuses or attacks
Consider Hiring a Security Expert
- Whether it is an outside consultant or an in-house ‘Security Officer’, having expert advice is important
- Regularly download software and security updates to avoid the latest threats
- Review and inspect the flow of all internal and external data traffic
- Use analytics to identify changing threats and aid in decision-making. Doing so makes it easier to anticipate threats and minimize breaches
- Perform data classification. Understand what types of information you have and choose the best way to store and protect each based on its sensitivity
Any technology change you make should include consulting with your vendors and advisors to ensure that these information security procedures are being managed appropriately.