Here’s why the recruitment sector is open to cyber attacks and how to stop them

By Fay Capstick

The prevalence of cyber attacks is increasing year on year. The industry that we operate in, IT and Digital recruitment and resourcing, is particularly vulnerable to being targeted. This week we will look at what cyber attacks are, why our sector is vulnerable and what steps can be taken to minimise the risk from these attacks.

What are cyber attacks?

A cyber attack is an unauthorised attempt to gain access to a computer system or the data it holds. There are different ways to achieve this including phishing and malware. According to Norton, the anti-virus provider, 75% of cyber attacks start with an email ( As we have seen in our previous blogs, Covid has increased the prevalence of cyber crime. This is due to employees working from home with potentially less secure systems to shield them.

Why is the recruitment sector open to attack?

The recruitment sector is particularly vulnerable to cyber attacks due to the large amount of data, much of it sensitive, that we hold on our clients and candidates. We hold bank details, passport scans, visa details, education history, contact information and employment history. All details that would be very useful to cyber criminals.

How to prevent cyber attacks

Human error: As we have seen from Norton’s research (, the majority of cyber attacks start with an email. So beyond running anti-virus software in your business, and keeping it up to date, one of the best lines of defence is to educate all staff about the risks of opening potentially infected emails.

Further, make sure that remote worker’s devices are kept secure from unintended access, either at home or in public. Also, it is not recommended that public wifi is used. Have workers tether their device to their phone data when using outside of their home or office.

Update your software: Out of date anti-virus software will obviously put your business at risk, so make sure your IT department keeps machines up to date. If you have employees that work from home, ensure that their devices are running updated operating systems and anti-virus software.

Data backups: Make sure that the data you hold is encrypted and backed up to a secure off-site location. Ideally you will have your data backed up in two places and on different storage media. This means that if you are cyber attacked it will be easier to get things back up and running.

Insurance: It is possible to get insurance to cover your recruitment business for the loss it could face if it were cyber attacked. SMEs are very vulnerable to the financial impact of such attacks, so consider getting some insurance in place.

What if you are cyber attacked?

Have a proper procedure in place for such a situation. Your IT department should ideally have a full disaster recovery plan mapped out. This should mean that you are able to restore your systems as quickly as possible.

It is also important to remember to follow your obligations under Data Protection laws and contact any individual whose data has been compromised.

Final thoughts

As we have seen our industry sector is particularly at risk from cyber attacks. It is important for clients and candidates that our industry holds to the highest standards of cyber security to keep the sensitive data that we hold secure.

As our sector within the recruitment industry is IT and Digital, we are perfectly placed to help you find the right candidate to help you with a strategy for your business. Or if you are a cyber security professional looking for your next role, permanent or contract, please visit our job vacancy page to see what we have open (

This website uses cookies to ensure you get the best experience on our website. By continuing you agree to the terms as specified in our cookie policy