A lot of businesses, small and large alike, are turning to applicant tracking systems to make the recruiting process a little easier, faster and more cost-effective. But have you ever thought about just how secure those recruiting software systems are?
Cytiva Software Inc., which provides on-demand talent management solutions, recently released a free white paper that explores ATS security and offers tips for vendors.
Most SaaS applicant tracking system vendors are able to provide levels of security that most organizations can't match internally, but some ATS users mistakingly believe that all vendors can offer the same amount of data security.
“Ask any applicant tracking vendor about security and you’ll get a laundry list of security measures, mostly concerning their physical data center,” Cytiva CEO Jason Moreau said. “But security is an ongoing process that involves not only your data center, but the code base of your application and the execution of ongoing policies and practices to make sure your application, your servers and your security systems remain secure in the face of an ever-evolving threat.”
Every company should be focusing on the importance of security, with more and more cases of it being compromised cropping up. Since early 2006, there have been about four to six HR data breaches per month, according to HR Privacy Solutions.
One problem is that privacy laws vary from state to state. On top of that, employers are often required to notify any affected parties, even if they only suspect that some data may have been compromised.
In example, in 2009, Aetna had to notify 65,000 job applicants that their personal data may have been accessed in a suspected security breach; in 2007, the Gap announced that a laptop containing Social Security numbers of some job applicants was stolen from the company's third-party vendor; and in 2007, Monster.com announced that 1.3 million users had personal information stolen by criminals who hacked into the Web site.
So what should you look for to make sure the software you're getting is secure. First of all, make sure the data center can offer you 24-7 secure entry, secure cabinet and cage space, round-the-clock technical staff, data-grade HVAC, advanced fire suppression system and optimized and redundant power supplies.
You also should make sure your software provider has the right hardware and software protections in place, which include everything from firewall protection to enforcing strong passwords to server monitoring.
In addition to everything else mentioned, your software provider should be able to offer you regular updates and provide new features to avoid any potential security risks.