Cybersecurity a priority for the background screening industry
Cybersecurity protection is important for any industry where dissemination of personal information is paramount. Considering the potential for damaging data to become public, the background screening industry must be particularly vigilant in protecting its networks.
Cybercrime is one of the biggest challenges faced by businesses in the coming decades, experts say. Market analyst Juniper Research predicts data breaches will cost businesses over $2 trillion by 2019, while research firm Cybersecurity Ventures ups the ante to $6 trillion by 2021.
Databases, hardware, firewalls and networks are all vulnerable to an array of ransomware and malware attacks. Phishing and spear phishing, for example, involve a hacker sending a fraudulent email requesting personal information from the recipient. A background screening employee answering the email could unknowingly trigger a virus that gives a perpetrator access to sensitive client or job candidate information.
In June, a cyber virus crippled thousands of businesses globally, locking computers and demanding victims to pay a $300 ransom in bitcoins to get their data back. The online extortion attempt was similar to a WannaCry ransomware attack in May that plagued the UK's National Health Service (NHS) and thousands of nonupdated networks and systems around the world. Last year, the largest ever Distributed Denial of Service (DDoS) attack took down hundreds of websites, including Netflix, Twitter and Reddit.
Many cybersecurity penetrations derive from existing IT and network infrastructure, but newer threats are targeting mobile phones as well as an ever-expanding list of IoT (Internet of Things) devices.
"As background screening companies will have the personal information of (job candidates), a data breach could result in all sorts of issues for those individuals," Dr. John Nicholas, a professor of business and information technology at University of Akron, told OPENonline. "Identify theft, harassment and loss of current employment are just a few of the problems they may face."
While the dangers of an unprotected network are evident, background screening firms may be wondering what can be done to shield themselves from sabotage. In basic terms, cybersecurity focuses on protecting computers, networks, programs and data from unauthorized access.
IT experts say companies and industries should at least be continually assessing all of their connected systems, along with installing a well-funded and compliant security program. Other processes that should be implemented include a formal security policy, educating employees on your cybersecurity system, and continuous testing of the system itself.
Any security plan should harness encryption, which makes data unreadable through the use of complex algorithms. Firewalls, intrusion detection systems (IDS) and antivirus software are a few other must-haves for background screening businesses interested in guarding against the inevitable breach or malware attack.