With the rise of Recruitment businesses operating online, the volume of transactions being processed is now at an all-time high. Unfortunately, Cyber-attacks are also at an all-time high, which means the vast amount of data held by Recruitment Agencies can be at risk.
The data held by Agencies can include NI numbers, bank account details for individuals and the hiring clients as well as confidential business information of your clients. Ensuring your business is covered with the correct security processes and insurance policies is a necessity. Failure to do so could result in a large GDPR fine for client data that has been lost or misappropriated.
Most Agencies would be unable to trade without access to their IT systems, and an IT outage of only a few days could lead to a significant loss of business and ongoing financial losses.
We often hear stories of how Recruitment Agencies have suffered loses and interruptions to their general day to day operations due to confusion around what event is covered under what policy.
We would recommend that Cyber and Crime policies be bought in tandem as both insure different scenarios. Below, we have laid out some simple differences between the two types of cover that may help your business stay ahead of the curve should an adverse event happen to your business.
Cyber Insurance protects your Agency in the event of your data or systems being compromised by a hacker or virus. This includes 3rd party claims and insurable fines for breach of privacy legislation (such as GDPR), a transmission of viruses and defamatory statements in electronic communications. It also includes your own losses in dealing with cyber extortion, the cost of expert assistance in mitigating the loss and ransom payments (if necessary), costs in reinstating your computer systems following a loss and your lost profit following a system outage.
You log on to your computer to find that your system has been encrypted and all access has been blocked by a 3rd party. They are now demanding payment via Bitcoin. Only once they have been paid will you have your systems back up and running to allow you to start working again.
Crime Insurance protects your Agency against theft of money, securities or property, including fraud caused by employees and fraudulent acts by 3rd parties. Most of these instances happen via your business’s own equipment, be it a work computer, laptop or mobile. This is why a lot of professionals confuse Crime policies with Cyber policies and vice versa.
A good Crime insurance policy includes Social Engineering. Social Engineering is defined within the dictionary as ‘the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes’, and includes a wide range of issues such as “fake president’s fraud” and “phishing”. Again, this is often confused to be covered under a Cyber policy as the fraudulent contact is often made by e-mail or other electronic means.
A fraudster sends an invoice to your accounts department claiming to be from a person in power in your company (e.g. Director, FD or CEO) and demanding that a payment is made to a specific bank account. The fraudster pressurises the employee to release the payment immediately and said payment is released to the fraudster. These claims often fly under the radar until it is too late and the monies are irretrievable.
We recommend the following basic measures be implemented:
o Structured, regular, updated employee education and awareness training
o Internet security software on all systems, including mobile devices
o Regular security updates for all operating systems, application, mobile and browser software
o Strict and enforced password policy for all employees and contractors.
Not all Cyber policies cover all of what is detailed above, and not all Crime policies include social engineering cover.
For more information call Sutton Winson Recruitment & Payroll Insurance on 01444 251 181.