Skip links

Safeguarding Candidate Data in Your Applicant Tracking System: Best Practices for Recruitment Agencies

Recruitment agencies heavily rely on Applicant Tracking Systems (ATS) to streamline their recruitment processes. While highly convenient and powerful, because they house large amounts of sensitive data, the critical responsibility for safeguarding this data rests on your agency. In this blog, we will explore the vulnerabilities that can lead to the compromise of your sensitive ATS data, and how you can prevent unauthorised access by prying eyes.


How Cyber Criminals Can Access Candidate Data in Applicant Tracking Systems:

Cyber criminals will find a treasure trove of information in an ATS that can be used for purposes such as fraud, and there are a number of vulnerabilities that they can exploit to access it:

    • Vulnerable User Accounts: Simple or reused passwords, as well as single factor authentication will make it easier for unauthorised users to gain access.
    • Poor User Practices: Whether its signing onto your ATS via public Wi-Fi networks, password sharing, or using other users’ accounts, user practices can create vulnerabilities.
    • Insufficient Access Controls: Without proper role-based access, sensitive data can be exposed to unauthorised internal users.
    • Insecure Data Transmission: Data that is transmitted insecurely is like sending a postcard through the mail – anyone who intercepts it will be able to read it.
    • Back-End attacks: SQL injections and cross-site-scripting attacks are two amongst a range of technical attacks that manipulate database and browser vulnerabilities to gain access to ATS data.

Cybercriminals may use user credentials, unsecured networks and even attempt hacking into databases to access ATS data. Taking steps to secure your data, while using a reputable vendor that takes these steps themselves while offering security features such as multi-factor authentication and single-sign on, will prove valuable for keeping your ATS data secure.


Actions You Can Take to Secure Your Applicant Tracking System

Some of these in-app suggestions may or may not be available on your ATS. If an ATS lacks these capabilities, it is likely to indicate the ATS vendor is not as focused on cyber security as they should be.


Enforce Multi-Factor Authentication (MFA)

Require a combination of something the user knows (a password), something the user has (such as a smartphone) in order to enable them to login.

Adopt Single-Sign On (SSO) Where Possible

SSO is a convenient and secure way of giving your users access to a range of applications using one account. SSO is offered by companies like Google and Microsoft for example for various digital services. It offers a more streamlined, configurable, and centrally controllable password management experience across your applications. Some ATS solutions offer SSO.

Strong Passwords and Regular Password Updates

You can set organisational policies for your organisational SSO using platforms such as AzureAD if your ATS is included, or using the administrative features, where applicable, of your ATS software to enforce stronger passwords.

Failing this, password managers can be used to lower ‘password fatigue’ (the tendency to use duplicate passwords across apps) while strengthening passwords for user accounts in and beyond your ATS.

Train Your Team to Use the ATS Securely

Get your people aligned with your policies by training them to access and use the ATS safely. Ensure they understand data protection laws, best practices for adhering to them, and how to access the ATS safely using secure networks and tools such as VPNs.

Limit Access Using Role-Based Permissions

Keep access to features and data on your ATS available on a need to know or use basis, and take care to review user accounts and access permissions.

Use Secure Networks

Ensure the ATS is accessed using secure, encrypted networks, which will mean avoiding public Wi-Fi networks. VPNs can also be a helpful way of doing this.

Verify Your Vendor’s Cyber Security Credentials

In an important way, the security of your ATS data can only be as good as your vendors. Take care to enquire with your current and potential vendors about the measures they have in place to keep their hosted data and infrastructure secure from cyber attacks.


Final Thoughts

By taking these steps to secure your ATS from cyber threats, you can ensure the continued trust between your agency and your clients and candidates, while keeping your operations resilient to disruptions. Knowing the risks that can lead to the compromise of your ATS and implementing these recommendations, you can cultivate a solid cyber security posture that enables your agency to focus on creating delightful outcomes for clients and candidates alike.


Virtual IT: Trusted Cyber-Security First Technology Partners

Based in London, Virtual IT are a trusted IT partner to over 700 businesses and schools across the UK with a leading cyber-security first approach. We provide a fully managed IT solution focusing on proactivity, strategy and security. We help our clients to tap into the wealth of advantages that secure technology can offer to them. See how in our case studies.

Want to see the difference Virtual IT can make for your business? Book a meeting with us today, we’ll be glad to support you with any tech challenge that you’re facing.