Guard your data: simple steps to prevent cyber attacks

The recent cyber-attacks on major retailers like M&S, Co-Op, Adidas, and Harrods have underscored the critical need for robust internal security and screening processes. These incidents, often stemming from third-party involvement and human error, highlight the growing sophistication of criminal organisations and the increasing reports of rogue workers infiltrating workplaces.

To safeguard your organisation from similar threats, here are some essential measures to consider implementing:

Hiring practices

1. Detect AI-generated candidates: Use AI detection tools, such as the AI text classifier from ChatGPT, to distinguish between human-generated and computer-generated text in job applications

2. Competency-based interviews: Opt for competency-based interviews over structured ones to reduce the chances of candidates using pre-prepared answers and regularly update your interview questions

3. In-person interviews: Conduct interviews in person or via video conferencing platforms with background filters turned off

4. Validate work history: Don’t rely solely on CVs or references check official channels, like integrated HMRC information, to verify work history your candidate has provided

5. Identify fake references: Utilise the BHI best practice guide to spot fake references and name changes

6. Digital identity verification: Use digital identity solutions such as AssuredID, which includes Amberhill and SIRA checks

7. Source verification: Verify all data from the source or through integrated solutions where possible

8. Social media checks: Conduct social media and adverse media coverage checks

Employment practices

Conduct annual checks for all employees on the following:

• Credit check

• Social media/ adverse media coverage

• Cifas check

• Work history

• Directorship history

• Criminal record check

Managing temporary workers & contractors

1. Screening standards: Ensure temporary workers are screened to the same standard as permanent workers, including ongoing checks, on an annual basis

2. Centralised screening: Use a centralised screening business or in-house team, and regularly audited supplier screening

3. Accredited agencies: Ensure recruitment agencies hold necessary accreditations, such as REC and APSCo – if the agency does not have a formal screening business or third-party supplier, treat them as high risk

The shadow workforce

1. Third-party screening: Ensure third-party suppliers and contractors adhere to the same screening standards, conducting audits or insist on centralised screening

Cyber security

1. Robust cyber–security plan: Implement a comprehensive cyber security management plan

2. Accreditations: Consider obtaining ISO 27001 or Cyber Essentials accreditations to ensure robust measures are in place and regularly tested

Training & awareness

1. Regular training: Provide regular training, including live testing examples, to help employees identify suspicious activities

2. Culture of curiosity: Foster a culture where employees are encouraged and enabled to identify and challenge suspected activities

For any queries or support, or more information on how we can assist with your pre-employment screening needs, explore our services online or get in touch with an expert today.