Security around recruitment databases seems to be a hot-topic right now.. perhaps as much as anything else because the economic downturn has unfortunately led to increased redundancies within recruitment the industry, which is I guess often associate with consultants starting up on their own with data 'acquired' at their former employer's expense.

An article on recruiter earlier in the year talked about this specifically:

http://www.recruiter.co.uk/recession-blamed-for-rise-in-recruitment-data...

Obviously the starting point for protecting your own data is to make sure that the contracts of employment you issue are as water tight as they can be..probably specifically detailing conditions around ownership of data in most cases. Obviously that's one for your lawyers, though from what I've seen (a couple of our clients have successfully pursued former employees for this through the courts) it’s not worth skimping on.

In terms of practical steps you can take with you data though, there are a few things I'd suggest you should review and implement both from the perspective of access and then should the worst happen, being able to limit the damage/ pursue the offender.

The first thing to get out of the way is the contradiction that comes because on the one hand you need to make the data accessible (recruiters need it do their job after all!), but on the other means that there are opportunities for people to steal it...

The truth is that there is no complete solution to this.. recruiters need to see the data to do their job.. (yes you could significantly restrict this.. but in practical terms how is this achieved? -years ago we did have a client who appointed a 'Database Guardian'. Their entire role was to act as the intermediary between the recruiters and the database, receiving requests from the consultants, doing the search and sending them the results one at a time... not recommended... they went bust a long time ago ;-) )

So one way or another, the consultants need to have access.

That said, there are still some things you can do to make sure that the type and level of access they have is appropriate.
In evolve, this means reviewing the many 'user access and permissions' options available to you under Global Admin - turning off all of the things that the recruiter doesn't need to be able to access and restricting their ability to do certain things.

Examples of this include the 'Export to Excel' function, enabling the enhanced security options for Candidate accounts (implements workflow check process to restrict access to candidate account details) and scope of Dashboard views (there are actually lots of other useful options in there that aren't directly to do with security, but cover things like making sure a particular process workflow is stuck to.. one for another article probably.. do ask the support guys about it though).

Next on the list is looking at how your consultants are accessing the data.

One of the great things about the 2-factor authentication system we use for evolve (the hardware key 'etoken' that each consultant has) is that you can guarantee that firstly there is only 1 person able to access each account at any one time (so a consultant can't 'share' their username and password with a mate for instance) and the second is that because they are personalised with a digital certificate that is unique to that individual, you can be certain that activity on the system was actually them (both of these facts were material in recent court cases I talked about above).

This is one of the key security benefits evolve offers vs. other online recruitment software solutions..someday the other providers will wake up to just how inherently vulnerable username+password based systems are.. until then, we'll continue to see things like the Monster hack of a year or so ago
: http://news.bbc.co.uk/1/hi/technology/6956349.stm

evolve version 4 included the ability to switch on login tracking for consultants (Global Admin>Users and Permissions>View Logins) which shows when they logged in to the system each time.

The final technique to consider then database seeding.

This approach seeks to minimise risk that the data will be wholesale copied (with the best will in the world, even if you lock access right down you can't be looking over a consultant's shoulder 8 hours per day.. they could just write stuff down..), while offering you some prospect of catching someone who has managed to copy data.

To be effective, you will need to have a sufficient number of false records and make them all sufficiently plausible (full contact info, variety of email hosts).

The real power of this technique though comes about because you then need to make widely known to the consultants that the database is seeded in this way.

This at the very least will probably prevent the data being mass mailed if it is taken.. more usually in my experience it puts the would-be thief off completely..

The other option of course is not to tell them and then make good after the event.. I know of at least 1 data supplier in the industry who used this to great effect a number of years ago.. my advice though would always be that prevention is much better than retribution (less time and you don't make the lawyers rich !)

A while ago, I wrote about some of the problems people can encounter with 'all-in bundles' in services offices that include a broadband connection (summary: most good, some bad, check you contract before signing to make sure you have options!)..  today though Ofcom have released a copy of their report into UK broadband providers which includes some interesting results.

You can read the Ofcom broadband speed summary  or view the full Ofcom Broadband speed report

If you can't be bothered to wade through all of that, the summary is that for almost all of the surveyed providers... actual throughput was around 50% of the headline figure (so an '8Mbit connection' was actually pushing through 4Mbits)... which for those on the inside of the industry is not new news (the physical limitations of the technology means this will invariably be the case)...

From the service consumer's point of view though, what they are being sold, doesn't match with what they are getting and while evolve customer's don't have anything to worry about from our system's point of view (evolve will support dozens and dozens of users from a typical ADSL connection), the increasing use of online video sites and the balooning average email size is more demanding. With the use of video (online interviews, CVs etc) set to rise, the throughput speed you can attain might just become a more important factor for many.

Interestingly, the one service provider who stood out head and shoulders above the rest was Virgin Media (now owners of NTL/ Telewest), who were also the only provider to have invested in their own dedicated network (everyone else pretty much piggy-backs on BT's cloud).. with Virgin topping out at between 8 and 8.7Mbits on a 10Mbit line, if you have the option they might just be a goood bet.

There is no doubt that this has been a tough year for many of the 50 or so (yes there really are that many..!) front office recruitment software providers out there today..

We've already seen the demise of one or two (RSS Eclipse was most notable, they got 'phoneixed' and fire-sale'd for a few grand allegedly).. with such an oversubscribed market (most of whom are really small 'a couple of guys in a garden shed' operations), further consolidation is inevitable.

The trouble is that with the majority of those providers offering a traditional up-front investment, LAN based license solution.. the pain that many of those businesses are in (they gotta kill-what-they-eat each month to survive) is severe to say the least (in the last month alone, we've seen 3 of the better known providers lose their Sales Managers).. as they say, it ain't gonna be pretty and there are going to be more casualties... 

If you're worried about you current provider, you might want to get a credit check.. Experian have a good service for this).. likewise, if you are thinking of moving, do make sure that they are going to be around for the long term! (by all means check us out too ;-) you'll see we've got a good rating, strong balance sheet and no 'history'..)

Actually, the precarious position that some of the recruitment software providers are in is really only half of the story..

What makes it worse for the LAN guys (and their customers) is that long before shedding sales staff, the have been quitting investment in product development (2 years ago, finding good developers with experience in our industry was challenging.. in the last 6 months, I've seen CVs from developers ex many of our competitors), which means that even when things do improve, their customers are going to find themselves way behind the curve..

For the established SaaS providers like evolve though, life is a much better :-)

The thing is that although it takes a while to build a customer base up (we've been doing this since 2001), the benefit of a stable income stream, coupled with a diverse customer base (200+ customers in 40 sectors), for whom the monthly fee is a really small part of their overall op-ex has really come good.

So as they say..trading conditions might remain 'challenging', actually, but we are in great shape and having made significant investments last year to support future grown and with a strong balance sheet and cash in the bank, to be honest we are pretty happy right now.

In fact, although we'd planned for a quite year, it's been anything but..   Our strong position and commitment to our continuous development program has meant that there's been no let up in the investment we make in developing and supporting our product.

Behind the scenes, the dev team been working had for the past few months on evolve V5.. which is going to be huge news for our customers.

There's going to be an official announcement on it in the next few days, so for now I can't say too much... there are some great new things though, including new tools for search and selection, particular emphasis on recruitment though social networks and some awesome new features for the CV pool that are going to really help all those recruiters who have seen such a huge increase in the number of candidate CVs through to their inbox...

..there's also a new look and feel, lots of new modules and options, an upgrade to document managent and one really big new item that absolutely rocks .... you'll have to wait a few more days to find out what it is though ;-)