The non techie’s guide to securing your Recruitment website
Internet Security over the past 5 years has become big business. The problem with security around websites however, is the unknown.
It is both easy to say that your website is secure and also easy to suggest that it is at risk. If one of Volcanic's competitors wanted to try to damage our reputation, all they need to do is suggest that we are not secure, as for most customers it impossible to prove whether we are or we are not secure.
So let us explain how we ensure your website is secure, what methods we use to ensure it always remains that way, and how we prove to our customers, their clients and their candidates that it's safe to use our platform: -
SSL (Secure Socket Layer)
A common way for criminals to steal data is by intercepting data sent from a users browser to the recruitment website. We prevent this from happening by implementing a Secure Socket Layer (SSL) Certificate which basically encrypts the data (making it impossible to read).
Server Load (protecting from ‘botnet')
Another way criminals try to break into systems is by overloading them or forcing them to break - through load or botnets. This attack is also called a denial of service attack. If an attack is successful it can reveal to the attacker the technology used and give them the opportunity to inject code in order to access data. Having a successful solution to this type of attack is essential. The Volcanic system successfully defends against such attacks using world leading technology and defensive mechanisms.
When developers build systems, they work to very high standards. However, as most users are aware it is not unusual for that code base to become out of date or for a secuirty vunerability to be discovered.
One of the best ways to defend against this happening is to undertake regular penetration testing (that discovers these vunerabilities) and then to update the systems accordingly. We use a series of tools to ensure our code remains secure. We are also able to apply code fixes across our platform in real time (just like you do when you update your phone software).
The Payment Card Industry Data Security Standard is a standard set by companies like Visa or Mastercard and is used in the protection of credit card data. It is basically one of the highest security quality standards held by a website. Although none of Volcanic's customers store credit card data, we decided that we would build all of systems to this PCI standard and can provide a copy of compliance certificate to our customers.
Internal Security Policies
Finally internal security is as important as the website security so we also have a very detailed internal security policy that all our employees comply with which we are are happy to share.