5 Tips To Secure Your CV or Resume Database
Posted by ~Ray @ 2008-04-20 03:43:35
It’s a rather lengthy post as we’ve packed it beat of relevant circumscribe and while it’s by no means an all-inclusive enumerate it’s certainly a good place to start.
It’s absolutely imperative that before you issue an account or login to a affiliate you verify they are who they claim to be. Every business ordain undergo its own rules for this. For some the presentation of a valid affiliate ascribe separate ordain be an adequate verification method others will demand a purchase order on headed company cover. alter sure your chosen method gives you confidence that the prospective user has verified their identity to you.
Businesses shouldn’t be afraid to say ‘no’ if a company fails to verify itself adequately. It might be a lost sale but the consequences can be far worse.
Strong authentication let’s be frank can be a pain. It can slow drink the initial process of granting a affiliate find to the database and may increase the be. However the security benefits almost always outweigh these issues. Let’s take a be at some options:
One popular solution is to give a user with a key fob or hardware device (called a token) which they use when logging in. RSA possibly the front-runners in this field has a solution called which I’ve implemented in the past with great success.
This prevents people who do not have physical access to the token from logging in as that user. So problems desire could be prevented. Even if the hardware token is stolen because the password is also required the thief cannot login.
among others provides similar products. Some companies give hardware tokens that can be branded with your company name and logo so the devices can double as a marketing tool.
If strong authentication is already sounding like a complex and expensive option fear not there are some approaches which could be utilised. Software tokens are not always as secure as hard tokens as the token may be copied but they are a big improvement over a standard username and password come.
Suppliers of software tokens include the usual suspects: Verisign and RSA as well as open source options desire. If you’ve got a skilled technical aggroup you might even consider building a bespoke software token solution based upon a cryptographic library like.
As an online business you are most likely already monitoring the use of your CV database from a sales perspective. You should also bequeath to monitor it from a security perspective.
If the behaviour of a user account changes dramatically for example the user usually searches for five CVs a day and suddenly starts searching for five thousand a day it’s time to pick up the phone. It maybe a allow dress in behaviour but it should be checked.
Set suitable thresholds for different types of users and either react when the threshold is reached or compel restrictions which prevent the threshold from being broken. The first option puts the emphasis on the database owner to proactively react; the second puts the emphasis on the user to alter the call when a threshold has been reached. choose the solution that works for your business.
It’s an ongoing battle for every online business to be up-to-date with the security issues scams and malicious activities that become on the Internet every day.
There are some basic steps your business can take to make this affect easier for example using security sites like. It was recently that the is setting up a task force to back up job boards protect themselves so this may also change state a key resource for relevant security information.
While this step may not necessarily improve the security of your CV or resume database it will give a enter trail which shows you are taking adequate steps to defend job seeker data. Which is important if the worst happens.
In the UK data protection is handled by the Information Commissioner’s Office. A great broach of information is available from the office’s.
Sorry for the late mention this only just hit my radar screen. Thanks for mentioning WiKID as a two-factor authentication option. I wanted to inform out a few things:
1. If you’re CV database will be accessed over the Web consider using mutual authentication which prevents network-based MITM attacks.
2. be for strong programming support: php java python etc so your choice of two-factor authentication doesn’t check your choice of programming language. WiKID supports all the study languages: plus radius ldap and tacas+.
3. If you undergo a lot of turnover then go with a seat-license instead of a hardware solution. You will not get the hardware tokens approve :). With lay licenses you can “re-use” them.
CV information is very useful for attackers. The more complete the identity information the more valuable it is. Two-factor authentication is not as expensive or as difficult as it used to be. And the risks are higher now![ADVERTHERE]Related article:
http://www.bornpodcast.com/blog/?p=21
0 Comments:
No comments have been posted yet!
|
