What You Need To Know Now About Cybersecurity In Staffing

Cybersecurity has become even more of an issue for Staffing company clients than it was pre-pandemic.
Criminals are looking for low-hanging fruit, and Ransomware as a Service platforms make it easier than ever to
cripple organizations. Here’s an overview of how the world has changed and what Staffing organizations must do
to help protect their customers.

It’s a sensitive time for all companies. For example:
• In its Global Risks Report 2021, The World Economic Forum listed cybersecurity failure as the fourth most
clear and present danger (behind infectious diseases, livelihood crises, and extreme weather events) the
world faces in the next two years.
• More virtual workers have exponentially increased the “attack surface” for would-be cybercriminals.


As the Staffing industry emerges from the pandemic, Staffing clients may be distracted or unaware of the
potential cyber risks of a dispersed workforce.
Busy contractors using the same username/password combinations across multiple accounts can become
victims of credential stuing, a form of cyberattack whereby hackers use previously stolen username and
password combinations to gain access to other accounts.

Although most major video conferencing platforms have taken measures to prevent intrusions, hackers may still
be able to “obtain confidential or sensitive information from participants. The information is then sold to
another party or made available to the public to damage the company’s reputation.”
In a presentation SmartSource sponsored at Staffing World 2021, representatives from Michael Best & Friedrich
LLP (Joseph Dickinson), UHY LLP (Jerry Grady), and UHY Consulting Inc. (Richard Peters) discussed current
cybersecurity and data privacy threats:
• Ransomware—malware software that holds an organization’s data or access “hostage” in exchange for
money (usually paid in cryptocurrency)
• Business email compromise—a tactic in which the attacker, posing as someone the recipient knows and
trusts, requests a transaction (wire transfer, for example) or information that defrauds the organization
• Spearfishing—an email campaign targeting a specific person or group that exploits recipients’ known
interests and contains an attachment or link, which exposes the target to malicious software when opened
or clicked
• Big data dumps—a massive data breach in which customers’ personal information or passwords are stolen
from an organization and offered for sale on the dark web
• Security tooling gaps—a possible gap between the tools an organization needs to protect its data, intellectual property, and customers and the tools it has in place