When you’re handling sensitive candidate and job data every day, you need to be confident that your ATS is secure.

A secure Applicant Tracking System is essential, not only to protect your candidate records, but also to safeguard your organisation from security risks such as Distributed Denial of Service Attacks.

But how can you tell if your ATS is secure?

1. The first point is an easy – but incredibly important – one to check. You need to make sure that your careers site and login for the back office are running over HTTPS. If they’re not, you need to talk to your supplier to find out why and to check how secure your system really is.

 2. A trusted recruitment software supplier will be audited by security consultants. Has yours been audited? This is important because it’s a good way to make sure that the latest OWASP standards and best practices are being met by your supplier.

Find out if your supplier also runs their sites through SSL certificates. If they do, ask what grade they receive on a scale from A-D (D is not good). If your supplier is awarded an A, this will tell you that the certificate is strong and that the method of implementation is not vulnerable to common attack vectors. 

3. Ask your supplier if your Applicant Tracking System meets the criteria of the CIA Triad. This represents the three core pillars of a secure system:

Confidentiality: Information should only be visible and available to the right people – so candidates shouldn’t be able to see one another’s data, for example. Crucially, attackers shouldn’t be able to access any information.

Integrity: This can span everything from a system ensuring that data isn’t lost or damaged to making sure that only authorised users have access to certain areas of the ATS or data.

Availability: A secure system needs to stay online at all times. If a hacker has the ability to restrict users logging in to their recruiter portal, or a candidate applying for a job, then it is clear there is a vulnerability in the system.

Much of an Applicant Tracking System’s security credentials will be down to its build or implementation, but there are ways that you can help to make sure your ATS is secure too.

1. Check that your password is strong – it’s the cornerstone of system security. A strong password is a mix of numbers (upper and lower case), letters and symbols and should be at least 10 characters long.

2. Put steps in place to make sure you don’t open files or links from a malicious source. Were you expecting the file or link? Do you know the contents of them? Do you know the person who sent them to you? Even PDF and other document files can be used to compromise a person’s computer.

3. Make sure your PC is protected by an effective anti-virus programme, and ensure you update regularly to maintain a good level of security.

If you’re concerned about whether your ATS is secure enough, you must raise it with your supplier.

Protecting both your candidates’ and your organisation’s data is of paramount importance, so if you’re not convinced by your current Applicant Tracking System’s performance, make sure you take steps to address it with your supplier.

Find out more:

Talk to us if you’d like to find out more about system security

Hear from Paul about how to get the best out of your candidate data

Unsure about your recruitment system implementation?

About the author

Tristan Potter

Tristan has a decade's worth of experience writing content and copy for organisations across Bristol and the Southwest of England. He has written on a diverse range of topics, including technology, philosophy, politics, and recruitment. His writing has appeared in The Drum, HR Grapevine, and The Guardian, among other publications. He joined Hireserve in March 2022.