There's Always Risk: Why Cybersecurity Is Everyone's Job

Recruitment data is sensitive data. Names, contact details, salary expectations, employment history, sometimes salary slips and right-to-work documents. A breach of a recruiting database is a breach of personal information at scale.

The threat surface grows every year. New tools. New integrations. New AI vendors with new data access patterns. New supply chain exposure. The job is not to eliminate risk. It is to keep it small and contained.

The four most common ways recruiting data leaks

• Credential reuse on personal email after employee turnover
• Excessive data sharing with new vendors during evaluation
• Unsecured CV uploads outside controlled platforms
• Phishing targeting recruiters with realistic candidate-themed bait

What good practice actually looks like

Single sign-on for every tool that touches candidate data. Granular permissions per workspace. Audit logs on every read and write. Encryption at rest and in transit. Data residency options to satisfy regional regulators. Most importantly, a culture where every recruiter understands that they are the first line of defence.

The most expensive breach is the one nobody noticed for six months. Audit logs are not optional.

What to ask any new vendor

• Where is my data hosted, and can I choose the region?
• Will my data be used to train shared models?
• What is the audit log retention policy?
• How do you handle right-to-be-forgotten requests?
• What is your incident response time?

Vitae was built with these answers in mind from day one. GDPR by default. SOC 2 in progress. Hosted on Google Cloud. Data residency in EU and US. Read our full security posture.