Your World Recruitment Group uses Proofpoint to combat insider threats

Staffing agency avoids succumbing to common industry risks by investing in user and data activity monitoring

The Challenge

  • Protect large quantities of valuable data
  • Address a range of security issues with a small team
  • Effectively comply with GDPR guidelines

The Solution

  • Proofpoint Insider Threat Management

The Results

  • Successfully augmented a lean team by providing protection against insider threats
  • Gained unparalleled visibility into user activity and data movement
  • Met GDPR requirements with robust tools, without need for additional employees

The Challenge

Valuable data at risk

The recruitment industry has high turnover, and with employees moving frequently from organization to organization, data has a tendency to travel in unauthorized ways. This, combined with the vast amount of sensitive candidate and employment data in play, makes the industry a hotspot for data exfiltration and other forms of insider threat.

A lean organization

Your World Recruitment Group’s five-person IT department is tasked with a wide variety of responsibilities, from technology implementation and management to data security to GDPR compliance. It’s a lot for a small department to manage, and there was not much extra time leftover to actively monitor for insider threats. This is a common theme for many small and midsized recruitment agencies. And it can open them up to insider threat risk.

GDPR requirements

While recruitment is not beholden to many compliance regulations, they must adhere to GDPR regulations. This requires maintenance of confidentiality, secure data practices, detailed audit trails, and breach notifications. And this includes other rules that can be difficult to follow without robust tools.

“Before Proofpoint, it was the Wild West. We relied on email archives, and there was no context behind threat information. There was a lot of deniability. Now we can piece together what happened and come up with hard evidence when we need it.”
Simon Knox, IT director, Your World Recruitment Group

The Solution

Your World Recruitment chose Proofpoint Insider Threat Management because the platform is easy to use, even without deep security training or a large team. And it identifies threats graded by severity without requiring lots of fine-tuning and hands-on alert management.

Safeguarding valuable data

With Proofpoint, the organization gained unparalleled visibility into user activity and data movement. The IT team can detect users who are attempting to exfiltrate data through removable media, such as USB drives and keyboard shortcuts, such as copy/paste or print jobs. And what used to take weeks to resolve has been reduced to one or two days.

Running a lean security organization

Now the small IT department is able to continuously monitor for suspicious behavior without needing to hire more people. And they can easily delegate responsibilities to outside the team. This helps them run a lean, yet effective, security program.

Meeting GDPR requirements with ease

Proofpoint also helps the organization meet a range of GDPR requirements without hiring more full-time employees. Now they can preserve data confidentiality, implement protective measures, and produce detailed audit trails.

The Results

Proofpoint has helped the organization identify and put a stop to several potential insider threats. These include:

  • A user attempting to defraud the organization via falsified business expenses
  • Users creating fake email accounts to impersonate candidates in an attempt to change bank details and ultimately steal money from the organization
  • Rampant sharing of credentials, which could lead to intentional or accidental data leakage

Also, Proofpoint helps the team proactively reinforce their security policy via user reminders that pop up in apps. These include WhatsApp, email clients, and CRMs. And overall, Proofpoint has empowered Your World Recruitment Group to successfully manage their insider threat risk. And all without a massive overhead investment in security personnel and tools. Now the team is able to run lean while feeling confident in their ability to catch intentional and accidental threats, maintain GDPR compliance, and protect their business and reputation.

Download Customer Story