applicant tracking system security

Applicant Tracking System Security: Points You Must Know

Data security has become of great concern these days and rightly so as a huge chunk of critical user data is stored on remote datacenters and accessed on daily basis by various systems through the cloud. In such a scenario, even a small breach can place the entire system at risk of being hijacked and misused for various unscrupulous reasons. Applicant tracking systems or recruitment software is getting advanced by the day. Most of them now use cloud based technology and provide a personal centralized database to the customer. But are they secure enough?


Data breaches are not very uncommon. We constantly keep hearing news about how hackers are getting hold of user data by breaching in even the most secure networks. Data is the biggest currency in today’s world. Equipped with the right kind of data and analytics power, anyone can unleash malicious spam attacks, phishing attacks, banking frauds and more evil plans. Recruitment software deal with huge amount of jobseekers’ data on daily basis. It stores critical personal information such as phone numbers and email ids. Since ATS also serves as an on boarding tool for hired candidates, it also saves candidates documents such as personal IDs, pay slips, mark sheets and others. Doesn’t security become of paramount importance for a tool handling such critical information?

Here is how you can ensure applicant tracking system security:

Use HTTPS enabled Applicant Tracking System to improve data security

HTTPS is the secure version used instead of the HTTP, a protocol which is used to send data from browser to the website through the network. The “S” here stands for secure. This is the basic requirement of any applicant tracking system as most of our work is now done conducted online. To find out if it supports the secure version of the transfer protocol, just check the URL of your online ATS, it must start with https:// .  If the ATS doesn’t run over a secure connection, it is at a greater risk of getting hacked by malicious agents.

Also Read: Why your Applicant Tracking System needs to be changed?

Use GDPR compliant Recruitment Software to protect candidate data

GDPR is a new law that came into effect on 25th May 2018 and applies to all companies that deal with data of any European Union citizen or resident. This law is equally applicable to non-EU companies that provide any kind of service or product to citizens of EU, and therefore, practically every global company on the planet has to be GDPR compliant. Noncompliance will lead to massive fines and loss of brand reputation.  Functions like recruiting that collects personal data of users are at the frontline of this law. Therefore, an applicant tracking system, which practically does everything for a recruiter, from sourcing CVs to maintaining those CVs in a private database should achieve GDPR compliance before being deployed in the organization.


In respect to recruiting, GDPR defines the key stakeholders with basic terminology. Candidates are data subjects, as they can be identified from the personal data they are giving to recruiters. Employers are data controllers as they are in control of the data, and fully responsible for whatever is done with that data. Applicant Tracking Systems and other recruitment tools are data processors as they process the data on behalf of the controllers. Some basic questions that GDPR compliant software providers should be able to answer:

  • Where does the ATS store the data? This is especially important for cloud based ATS providers as they generally store the data on datacenters spread across the globe.
  • Is your ATS collecting data of jobseekers randomly? This is prohibited under GDPR.
  • Does your ATS automatically clean up data of jobseekers that didn’t end up being hired? Storing data of candidates indefinitely, intended for future use is prohibited in GDPR.
  • Does your ATS inform candidates whenever their profile is shortlisted for a role? An uninformed use of candidate data is prohibited in GDPR.
  • What measures is your ATS vendor taking to ensure protection of candidate data? Is there any encryption in place?

Also Read: How to Get Most Out of Recruitment Software?

Addressing Cloud Computing security issues is one of the ways to improve data security

Since the current crop of HR tools boast of being in the cloud, you should make sure that these software do not suffer from any cloud computing security issues. Some common security risks that all cloud based software can experience are:

  • Sharing of cloud resources: Does your vendor shares the cloud between different clients? If yes, does it have the necessary security arrangements so that a threat to another client doesn’t affect your services?
  • Insufficient data backup and out-of-sync data: Since data backup requires additional resources, many cloud vendors give it a miss. This can create a serious situation wherein your data, if held hostage by a ransomware, will be forever lost.
  • Phishing: Due to their openness, cloud based systems are prone to phishing attacks wherein malicious users try to gain critical information like login details. Since anyone can login the system from anywhere and any device, users and vendors have to be extra careful.
  • Other system vulnerabilities: Cloud based systems are still in the evolution stage and therefore, vulnerabilities are not uncommon. There are multiple seams as many third party software are also part of the system, and any vulnerability in these third party software can be exploited to gain access to the entire system. There should be a robust, cloud data protection solution in place to avoid such crisis.

Addressing these security challenges right before deploying a cloud based ATS will help you save a lot of grief later on. There is no doubt that cloud based ATS are the future, but it is necessary to address these security concerns to ensure a smooth run.

Also Read: Why Cloud Based Applicant Tracking System is a Better Option?