Why seasonal employees can unknowingly leave companies to a broad range of cyberattacks.
It’s the end of May and summer is just around the corner. If you’re like many businesses, you might be getting ready for a slew of interns or summer workers filing the ranks of new team members around the office. It’s definitely nice seeing new faces, but with those faces might come some new security holes.
You see, employees represent one of the biggest threats to your network cybersecurity.
Most attacks today originate as phishing emails. And many new employees—those that have not experienced suspicious phishing attacks. Most attacks pop up from errant employee actions.
Summer is coming quickly. If your company is expecting a flock of new interns or team members, filling positions, know that your new team mates are willing to learn all the ins and outs of your business. They are, motivated to learn the most in an exciting event-filled summer real world experience. But with all of that learning, they will probably miss out on some of the dangers more seasoned employees will catch (like security).
Today I want to bring up one consideration—you will want to make sure you don’t leave your business vulnerable to ransomware or cyberattacks when they’re on lunch breaks or surfing the web doing research.
Your interns may be more susceptible to falling for scams or opening ways in for hackers. You also are faced with the same standard employee security issues you have with other staff (that eventually get cleared up):
Password policies?
Security training?
Policies and Procedures?
In addition to various phishing attacks or less sensitivity to link clicking, interns may be more susceptible to account takeover attacks or advanced spear phishing scams.
What if one of them received an email from an executive on your team? Would they be more convinced the email to be real? Could they see through a well-crafted spoof?
If a scam email looking for information about people in your company (to further exploit your team), would an intern comply to requests to find and hand over information? Maybe it’s a birthday, maybe it’s a team member’s calendar, or other sensitive data. Your interns are probably the most eager to comply with requests and get anything asked of them completed in a timely manner (i.e., without much forethought).
Here are some tips to keep your data secure with neophyte employees:
Explain the value of data—most new employees (especially those that have hardly worked in an enterprise environment before) that data is valuable. College students may be more tech savvy than older employees, but that certainly doesn’t mean that they understand the value of sensitive data, be it intellectual property or data that can be used to exploit identity theft. Make sure they understand the value of information and the consequences of sharing this data with people that are not privy to it.
Restrict their access—one big security risk we see especially as interns start lining the workforce are businesses that ask for too many permissions for their short term interns. Consider limiting file and application access to the specific tasks your interns will be working on. By minimizing the exposure of your data to those that need to use or see it, you are minimizing the risks of compromising that data. Note: a policy of restricting access to those that need access is a good rule of thumb for all employees on your team.
Restrict their personal accounts—It may also be a good idea to monitor traffic to and from their workstations to ensure that they are not transferring files via personal email accounts. Whether or not they are intending to cause data breaches, interns might not have formed good email habits. Make sure they know that personal email cannot be used at work.
Educate them on your company’s policies—don’t just hand over a handbook chock full of policies and procedures. Treat them like any other new hire and make sure they are following your company’s security policies and procedures (including password policies!).
Establish a structured onboarding and off-boarding procedure—just like any of your other team members when they start or end employment, make sure you are not haphazardly adding them to applications or groups. Employees (especially interns) leave companies with credentials and access intact to some databases—including third party platforms. They might have used corporate passwords to a variety of applications. Make sure passwords are updated and accounts are locked down when an intern or anyone else leaves your organization.
Summer workforces can be a highly valuable resource for your organization and might lead to very valuable long term hires. With proper policies and technological tools in place, you can ensure these arrangements are highly secure. If you have questions about making your business more secure or ways IT can interface with your HR team, contact your business technology manager for advice.
