Mitigating Cyber Risks Brought on by Hiring Recent College Grads
As the excitement of graduation season settles down, companies everywhere are preparing to onboard the latest group of recent college graduates. Freshly printed diplomas in hand, these new graduates are eager to take on the corporate world. However, the class of 2016 isn’t just bringing new skills and a fresh perspective to the workplace—many also are bringing a low level of cybersecurity training and awareness.
From accessing unsecure Wi-Fi networks and recycling passwords to losing company devices in taxicabs and airports, HR executives have to help manage one cyber threat after another.
To successfully mitigate risks brought on by hiring recent college graduates, HR professionals should extend an invitation to the IT team to aid in the onboarding process. The IT team can play a key role in providing cybersecurity training to recent hires. These training sessions should teach recent graduates how to identify and manage security threats they could encounter on the job.
Here are issues the IT team should cover in their cybersecurity training programs:
1. Beware of phishing scams. One of the major threats facing employees is phishing scams. Phishing is an attempt to acquire sensitive information such as usernames, passwords, and credit card numbers for malicious reasons by masquerading as a trustworthy entity in electronic communication. Phishing typically is carried out by e-mail spoofing or instant messaging, and it often directs users to enter details at a fake Website that is nearly identical to a legitimate one.
Employees should avoid opening suspicious e-mails coming from the company CEO or a colleague. The best way to train new employees on how to detect a phishing scam is to help them identify the types of communication they can expect to receive from colleagues and C-level executives.
2. Exercise caution on social media. The IT team should educate employees on why they need to be careful on social media. Whether it’s sharing proprietary information or clicking on malicious links and ads, it’s important new hires understand how their behavior on social media can affect their reputation and the reputation of the company as a whole.
3. Keep a close watch on company hardware (laptops, tablets, mobile phones). It’s equally important for HR and IT executives to advise employees on how to safeguard company laptops, mobile devices, and other hardware. Employees should be trained to keep a careful watch on company devices in airports, taxicabs, and coffee shops to prevent theft. Likewise, entry-level hires should avoid leaving their laptop accessible in the office, especially in an open work environment. With clients, suppliers, and visitors coming in and out of the office, private information could end up in the wrong hands.
4. Don’t hide in the shadows. While coaching employees on how to monitor company hardware, HR and IT teams should be clear about which tools are approved for accessing company information. Many recent college graduates have become accustomed to using their own preferred private messaging apps, digital notebooks, and file-sharing services. These systems and solutions that are not provided by, or explicitly approved by, an organization’s IT department are referred to as Shadow IT.
It’s critical for entry-level employees to understand basic information security risks, and why IT needs to be made aware of the systems being used that can affect the organization’s information. While Shadow IT can provide a source for innovation, employees need to communicate with the company’s IT team before using “unofficial” technology solutions and services.
By allowing the IT team to take an active role in onboarding, HR departments can minimize risks brought on by hiring entry-level employees. HR executives must implement security training during the initial onboarding process and reinforce it with periodic sessions throughout the course of the employee’s tenure. Together, HR and IT can prevent the loss or exposure of sensitive company data by being proactive in their cybersecurity initiatives.
Mai Ton is the VP of Human Resources at OneLogin, an identity management provider bringing speed and integrity to the modern enterprise. The company’s portfolio of solutions secures connections across all users, devices, and applications, helping enterprises drive new levels of business integrity. Ton is leading the charge to scale OneLogin’s growth and long-term development, with a focus on the people challenges of organizational growth. She sets the people strategy and delivers the support to make it a great place to work.