Your Customers’ Biggest Summer Security Risk
Seasonal employees can unknowingly leave companies open to a wide range of cyber threats.
May 15, 2019
Sponsored by Barracuda MSP
As nearly everyone knows, employees represent the biggest threat vector when it comes to cybersecurity. Most attacks originate with phishing emails, and many employees have difficulty identifying these suspicious messages. Quite a few also open phishing emails (which may contain suspicious links or attachments). The majority of successful attacks stem from these errant employee actions.
Summer is quickly approaching, and with it a new flock of summer interns ready to land in their new positions. They will be eager to learn the ins and outs of your clients’ businesses–they are, after all, a new generation that’s poised to lead their industries through the next evolution.
There’s one thing to consider: You will want to help ensure they don’t leave your clients’ businesses vulnerable to a ransomware or malware attack while they’re on their lunch break or even while conducting internet research.
When it comes to interns or seasonal employees, companies face the standard employee security issues–non-compliance with password policies, opening suspicious attachments or links, falling for well-engineered phishing scams. This is compounded by new temp employees’ lack of familiarity with company policies and procedures.
Interns may also be more susceptible to account takeover attacks or more advanced spear phishing scams, since they may be more easily convinced that the email they just received came from an executive they’ve never met, or that a well-crafted spoof is a legitimate communication. They may also be more likely to send sensitive data in an unsecure fashion.
Tips for Keeping Your Customers’ Data Safe
There are a number of ways to protect a company from the inadvertent harm that a neophyte employee can cause, while still providing a worthwhile experience for the intern and the company. Talk to your clients about policies they can implement to help avoid intern-related data breaches. Start with the following:
Explain the value of data. College students may be more tech savvy than older employees, but that doesn’t mean they know the value of intellectual property or data. Make sure they understand just how valuable the information is, and the potential consequences if it’s shared or stolen.
Restrict file access. Limit file and application access to the specific tasks interns will handle at the company. In this way, even if their accounts are hacked, the damage can be minimized. If they’re going to be dealing with sensitive information, it may also be a good idea to automatically monitor traffic from their workstations to ensure they aren’t transferring files via personal email accounts or cloud services.
Educate them on company policies. Treat the intern like any other new hire, and make sure they are following company security procedures and password policies.
Launch a simulation training program. Using a phishing simulation platform like Barracuda PhishLine can allow your customers to regularly re-train all employees (including interns) on new security threats and how to identify potential threats. In the case of Barracuda PhishLine, companies can use pre-configured templates and risk assessment surveys to help customers assess and address vulnerabilities and education within their businesses.
Businesses without the time or resources to manage a simulation program can use Barracuda’s Managed PhishLine. With this service, Barracuda MSP can manage campaign planning, execution and reporting on the behalf of an MSP. This training will not only benefit the interns during their stay at your clients’ company, but what they learn can also be transferrable to any other companies they may work for down the line.
Establish structured onboarding and offboarding procedures. Adding and removing employees haphazardly from applications, email and other systems can often create new security gaps. Employees (interns and otherwise) often leave companies with credentials and access intact for some databases or third-party platforms. The former employee could use these credentials maliciously, or, in some cases, these “dead” accounts can be exploited by cybercriminals.
Human resources and IT should work together to create a centralized onboarding process that will enable the company to keep track of employee credentials and accounts. This can include centralized authentication and password management, as well as an identity management system. Additionally, there should be systems in place to track and manage employee and intern access to external sites, including website analytics, blogs, social media platforms and other solutions.
With centralized tracking and management in place, it’s much easier to turn off access once the intern or employee leaves the company.
Summer internship programs are a valuable resource for companies scouting for new hires, and students trying to gain real work experience. With the proper policies and technology tools in place, these temporary work arrangements can also be highly secure.
Brian Babineau is Senior Vice President and General Manager for Barracuda MSP. In this role, he is responsible for the company’s managed services business, a dedicated team focused on enabling partners to easily deliver robust, flexible IT solutions to customers.
This guest blog is part of a Channel Futures sponsorship.
Read more about:
MSPsAbout the Author
You May Also Like