Your Customers’ Biggest Summer Security Risk
As nearly everyone knows, employees represent the biggest threat vector when it comes to cybersecurity. Most attacks originate with phishing emails, and many employees have difficulty identifying these suspicious messages. Quite a few also open phishing emails (which may contain suspicious links or attachments). The majority of successful attacks stem from these errant employee actions.
Summer is quickly approaching, and with it a new flock of summer interns ready to land in their new positions. They will be eager to learn the ins and outs of your clients’ businesses–they are, after all, a new generation that’s poised to lead their industries through the next evolution.
There’s one thing to consider: You will want to help ensure they don’t leave your clients’ businesses vulnerable to a ransomware or malware attack while they’re on their lunch break or even while conducting internet research.
When it comes to interns or seasonal employees, companies face the standard employee security issues–non-compliance with password policies, opening suspicious attachments or links, falling for well-engineered phishing scams. This is compounded by new temp employees’ lack of familiarity with company policies and procedures.
Interns may also be more susceptible to account takeover attacks or more advanced spear phishing scams, since they may be more easily convinced that the email they just received came from an executive they’ve never met, or that a well-crafted spoof is a legitimate communication. They may also be more likely to send sensitive data in an unsecure fashion.
Tips for Keeping Your Customers’ Data Safe
There are a number of ways to protect a company from the inadvertent harm that a neophyte employee can cause, while still providing a worthwhile experience for the intern and the company. Talk to your clients about policies they can implement to help avoid intern-related data breaches. Start with the following:
Explain the value of data. College students may be more tech savvy than older employees, but that doesn’t mean they know the value of intellectual property or data. Make sure they understand just how valuable the information is, and the potential consequences if it’s shared or stolen.
Restrict file access. Limit file and application access to the specific tasks interns will handle at the company. In this way, even if their accounts are hacked, the damage can be minimized. If they’re going to be dealing with sensitive information, it may also be a good idea to automatically monitor traffic from their workstations to ensure they aren’t transferring files via personal email accounts or cloud services.
Educate them on company policies. Treat the intern like any other new hire, and make sure they are following company security procedures and password policies.