As the weather begins to warm up and calendars turn to summer, the office environment begins to shift. Oftentimes, the beginning of summer marks the welcoming of a host of new employees for an enterprise. Organizations small and large look forward to welcoming new graduates and summer interns to contribute to the workload. Hand in hand, businesses have increasingly embraced HR policies like short Summer Fridays or work remotely Fridays – not to mention the number of employees who plan their yearly vacations around the summer months.
Although the combination of new faces and ‘summer workers’ leads to happier, lighter work environments, the same cannot be said for IT departments who are tasked with managing the security of their organizations. For IT departments, the summer can prove to be the busiest time of year in terms of securing the digital workspace for new temporary and permanent employees coming onboard, as well as dealing with the influx of employees requesting privileges outside of the office.
New faces can lead to new risks
Landing a summer internship has become essential to any undergraduate hoping to break into a desired field, whether that be finance, technology, healthcare or another field requiring strong hands-on experience outside of the classroom. But smart enterprises must be proactive in mitigating the inherent cyber risks that come along with hiring temporary summer interns.
Although recognized as non-permanent employees, summer interns are often given the same access to sensitive company data and the same privileges that full-time employees have, including but not limited to, access to the company file storage cloud, access to HR systems, and access to company credit cards. And in many cases, summer interns are not properly trained in company security protocols despite being given this sensitive information.
Because interns are temporary employees, organizations can drag their feet to dedicate the appropriate time and resources necessary to fully train these employees on cybersecurity procedures. That hesitation can prove to be a fatal mistake for protecting the enterprise, especially as increasingly stringent data privacy regulations are implemented, such as the EU’s General Data Protection Regulation (GDPR).
Recent college graduates also often enter the work force for the first time over the summer. These new hires pose similar threats that interns do. Like most millennials, both recent graduates and interns rely on personal devices for both their personal and professional life. Unbeknownst to most, bringing an unsecured device into the office or even connecting to an unsecured Wi-Fi network at a coffee shop or public park, unsecured devices can be the bridge between sensitive company data and cyber hackers.
When your workers go on vacation, your data does too
As new “summer workers” adjust to work life, other employees take the time to enjoy the warm weather. Hand in hand with the proliferation of working remotely policies and increased vacation time which many organizations have been offering up in an effort to attract the millennial workforce, these employees still not only want, but expect the same access and capabilities that they would have to their digital workspace while outside of the office. And this means a whole lot of work for IT teams who are tasked with maintaining a secure enterprise.
Ensure the cyber safety the of summer months
While IT security education is the foundation of any strong security system, organizations must invest in reliable tools and protocols. Some of these investments include:
- A robust whitelisting program
- Automating onboarding and offboarding
- Application and database-specific admin tools and homegrown provisioning scripts
- Putting access controls in place like geo-fencing, Wi-Fi security, and file hashing
Between temporary summer interns, new full-time hires, and an influx of employees working remotely and traveling, summer can seem more stressful than relaxing for employers and IT professionals. Interns require restricted on-boarding, new hires need full on-boarding, and summer workers need secure remote access. Above all, they all require complete cybersecurity education. Educating temporary, new, and current employees on company security policy will save the IT department from countless headaches and help prevent dangerous cyberattacks.