The way to scale back cyber threat throughout worker onboarding

Onboarding new staff is a vital time for any group — in any case, it is your alternative to combine new staff members into your organization and its tradition. However the onboarding timeframe additionally creates a singular set of safety dangers as you share delicate data with people who find themselves new to the group. 

This text explores why the onboarding course of (and new staff) are engaging targets for cybercriminals. Establish the riskiest areas throughout onboarding and be taught the very best practices for mitigating these dangers.

Why are new staff good targets for hackers?

When new staff be a part of your group, they’re in fully unfamiliar territory, with little (or no) data and understanding of your organization’s processes, communication kinds, or safety protocols. And this lack of information makes them prime targets for social engineering assaults.

Hackers — impersonating colleagues or authority figures throughout the firm — focus their efforts on tricking new joiners into divulging delicate data or granting entry to safe techniques.

Moreover, new staff are sometimes fairly wanting to make a positive, constructive impression on their colleagues and their managers. They need to appear engaged, responsive, and cooperative, and this enthusiasm could cause them to shortly click on on hyperlinks or attachments with out totally verifying their legitimacy. Hackers exploit this eagerness by crafting focused phishing campaigns which can be extra more likely to succeed with new joiners.

How do hackers establish their new joiner victims? The identical method we be taught if a colleague or outdated boss has a brand new job — through LinkedIn or different skilled networking platforms.

Hackers peruse LinkedIn to establish new staff and their new place throughout the group, then use that data to create extremely personalised phishing emails or social engineering makes an attempt which have the best chance of deceiving a brand new worker.

The place is threat created in onboarding?

Quite a few areas of threat exist in the course of the onboarding course of. One of many greatest is sharing delicate data, significantly passwords. Many organizations nonetheless depend on insecure strategies for sharing passwords with new staff, together with sending them through plain textual content SMS or e-mail.

These strategies are susceptible to man-in-the-middle assaults, the place hackers intercept the communication and acquire entry to the password.

Some firms attempt to mitigate this threat by having managers verbally talk passwords to new staff. However whereas this strategy could seem safer, the truth is that it introduces one other potential compromise level within the chain of custody. In essence, it turns the supervisor into an extra hacking goal, growing the possibilities that the password could also be compromised. 

Specops analysis discovered one other alarming pattern relating to breached passwords: staff usually fail to alter the “temporary” login passwords that the IT staff offers for his or her preliminary logins. When new staff are given short-term passwords throughout onboarding, they might not prioritize altering them to robust, distinctive passwords. This oversight leaves the group susceptible to assaults, as these short-term passwords usually tend to be weak or simply guessable.

Greatest practices to cut back onboarding threat

To attenuate the danger related to onboarding new staff, your group ought to adhere to a number of finest practices:

• Comply with the precept of least privilege: When organising new consumer accounts, grant staff solely the permissions they should carry out their job features. Limiting entry to delicate data and techniques can scale back the potential harm if an account is compromised.
• Set up clear cybersecurity insurance policies: Your group’s cybersecurity is barely as strong as its weakest space. With this in thoughts, make sure you develop complete safety insurance policies that cowl all points of your group’s digital setting. These insurance policies needs to be clearly communicated to new hires throughout onboarding, making certain they perceive their roles and tasks in sustaining a safe work setting.
• Conduct common safety consciousness coaching: Offering ongoing coaching to all staff, together with new hires, is essential for conserving them knowledgeable in regards to the newest safety threats and finest practices. This coaching ought to cowl matters like figuring out phishing makes an attempt, creating robust passwords, and dealing with delicate data securely.
• Implement safe password distribution: As an alternative of sharing an worker’s first password in plaintext or verbally, think about using a safe answer like Specops’ First Day Password performance in Specops uReset. This instrument permits new staff to set their very own passwords via a safe, self-service portal, eliminating the necessity for plain textual content transmission or verbal communication. And by integrating with different Specops merchandise, resembling Specops Password Coverage with Breached Password Safety, your group can make sure that new staff create robust, distinctive passwords that comply together with your group’s safety insurance policies.

Defending digital belongings

The onboarding course of presents organizations with distinctive safety challenges. To guard your digital belongings, you could perceive why new joiners are such engaging hacking targets and establish areas throughout your onboarding course of that introduce threat.

Implementing finest practices — together with following the precept of least privilege and conducting ongoing safety consciousness coaching — will mean you can scale back your chance of an information breach. And for even better safety, think about adopting a safe password distribution answer like Specops’ First Day Password instrument. 

By taking proactive measures to safe your onboarding course of and equipping new staff with the data and instruments they should shield your group’s digital belongings from day one, you’ll be able to considerably scale back the danger of expensive information breaches and guarantee your organization’s delicate data stays protected. Concerned about studying how First Day Password can enhance your group’s safety?

Communicate to an skilled at this time.

Sponsored and written by Specops Software program.