In the coming weeks, tens of thousands of new college graduates will join the ranks of companies in North America and across the globe. While an important addition to the team, these entry-level employees are bringing much more than their skills and experience to the workplace – many are bringing poor cybersecurity habits.
From accessing unsecure Wi-Fi networks in coffee shops to losing company laptops in airports and taxi cabs, companies will have to manage one cyber scare after another.
To minimize the risks brought by the recent college graduates, it’s essential HR executives invite the IT team to participate in the onboarding process. While most of these incoming millennials are skilled with using technology, the majority have limited cybersecurity training. It will be necessary, therefore, to ensure that training in security – and company policies on BYOD – are part of their onboarding.
During these cybersecurity training sessions, the IT team should educate new hires about the internal and external security threats they may encounter on the job. Be sure to cover these four areas in your cybersecurity training program:
1. Beware of phishing scams
One of the major threats facing employees are phishing scams. Phishing is an attempt to acquire sensitive information such as usernames, passwords and credit card numbers for malicious reasons by masquerading as a trustworthy entity in electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter details at a fake website that is near identical to a legitimate one.
Employees should avoid opening suspicious emails coming from the company CEO or a colleague. The best way to train new employees on how to detect a phishing scam is to help them identify the types of communication they can expect to receive from colleagues and C-level executives.
2. Be careful what you share online
Both HR and IT need to educate employees about why they must be careful on social media. Whether it’s sharing proprietary information or clicking on malicious links and ads, it’s important new hires understand how their behavior on social media can affect their reputation and the reputation of the company as a whole.
3. Keep a close eye on corporate devices
It’s equally important for HR and IT executives to advise employees on how to safeguard company laptops, mobile devices and other hardware. Employees should be trained to keep a careful watch on company devices in airports, taxi cabs and coffee shops to prevent theft. Likewise, entry-level hires should avoid leaving their laptop accessible in the office, especially in an open work environment. With clients, suppliers and visitors coming in and out of the office, private information could end up in the wrong hands.
4. What apps you can and cannot use
While coaching employees on how to monitor company hardware, the HR and IT team should be clear about which tools are approved for accessing company information. Many recent college graduates have become accustomed to using their own preferred private messaging apps, digital notebooks, and file sharing services. Systems and solutions that are not provided by, or explicitly approved by, an organization’s IT department, are referred to as Shadow IT.
It’s critical for entry-level employees to understand basic information security risks, and why IT needs to be made aware of the systems being used that can impact the organization’s information. While Shadow IT can be a source for innovation, and convenience for the individual, employees need to communicate with the company’s IT team before using “unofficial” technology solutions and services.
The bottom-line is that security training is an essential step in minimizing risks brought on by hiring entry-level employees. It is critical for HR executives to introduce cybersecurity training during the initial on-boarding process and periodically throughout each phase of the employee’s tenure.