First level navigation Menu

Are those new hires putting your data at risk?

by James Jolley
Periods of rapid growth are exciting, often chaotic times for small businesses. As new employees join the team they provide an infusion of valuable new perspectives and talents. Unfortunately they also tend to create a lot of new security vulnerabilities as well.

​With younger professionals making up an ever-growing portion of the workforce, it’s increasingly important for small businesses to understand how to mitigate the risks that new hires might introduce. 

The issue boils down to the simple fact that employees are the main source of risk for data breaches. A PwC survey1 on the global state of information security found that current and former employees account for nearly two thirds of all security incidents. And while most of these occur due to inadvertent error and not malicious acts, it doesn’t make them any less damaging to your business. New employees pose an even greater risk because they’re not familiar with your security procedures and may have picked up bad habits in their previous workplace.

Research also indicates that millennials are more likely to compromise IT security than older employees because they often see security as the sole responsibility of the IT team. With younger professionals making up an ever-growing portion of the workforce, it’s increasingly important for small businesses to understand how to mitigate the risks that new hires might introduce.

New employees already have a lot to take in when getting started, but it’s critical that security guidelines are covered in detail early on. The same PwC study1 found that 75% of employees feel under informed about their security responsibilities. Creating a standardized security training for new hires can help close this knowledge gap.

The onboarding process should be designed with the assumption that each new employee has no existing knowledge about security best practices. It’s important to cover even the most rudimentary subjects, such as not writing passwords on sticky notes or opening suspicious emails. This may feel like a remedial course for the more tech-savvy hires, but having it reinforced for everyone is still important.

Here are some other things to consider during the onboarding process:

  • Schedule an in-person meeting with an IT manager or another employee who has a strong understanding of your security policies.
  • Outfit each new hire’s desk with a laminated security checklist, outlining do’s and don’ts in an easy-to-reference format.
  • Schedule an annual refresher training for employees who have been with the company for more than a year.
  • Provide a contact sheet for employees who have questions or think they may have inadvertently put company information at risk.

Taking back control

The proliferation of personal devices and powerful consumer cloud services being used for work have removed much of the control that companies once had over their information. This in turn has entrusted individual workers with protecting sensitive business data. Since employees account for most security breaches, it’s important to shift as much of that responsibility and control back to the company.

This can be done by automating some systems and creating mandatory restrictions where needed. For instance, implementing stringent password requirements and required timed updates can ensure that none of your employees are using easily guessed passwords like “123456” for years on end.
This goes for the IT team as well. Moving to cloud services for things like email and productivity apps greatly streamlines the process of getting new hires up and running, cutting down the amount of ad-hoc configuration that must be done and the potential for errors or inconsistency along the way. This can also ease the off-boarding process when employees are on their way out, which is equally important for protecting your business (nearly 30 percent of incidents involve former employees).

Finally, it’s critical to work with employees and solicit their feedback to ensure the technology tools provided are suiting their needs. If not, they may turn to consumer solutions for things like file sync and share, which puts company information at risk and out of your control.

Information technology and security

Maximize your IT Infrastructure with up to date IT solutions and services.
James Jolley
James Jolley, director of Ricoh Services strategist, brings 18 years of industry knowledge to the role where he is focused on building strategic intelligence with technology infrastructures. Jolley is Cisco CCNA, CCNP, ACE and ITLL certified.
1 Global State of Information Security® Survey 2017 PricewaterhouseCoopers -