Article Details

How to reduce cyber risk during employee onboarding. Onboarding new employees is an important time for any organization — after all, it's your opportunity to integrate new team members into your company and its culture. But the onboarding time frame also creates a unique set of security risks as you share sensitive information with people who are new to the organization.  This article explores why the onboarding process (and new employees) are attractive targets for cybercriminals. Identify the riskiest areas during onboarding and learn the best practices for mitigating these risks. Why are new employees good targets for hackers? When new employees join your organization, they're in completely unfamiliar territory, with little (or no) knowledge and understanding of your company's processes, communication styles, or security protocols. And this lack of knowledge makes them prime targets for social engineering attacks. Hackers — impersonating colleagues or authority figures within the company — focus their efforts on tricking new joiners into divulging sensitive information or granting access to secure systems. Additionally, new employees are often quite eager to make a favorable, positive impression on their colleagues and their managers. They want to seem engaged, responsive, and cooperative, and this enthusiasm may lead them to quickly click on links or attachments without thoroughly verifying their legitimacy. Hackers exploit this eagerness by crafting targeted phishing campaigns that are more likely to succeed with new joiners. How do hackers identify their new joiner victims? The same way we learn if a colleague or old boss has a new job — via LinkedIn or other professional networking platforms. Hackers peruse LinkedIn to identify new employees and their new position within the organization, then use that information to create highly personalized phishing emails or social engineering attempts that have the greatest likelihood of deceiving a new employee. Where is risk created in onboarding? Numerous areas of risk exist during the onboarding process. One of the biggest is sharing sensitive information, particularly passwords. Many organizations still rely on insecure methods for sharing passwords with new employees, including sending them via plain text SMS or email. These methods are vulnerable to man-in-the-middle attacks, where hackers intercept the communication and gain access to the password. Some companies try to mitigate this risk by having managers verbally communicate passwords to new employees. But while this approach may seem more secure, the reality is that it introduces another potential compromise point in the chain of custody. In essence, it turns the manager into an additional hacking target, increasing the chances that the password may be compromised.  Specops research found another alarming trend when it comes to breached passwords: employees often fail to change the "temporary" login passwords that the IT team provides for their initial logins. When new employees are given temporary passwords during onboarding, they may not prioritize changing them to strong, unique passwords. This oversight leaves the organization vulnerable to attacks, as these temporary passwords are more likely to be weak or easily guessable. Best practices to reduce onboarding risk To minimize the risk associated with onboarding new employees, your organization should adhere to several best practices: Protecting digital assets The onboarding process presents organizations with unique security challenges. To protect your digital assets, you must understand why new joiners are such attractive hacking targets and identify areas during your onboarding process that introduce risk. Implementing best practices — including following the principle of least privilege and conducting ongoing security awareness training — will allow you to reduce your likelihood of a data breach. And for even greater protection, consider adopting a secure password distribution solution like Specops' First Day Password tool.  By taking proactive measures to secure your onboarding process and equipping new employees with the knowledge and tools they need to protect your organization's digital assets from day one, you can significantly reduce the risk of costly data breaches and ensure your company's sensitive information stays safe. Interested in learning how First Day Password can boost your organization's security? Speak to an expert today. Sponsored and written by Specops Software.