New employees typically come in excited to start a new position and eager to share their professional news with their friends, family and business network. But did you know this also means they’re suddenly attractive targets for spear phishing, smishing, spoofing attacks and other nefarious cyberthreats?
From LinkedIn to Facebook and Twitter, new hires often reveal their start date, job location (including relocation plans), new title and even new colleagues. In other words, they disclose the kind of information a hacker needs to create a targeted spear phishing attack designed to commit fraud.
Moreover, the first few weeks at a new job are a vulnerable time for employees. Depending on their role, it may be unclear to a new employee what is and isn’t typical, especially when it comes to the people and processes at their new company. For instance, would the CEO email an employee asking for an urgent “favor?” In an enterprise with 1,000 employees, probably not. At a firm with 50 employees, maybe so. It depends on the culture and other factors, which new employees don’t yet understand.
They’re also still getting acquainted with the communication style and tools that are in use at their new workplace, leaving them exposed to potential attackers. Especially at the beginning, it can be challenging for new employees to tell which notifications are real, which services they’ll use and which require a login.
Although new hires are more likely to be targeted by bad actors, all employees need to keep their cyber defenses sharp. Consider these tips from cybersecurity consultants Riskigy on actions your employees can take to help prevent and detect cybersecurity threats:
- Update your passwords and use multifactor authentication (MFA). Make sure that you’re using a password manager software to store and encrypt all your passwords.
- Regularly review your credit report. Hackers will target employee personal information to get access to business information. Review credit reports and financial statements for any odd activity.
- Avoid oversharing on social media. Although everyone wants to share their new beginnings, be careful about sharing too much information about your new job and employer. Oversharing on social media can make it easier to impersonate you and commit identity theft.
On that note, social media platforms are rife with scams, so if you are duped by a phishing campaign or dubious scam links, it can lead to the company’s systems being compromised or infested with ransomware, keyloggers and other types of malware.
Be sure to help new employees navigate the cybersecurity landscape at their new workplace by raising their awareness of your cyber culture and any potential threats. Encourage them to talk to their manager or consult human resources if they get any unusual communications that encourage them to act in an urgent manner, especially if it requires them to click on unverified links.
For help raising cybersecurity awareness in your business, ask us about a cybersecurity assessment.