Hiring new team members always feels like a risk. But it could be adding different kinds of risk than you think.
Picture this: your business is growing, or you’re replacing an employee that’s moved on. You find the perfect candidate, who signs a contract and joins the team. But after hiring that person, things just don’t go as smoothly as you had hoped. Even worse, that new employee makes a seemingly obvious mistake, opening up your business to digital risk or even a full-on cyberattack.
Here’s the truth: it’s not just you, and you don’t have terrible luck in hiring. There’s more going on here.
New Employees Are Vulnerable
It’s true of any of us: there’s a certain level of vulnerability when you’re new at something, or you’re in a new environment. Think of all the things that even highly-skilled new employees don’t know:
- Every aspect of their job
- The company culture
- The names and personalities of the rest of the team
- Your IT policies
Worst of all, new hires don’t know what exactly they don’t know. They may have some ideas and will hopefully follow industry best practices, but they don’t know about that one weird quirk of how your network is configured or how you handle certain customer issues — that sort of thing.
New Employees Are Susceptible to Cyberattacks
Your new hires are operating in this vulnerable state, somewhat surrounded by the inevitable vague confusion that comes with being new. Because of this, they are especially vulnerable to digital attacks like phishing scams and social engineering attacks.
In fact, new hires are much more likely to fall victim to a phishing scheme or social engineering scheme compared to employees that have been around for more than 90 days.
Think of the classic impersonation scheme, where a scammer pretends to be someone important (like you or the HR head) and asks for something slightly unusual, like opening a file or picking up a gift card “for a client”.
These schemes can be tough to spot no matter how experienced an employee is. But put yourself in the shoes of that new hire: you’re already operating with a higher level of confusion or uncertainty compared to the veterans in the office, and you might also be especially nervous about pleasing higher-ups. Worst of all, that new hire doesn’t totally know what you or the HR manager “sound like” over email. The employee can’t see some of the tells, like “that just doesn’t sound like something she would ask me for” or “something just seems off about her phrasing.”
And that’s just one example of how a new hire might get scammed. Here are some others:
- New hires aren’t yet familiar with all the tools and websites you use day-to-day. A phishing email from a fake HR portal or timekeeping system may be harder to spot.
- New hires don’t yet know all your customers and might not spot a bogus invoice.
- New hires are constantly dealing with creating new accounts, password resets, and other kinds of transactional messages. Spotting a fake is harder when you’re already accustomed to getting a lot of real ones.
Solutions include Awareness, Training, and Improved Cybersecurity Frameworks
The first step toward protecting your business from new-hire attacks is awareness: you and your managers and trainers need to know that this kind of attack is common.
Second is training, for existing and new staff alike. Help them identify the signs of schemes like these.
Third, now is a great time to look more closely at your approach to cybersecurity, tightening up your defenses where you can. Blue Ridge Technology is here to help: reach out to our team to schedule a consultation about your approach to IT and cybersecurity.