With the summer vacation period beginning, it also means the start of seasonal employment. But beware, it also means that this is the gateway for pirates!
Ignorance of the company
By definition, the seasonal worker is not particularly familiar with your company, working methods, contacts etc... This means that he will probably be more sensitive to phising attempts. Why is this? Someone who does not know the company's habits might not be surprised to receive an email with an Excel invoice file attached, for example, if they are unaware that these are not your ways of working.
Furthermore, a seasonal employee may not be used to your usual contacts at suppliers or customers, and may therefore once again take the bait on an email from one of these potential contacts.
Controlling his arrival/departure cycle within his IS
A temporary employee is also a risk within the IS. For example, an account forgotten when leaving can be a nice back door for an attacker. Especially since there can sometimes be many accounts in this case during the summer, for example in a hotel.
This also means that it is necessary to audit the permissions of these employees (as well as those of all others) to make sure that only the bare necessities are allowed. We must never forget that the attack can also come from the inside (as I was talking about in my other article recently) and remain attentive to the actions of these "temporary" accounts.
Sensitize the staff
I cannot repeat this point often enough, safety awareness is paramount. It is essential to remind employees of good safety practices on a regular basis, this allows you to win on two fronts at once: the employee is more attentive to his own actions and during his next missions in your company or not, he will be more sensitive to the safety aspect of his work environment.
Computer security can never be overemphasized in the current context, where data theft is becoming commonplace.
As a reminder, recently, two major convictions for violation of the RGPD were handed down:
- British Airways: fined 204 million euros (1.5% of its 2017 turnover).
- Mariott: fined EUR 111 million (1.5% of its 2017 turnover)
Once again, IT security is often an aspect set aside in companies. Nevertheless, the implementation of the rules related to the DPMR makes this aspect much more important, the penalties being a percentage of the turnover, the impact can be impressive.
Moreover, today, this kind of loophole is often communicated to the public, and it always tarnishes the company's image.
For your information, a single infected PC can block an entire production, or even, for some small companies, put them out of business.
Don't take these risks! Think about the security of your IS!