When we think of risky users, new hires don’t typically first come to mind. While it’s great to have new teammates to help us drive company initiatives forward and handle workloads, these new people also come with a high amount of initial risk. It is for good reason that many companies make the first 90 days a probationary period for new employees – it helps them confirm that they did not make a mistake.
In honour of Insider Threat Awareness Month – and looking through an insider threat lens – let’s examine why new employees can be so risky for employers.
Keeping an eye out for red flags
One of the most important questions to consider when evaluating new hires comes down to insider risk. Namely, is this person here to steal our data or cause harm to our organisation? While you don’t want to assume the worst, healthy scepticism is good. There have been numerous incidents of malicious insiders who worked their way through the hiring process with just that intention.
Sometimes, people make it their business to take entry-level or mid-tier jobs at companies for the express purpose of stealing sensitive data. It’s not especially difficult to do this, either. Anyone looking for this type of work can easily find tips on how to make their way through the job interview process even though they don’t have all or most of the pre-requisite skills. While this advice can give honest jobseekers an edge, it also creates real risk for companies who need to protect themselves from bad actors.
Malicious insiders who lack the appropriate skills for a job will often try to make rapid progress toward their goals, aiming to be in and out before their inability to perform becomes evident.
The risk of delayed training
Now, let’s talk about why enhanced visibility and monitoring is so important for surfacing risky insider behaviour during a new hire’s first 90 days.
Traditionally, when someone joins a company, they go through an onboarding period where they receive a certain level of compliance training, appropriate use training, and technical system training before they officially dive into their job duties.
But in today’s heavily understaffed work environments, new hires may be put to work immediately. They get training over the course of two to four weeks while they are already on the job with access to potentially sensitive data. So, it’s no surprise that accidental data loss and system sabotage are two of the most common insider risks that many companies see during this period.
The first 90 days should be a period during which your team uses enhanced visibility and monitoring to ensure a new hire doesn’t behave in any risky or malicious ways. This helps you mitigate insider threat risk.
Risks arising from old behaviour patterns
Another source of risk with new hires relates to meeting different expectations about how to handle data. A new employee may not have had the same privacy and compliance requirements at a previous organisation that they must now adhere to at their new employer.
New hires straight out of university are a perfect example. In higher education institutions, collaboration, information sharing, and collective learning are emphasised and valued. These practices are great in a space where growing and sharing knowledge is a fundamental imperative. However, in a heavily regulated industry like financial services, we see the opposite mentality. Thus, the behavioural patterns that new hires carry into a new role may be counterintuitive to the nature of a corporate business.
We have also seen major data exfiltration events involving individuals who came from a similar role in the same vertical, but from a company with far less stringent or controlled policies and procedures than their new employer. For example, one organisation may invest heavily in a third-party cloud-sharing product while another might favour a centralised system that uses Microsoft technologies for data sharing.
In summary, it can be all too easy for workers to fall back into common behaviour patterns of data manipulation, management, and control when they move from one company to another.
Learn to manage insider risk
When a new hire comes on board, the hope is that their first 90 days will be a love story where everyone finds their happily ever after. However, as information security professionals, we need to be prepared in case things don’t go as planned.
If you want to learn more about managing this high-risk use case, Proofpoint can help. During National Insider Threat Awareness Month, we invite you to join our webinar series on insider risk. In this series, you can learn about why it is so important to have an insider risk program that is effective and ways to enhance your current programme.
Are you new to the topic of insider threat management? Get up to speed with our Insider Threat Management Starter Pack.