Seasonal data security: How businesses can be one step ahead
February 2016 by David Meyer, VP of Product at OneLogin
The busiest season of the year for many businesses is without a doubt, the festive period. Retailers and couriers across the UK have just endured another record breaking year for sales, both in-store and online. With this in mind, organisations across the nation would have had to frantically prepare not only their stock and festive deals, but also employ a handful of temporary seasonal workers to help day-to-day staff with the rapid influx of consumers flocking to buy the year’s must have item.
Not only would HR have had the nightmare task in the leading months of interviewing and hiring suitable candidates, but the IT department was also have been faced with ensuring that staff are ready to work efficiently and securely straight away. Businesses now need to start considering how can they best prepare for this uptake in staff during this year’s peak seasons, ensuring they remain both efficient and secure when the festive period is upon us yet again.
Rally the troops
The rapid on-boarding of these temporary workers can have both the HR and the IT department in chaos. In 2014, Royal Mail recruited over 19,000 festive workers to assist with the Christmas rush and Amazon brought in 17,000 to its warehouse to help cope with the rise in festive orders. Whilst it is important for organisations to ensure they have the right number of troops on the ground to cope and effectively manage the customers, it is just as vital that they are prepared to manage the potential issues that come with employing so many new staff members.
Not only must HR ensure that each new employee is adequately trained, but the IT department needs to make sure each individual is able to access the appropriate systems to start effectively from day one. Both HR and IT must be safe in the knowledge that a temporary workforce moving on in January cannot do so with valuable corporate data (whether it’s customer records or intellectual property). If the correct provisions are not taken to ensure each individual employee has access to the correct information and apps to do their job, nothing more nothing less, the consequences could be catastrophic. This is why it is always better to be proactive rather than reactive, as all too often hindsight is a business’s only solace.
Streamline on-boarding and off-boarding
In order to manage the rapid influx of employees, the first place organisations must start is with a streamlined on-boarding and off-boarding process which ensures individuals are effectively added to the organisation’s IT system and are removed just as simply once they leave the organisation. During the on-boarding process it is imperative that an employee is incorporated onto an identity management platform through a browser-first strategy. Not only does this limit exactly what sensitive information the individual user can access but security risks associated with weak passwords are eliminated. And with the ever increasing popularity of BYOD within the workplace, controls over external devices brought into organisations are strengthened.
Additionally, it also makes the necessary applications easy to access for a workforce who may not be so tech savvy. Often security relies on ease of use just as much as it does on controls over user access. To accompany the browser-first strategy many organisations gain control by embracing solutions such as IDaaS, multi-factor authentication and user provisioning. In turn, this allows them to keep the benefits of a temporary workforce but minimise the potential security risks and damage to brand reputation from preventable data breaches.
Practise ‘safe data’
Often the new temporary workforce hold few loyalties to the organisation they are now working for, meaning security risks are inevitably more likely, particularly when all departments are under increased pressure. All employees – even seasonal ones – should be taught the importance of practising ‘safe data’ to help reduce exposure to the business and also know what to do should a data breach occur.
An organisation must provision new users, control on-premise versus off-premise access and implement a streamlined on-boarding and off-boarding in process, in a short space of time before an employee’s start date and on their last day. If carried out correctly a business can be safe in the knowledge that the utmost is being done to protect confidential data from a workforce that is here today and very likely to be gone tomorrow – and it’s certainly not too early to start thinking ahead.