IT Services, Thought Leaders

How to Maintain Security Hygiene With High Staff Turnover

April 7, 2020

by Mitesh Patel


As social engineering attacks increase every year, the risks for businesses grow. Good security hygiene is critical for businesses that have any amount of staff turnover. In this article, we review risk reduction strategies that will improve a company's security hygiene.

High staff turnover is a simple fact of life in some industries. Sales and retail environments are two of the most notable examples, but companies with younger staff members tend to see higher turnover rates as well.

You might be able to take steps to limit the number of people leaving your organization, but some turnover is inevitable. That might give rise to security concerns.

Companies with high turnover, for example, need to have security protocols and data protection protocols in place to prevent people from leaving with the company’s valuable data. 

At the same time, employees coming into your organization need to get up to speed quickly, as the total number of cyber attacks and threats grows all the time.

Failure to maintain good security hygiene can have serious consequences. In this article, we explore some of the steps you can take to actually achieve good security hygiene, even in industries where high turnover is par for the course.

How to Maintain Security Hygiene With High Staff Turnover

  1. Incorporate security hygiene into employee onboarding
  2. Create a secure employee departure process
  3. Seek out professional services

Incorporate Security Hygiene into Employee Onboarding

High staff turnover means people with security knowledge leave your business and people who may lack security knowledge come in.

New employees are going to be the most vulnerable and, therefore, the least likely to act effectively to prevent a threat. 

After all, they may not possess the same level of knowledge about specific security threats facing your organization and they will not be familiar enough with ordinary business communication to spot some of the obvious red flags.

Research shows that social engineering attacks are increasing year-over-year, while some of the more well-known or established attack methods, like hacking, also persist. 

Causes contributed to the incidents affecting IT infrastructure hosted by a third party

Individual employees play a critical role in preventing these types of attacks.

If you are in any doubt about the importance of establishing security knowledge among your staff, you should know that research carried out by Kaspersky Lab shows that as many as 90 percent of corporate data breaches in the cloud can be attributed to human error, with social engineering attacks aimed at employees being one of the main causes.

These social engineering attacks can take many forms, including spear phishing, compromised websites, and even real-world bait scenarios. 

The crucial thing to understand is that the likelihood of becoming a victim of a social engineering attack can be reduced, even when fairly sophisticated methods are used, but awareness of the main techniques is vital.

This means taking the time to teach employees what to look out for with phishing emails and how to avoid clicking on links to compromised websites, or fake login forms. 

It also means establishing what the most common signs of social engineering attacks are, and teaching your staff some of the best practices that can help them avoid danger.

In order to improve cybersecurity at an organization with high staff turnover, it is important to first establish the need for security as a key part of company culture.

Create a Secure Employee Departure Process

With outgoing staff, meanwhile, another potential issue involves them leaving with important data.

According to a study from Osterman Research, employees take data they created when they leave an organization, while 28% take data that others created. 

Problems Related to Data Protection Osterman Research

With that being said, many of the concerns with staff leaving an organization can be mitigated through a sensible departure process and timely removal of credentials.

Seek Out Professional Services

Ultimately, the best way to maintain good security hygiene is to work with a managed service provider and provide employees with high-quality cybersecurity awareness training. 

This will help to arm employees with all of the tools and information they need to fend off any threats and avoid making catastrophic errors.

It is essential that this cybersecurity training for employees starts as soon as possible after they are hired. 

Bear in mind, the fastest and easiest way for an attacker to access your secure company data is by targeting your new employees, especially if they are not yet familiar with how data is kept secure, or what your login pages look like.

Of course, aside from recognizing phishing and social engineering attacks, it is also important that employees know how to react in the event of a cyber-attack taking place, or a computer virus is detected.

For SMEs in London and the surrounding area, Fifosys' Cyber Security Awareness Workshops have been specifically designed to help business owners equip their employees with all of the necessary information and skills necessary to deal with social engineering and other cyber attacks and to prevent other kinds of accidental data breaches.

Train Staff to Maintain Good Security Hygiene

Modern businesses obtain, utilize, and store more data than at any other time in history, including personal data from customers. Maintaining good cybersecurity hygiene is of vital importance. 

Yet, in organizations with high turnover, this can be a real challenge, with staff potentially leaving with sensitive data and new recruits coming in ill-equipped to prevent data breaches or handle some of the common daily security threats.

Effective management of this situation requires cybersecurity to become a fundamental part of your company culture. 

New employees should receive ongoing security training, starting from day one, while those leaving the organization are left in no doubt about what they can and cannot take with them on their way out.

Teaching your staff to handle data appropriately, spot common cyber threats and respond to any breaches that do occur can be extremely beneficial, and a well-managed service provider offering awareness training can help you.

Related Articles More

Enterprise Mobility: Moving Data
4 Tips to Manage Uncertainty in the IT Industry

Stay Updated With Clutch

Never miss new content. Subscribe to get weekly content roundups – delivered straight to your inbox.