Threat actors are especially fond of your newest employees. Often, there is either a public announcement or they post on LinkedIn or other social media, proudly announcing that they are joining your organization.
The bad guys can then do some simple research on who their boss is and perhaps who their co-workers are.
Your new employee shows up at work, on Teams, or via email. It is not uncommon for them to get a call from "IT" welcoming them, asking if they have any questions, and requesting a "favor" in return for providing such great technical support.
Another scenario is that the new employee's boss has reached out with a thoughtful welcome message and gift. Perhaps it is a gift card.
Regardless of the scenario, all roads lead to trying to trick the new employee into clicking, sharing information, or granting remote network access.
You need to make sure your onboarding process for all new hires includes a discussion of the basic rules of engagement. We don't click on unknown things from unknown people.
We never provide remote access just because someone is nice and asks us to.
If there are any questions about any request, it must be validated out of band, via phone or email, with the appropriate resource at the appropriate place to confirm the request.
The bad guys are going to try to exploit that initial insecurity about being new and not knowing how everything operates.
Everyone needs to be vigilant and say something when being asked unusual requests.
Security Awareness Training has to start as soon as anyone is hired.
If you are interested in looking at Acture's Security Awareness Training offerings, give us a call.