November 2, 2016 By Douglas Bonderud 4 min read

Seasonal employment is a huge industry in the U.S. According to Inside Counsel, American retailers were on track to hire more than 750,000 temporary workers during the holidays in 2015. This year, Fortune predicted that package delivery service UPS will add around 95,000 jobs. Business Insider, meanwhile, noted that Amazon plans to create 120,000 limited-term jobs.

It makes sense, especially in retail and shipping. Consumers don’t want to hear about package volumes or weather delays — they simply want items delivered on time. But with a rapid uptick in staff comes the potential problem of seasonal employee security risks. How can companies equip these workers with enough information to do their jobs without giving them access to critical data or intellectual property? Here’s a look at key best practices to mitigate this present danger.

Managing Seasonal Employee Security Risks

The first step in mitigating potential employee risk is to implement a solid onboarding and integration processes. As noted by CPA Practice Advisor, companies experience a 20 percent fraud increase over the holiday season, in part thanks to existing employees who seize the opportunity and in part due to the influx of seasonal workers. But in a corporate world now dominated by mobile devices and real-time data, stealing money from the till is no longer the biggest risk: Lifting credit card information or usernames and passwords can prove a lucrative business model for motivated employees looking to make a living on the Dark Web.

It’s important to keep hiring practices consistent. Don’t change the interview, vetting process or background check requirements for new workers simply because they aren’t full-time employees (FTEs). This significantly reduces the risk of hiring a potential threat actor and comes with the added bonus of efficiency if companies do decide to keep employees on as full-time staff after the seasonal period ends.

Onboarding is next. Treat these new hires the same way as existing employees. Federal and state laws already mandate providing overtime pay, tax withholding and other HR necessities. By following suit with onboarding and corporate culture, it’s possible to make holiday hires feel like they’re part of the team rather than fortunate outsiders.

This extends to other employees as well. It’s worth having a manager regularly monitor the cultural climate during the holidays to ensure all workers are being treated fairly and with mutual respect. Happy, well-respected temporary workers are more likely to do their jobs well in hopes of a full-time offer. Disgruntled seasonal staff, meanwhile, may try to take whatever they can from employers before their time is up.

Defending Data

Of course, hiring the right people is only half the battle. Once workers are familiar with expectations and their environment, companies need to train them in specific work tasks. This often leads to necessary — but still risky — data disclosure.

Consider the work of shipping agents and drivers during the holiday rush. They need access to company network portals, which contain consumer names, addresses and even credit card information if returns or refunds are necessary. To provide the level of service demanded by seasonal shoppers, companies must empower temporary workers to access, modify and record data as necessary. But what happens when seasonal employees leave?

The first step in defending against data-based seasonal employee security risks is to use a test environment for training. This is especially beneficial when training large groups simultaneously. Users can access the functions of critical processes without exposure to real company data.

Next up are access permissions. This can be difficult, depending on the number of staff recruited, but it’s absolutely critical. IT must ensure each employee only has access to data critical to his or her current role and responsibility. If staff members complain that these rules are too narrow, they may not be the right fit — seasonal workers should be focused on the job, not the surroundings.

Finally, hiring managers should decide on a common end date for temporary staff. This gives IT departments time to prepare for a mass permissions revoke. When employees walk out the door after their final shift, their accounts should be deactivated. Putting this off opens up the possibility that ex-employees may log back in accidentally or with malicious intent and compromise corporate data.

The Security Guard Solution

Along with delivery and package prep personnel, security guards are in high demand during the holiday season. But the nature of their job is fluid. What if a routine stop-and-talk turns into a confrontation, or if stores are mobbed by thousands of eager or disgruntled customers? Suddenly, these entry-level guards are called on to perform under pressure.

It’s often worth accepting a modicum of risk and giving temporary workers the ability to scale up and meet the potential demands of their jobs as necessary. Consider the angry customer calling in about a missed delivery. Call center staff with only limited knowledge and access might provide canned responses, such as “I’ll send this to my manager,” or “Someone will call you back,” increasing the probability that a complaint may not be resolved.

By providing access to necessary files and functions, well-trained temporary workers can diffuse tense situations and improve customer retention outcomes over the holiday season. Better still, this kind of trust helps make seasonal workers feel more like part of the team than simply hired help.

Put a Bow on It

Finally, managers should implement a few best practices to protect data after temporary employees leave. First, always have seasonal staff sign documents indicating that their employment is at will or specify a certain end date. It’s also a good idea to have them sign a nondisclosure agreement clearly stating that they have no claim to corporate data and forbidding the transmission or duplication of this information outside necessary business use. While this doesn’t guarantee compliance, it limits the chance of a revenge-motivated breach and provides companies with solid legal footing.

To meet increasing consumer demand and surpass holiday expectations, companies are hiring more temporary staff and giving them more access to corporate data. Mitigating seasonal employee security risks, however, means thoroughly vetting new hires, closely managing their access environment, providing the opportunity for increased performance and drafting documentation in advance of employment end dates.

More from Retail

5 ways to improve holiday retail and wholesale cybersecurity

4 min read - It’s the most wonderful time of the year for retailers and wholesalers since the holidays help boost year-end profits. The National Retail Federation (NRF) predicts 2022 holiday sales will come in 6% to 8% higher than in 2021. But rising profits that come at the cost of reduced cybersecurity can cost companies in the long run when you consider the rising size and costs of data breaches. The risk of data breaches and other cyber crimes can make this shopping…

Cost of a data breach: Retail costs, risks and prevention strategies

3 min read - Whether it’s online or brick-and-mortar, every new store or website represents a new potential entry point for threat actors. With access to more personally identifiable information (PII) of customers than most industries, bad actors perceive retail as a great way to cash in on their attacks. Plus, attackers can duplicate attack methods more easily since retailers share similar cybersecurity infrastructure. The good news for retail is that the cost of a data breach in the sector remains low compared to…

Lessons learned by 2022 cyberattacks: X-Force Threat Intelligence Report

3 min read - Every year, the IBM Security X-Force team of cybersecurity experts mines billions of data points to reveal today’s most urgent security statistics and trends. This year’s X-Force Threat Intelligence Index 2022 digs into attack types, infection vectors, top threat actors, malware trends and industry-specific insights. This year, a new industry took the infamous top spot: manufacturing. For the first time in over five years, finance and insurance were not the top-attacked industries in 2021, as manufacturing overtook them by a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today