Seasonal employment is a huge industry in the U.S. According to Inside Counsel, American retailers were on track to hire more than 750,000 temporary workers during the holidays in 2015. This year, Fortune predicted that package delivery service UPS will add around 95,000 jobs. Business Insider, meanwhile, noted that Amazon plans to create 120,000 limited-term jobs.

It makes sense, especially in retail and shipping. Consumers don’t want to hear about package volumes or weather delays — they simply want items delivered on time. But with a rapid uptick in staff comes the potential problem of seasonal employee security risks. How can companies equip these workers with enough information to do their jobs without giving them access to critical data or intellectual property? Here’s a look at key best practices to mitigate this present danger.

Managing Seasonal Employee Security Risks

The first step in mitigating potential employee risk is to implement a solid onboarding and integration processes. As noted by CPA Practice Advisor, companies experience a 20 percent fraud increase over the holiday season, in part thanks to existing employees who seize the opportunity and in part due to the influx of seasonal workers. But in a corporate world now dominated by mobile devices and real-time data, stealing money from the till is no longer the biggest risk: Lifting credit card information or usernames and passwords can prove a lucrative business model for motivated employees looking to make a living on the Dark Web.

It’s important to keep hiring practices consistent. Don’t change the interview, vetting process or background check requirements for new workers simply because they aren’t full-time employees (FTEs). This significantly reduces the risk of hiring a potential threat actor and comes with the added bonus of efficiency if companies do decide to keep employees on as full-time staff after the seasonal period ends.

Onboarding is next. Treat these new hires the same way as existing employees. Federal and state laws already mandate providing overtime pay, tax withholding and other HR necessities. By following suit with onboarding and corporate culture, it’s possible to make holiday hires feel like they’re part of the team rather than fortunate outsiders.

This extends to other employees as well. It’s worth having a manager regularly monitor the cultural climate during the holidays to ensure all workers are being treated fairly and with mutual respect. Happy, well-respected temporary workers are more likely to do their jobs well in hopes of a full-time offer. Disgruntled seasonal staff, meanwhile, may try to take whatever they can from employers before their time is up.

Defending Data

Of course, hiring the right people is only half the battle. Once workers are familiar with expectations and their environment, companies need to train them in specific work tasks. This often leads to necessary — but still risky — data disclosure.

Consider the work of shipping agents and drivers during the holiday rush. They need access to company network portals, which contain consumer names, addresses and even credit card information if returns or refunds are necessary. To provide the level of service demanded by seasonal shoppers, companies must empower temporary workers to access, modify and record data as necessary. But what happens when seasonal employees leave?

The first step in defending against data-based seasonal employee security risks is to use a test environment for training. This is especially beneficial when training large groups simultaneously. Users can access the functions of critical processes without exposure to real company data.

Next up are access permissions. This can be difficult, depending on the number of staff recruited, but it’s absolutely critical. IT must ensure each employee only has access to data critical to his or her current role and responsibility. If staff members complain that these rules are too narrow, they may not be the right fit — seasonal workers should be focused on the job, not the surroundings.

Finally, hiring managers should decide on a common end date for temporary staff. This gives IT departments time to prepare for a mass permissions revoke. When employees walk out the door after their final shift, their accounts should be deactivated. Putting this off opens up the possibility that ex-employees may log back in accidentally or with malicious intent and compromise corporate data.

The Security Guard Solution

Along with delivery and package prep personnel, security guards are in high demand during the holiday season. But the nature of their job is fluid. What if a routine stop-and-talk turns into a confrontation, or if stores are mobbed by thousands of eager or disgruntled customers? Suddenly, these entry-level guards are called on to perform under pressure.

It’s often worth accepting a modicum of risk and giving temporary workers the ability to scale up and meet the potential demands of their jobs as necessary. Consider the angry customer calling in about a missed delivery. Call center staff with only limited knowledge and access might provide canned responses, such as “I’ll send this to my manager,” or “Someone will call you back,” increasing the probability that a complaint may not be resolved.

By providing access to necessary files and functions, well-trained temporary workers can diffuse tense situations and improve customer retention outcomes over the holiday season. Better still, this kind of trust helps make seasonal workers feel more like part of the team than simply hired help.

Put a Bow on It

Finally, managers should implement a few best practices to protect data after temporary employees leave. First, always have seasonal staff sign documents indicating that their employment is at will or specify a certain end date. It’s also a good idea to have them sign a nondisclosure agreement clearly stating that they have no claim to corporate data and forbidding the transmission or duplication of this information outside necessary business use. While this doesn’t guarantee compliance, it limits the chance of a revenge-motivated breach and provides companies with solid legal footing.

To meet increasing consumer demand and surpass holiday expectations, companies are hiring more temporary staff and giving them more access to corporate data. Mitigating seasonal employee security risks, however, means thoroughly vetting new hires, closely managing their access environment, providing the opportunity for increased performance and drafting documentation in advance of employment end dates.

More from Data Protection

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…