Retail November 2, 2016
By Douglas Bonderud 4 min read

Seasonal employment is a huge industry in the U.S. According to Inside Counsel, American retailers were on track to hire more than 750,000 temporary workers during the holidays in 2015. This year, Fortune predicted that package delivery service UPS will add around 95,000 jobs. Business Insider, meanwhile, noted that Amazon plans to create 120,000 limited-term jobs.

It makes sense, especially in retail and shipping. Consumers don’t want to hear about package volumes or weather delays — they simply want items delivered on time. But with a rapid uptick in staff comes the potential problem of seasonal employee security risks. How can companies equip these workers with enough information to do their jobs without giving them access to critical data or intellectual property? Here’s a look at key best practices to mitigate this present danger.

Managing Seasonal Employee Security Risks

The first step in mitigating potential employee risk is to implement a solid onboarding and integration processes. As noted by CPA Practice Advisor, companies experience a 20 percent fraud increase over the holiday season, in part thanks to existing employees who seize the opportunity and in part due to the influx of seasonal workers. But in a corporate world now dominated by mobile devices and real-time data, stealing money from the till is no longer the biggest risk: Lifting credit card information or usernames and passwords can prove a lucrative business model for motivated employees looking to make a living on the Dark Web.

It’s important to keep hiring practices consistent. Don’t change the interview, vetting process or background check requirements for new workers simply because they aren’t full-time employees (FTEs). This significantly reduces the risk of hiring a potential threat actor and comes with the added bonus of efficiency if companies do decide to keep employees on as full-time staff after the seasonal period ends.

Onboarding is next. Treat these new hires the same way as existing employees. Federal and state laws already mandate providing overtime pay, tax withholding and other HR necessities. By following suit with onboarding and corporate culture, it’s possible to make holiday hires feel like they’re part of the team rather than fortunate outsiders.

This extends to other employees as well. It’s worth having a manager regularly monitor the cultural climate during the holidays to ensure all workers are being treated fairly and with mutual respect. Happy, well-respected temporary workers are more likely to do their jobs well in hopes of a full-time offer. Disgruntled seasonal staff, meanwhile, may try to take whatever they can from employers before their time is up.

Defending Data

Of course, hiring the right people is only half the battle. Once workers are familiar with expectations and their environment, companies need to train them in specific work tasks. This often leads to necessary — but still risky — data disclosure.

Consider the work of shipping agents and drivers during the holiday rush. They need access to company network portals, which contain consumer names, addresses and even credit card information if returns or refunds are necessary. To provide the level of service demanded by seasonal shoppers, companies must empower temporary workers to access, modify and record data as necessary. But what happens when seasonal employees leave?

The first step in defending against data-based seasonal employee security risks is to use a test environment for training. This is especially beneficial when training large groups simultaneously. Users can access the functions of critical processes without exposure to real company data.

Next up are access permissions. This can be difficult, depending on the number of staff recruited, but it’s absolutely critical. IT must ensure each employee only has access to data critical to his or her current role and responsibility. If staff members complain that these rules are too narrow, they may not be the right fit — seasonal workers should be focused on the job, not the surroundings.

Finally, hiring managers should decide on a common end date for temporary staff. This gives IT departments time to prepare for a mass permissions revoke. When employees walk out the door after their final shift, their accounts should be deactivated. Putting this off opens up the possibility that ex-employees may log back in accidentally or with malicious intent and compromise corporate data.

The Security Guard Solution

Along with delivery and package prep personnel, security guards are in high demand during the holiday season. But the nature of their job is fluid. What if a routine stop-and-talk turns into a confrontation, or if stores are mobbed by thousands of eager or disgruntled customers? Suddenly, these entry-level guards are called on to perform under pressure.

It’s often worth accepting a modicum of risk and giving temporary workers the ability to scale up and meet the potential demands of their jobs as necessary. Consider the angry customer calling in about a missed delivery. Call center staff with only limited knowledge and access might provide canned responses, such as “I’ll send this to my manager,” or “Someone will call you back,” increasing the probability that a complaint may not be resolved.

By providing access to necessary files and functions, well-trained temporary workers can diffuse tense situations and improve customer retention outcomes over the holiday season. Better still, this kind of trust helps make seasonal workers feel more like part of the team than simply hired help.

Put a Bow on It

Finally, managers should implement a few best practices to protect data after temporary employees leave. First, always have seasonal staff sign documents indicating that their employment is at will or specify a certain end date. It’s also a good idea to have them sign a nondisclosure agreement clearly stating that they have no claim to corporate data and forbidding the transmission or duplication of this information outside necessary business use. While this doesn’t guarantee compliance, it limits the chance of a revenge-motivated breach and provides companies with solid legal footing.

To meet increasing consumer demand and surpass holiday expectations, companies are hiring more temporary staff and giving them more access to corporate data. Mitigating seasonal employee security risks, however, means thoroughly vetting new hires, closely managing their access environment, providing the opportunity for increased performance and drafting documentation in advance of employment end dates.

 |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from Data Protection
Data Protection   June 8, 2023

Beyond Requirements: Tapping the Business Potential of Data Governance and Security

3 min read - Doom and gloom. Fear, uncertainty and doubt. The "stick" versus the "carrot". What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated the idea that data governance, data security and data privacy are reactive cost centers existing due to externally imposed requirements or mandates.Yet, what if data governance and security practices could upend the prevailing paradigm and demonstrate direct business value?[button link="https://community.ibm.com/community/user/security/events/event-description?CalendarEventKey=8d7fdc61-97bf-43b0-b7d6-018756e436a6&CommunityKey=aa1a6549-4b51-421a-9c67-6dd41e65ef85&Home=%2fcommunity%2fuser%2fsecurity%2fcommunities%2fcommunity-home%2frecent-community-events"…

3 min read
Data Protection   May 25, 2023

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read
Data Protection   May 17, 2023

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read
Data Protection   May 12, 2023

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature