Don’t forget your casual employees play an important role in your cyber safety
Employees are usually the first line of defence against cyber attacks, but they can quickly become the greatest risk for small businesses.
Just under 2.4 million people, or 22.5% of Australia’s workforce, are employed as casuals. More than 80% of these casual employees work in small to medium businesses, just like yours.
If small businesses are too casual about cyber security with their casual staff, they might be more susceptible to attack.
Are your casuals posing a risk to your business?
Here are 5 ways casual employees can pose significant cyber security risks to a small business.
1.High turnover:
Casual employment often involves high turnover rates, with employees regularly joining and leaving the business. This can make it difficult for small businesses to ensure that departing employees can no longer access sensitive data or systems. When multiple people share a login credential, revoking access also becomes a challenge, especially when employees come and go on a regular basis.
2. Lack of training and limited supervision:
Because they may only work a few hours a week, casual employees may not have received the same cyber security training as your permanent staff. This can leave them unaware of common cyber threats, such as phishing emails or malicious links, and in turn make them more susceptible to a cyber attack.
By the same token, casual employees may also have limited supervision compared to permanent staff. This lack of oversight can lead to risky behaviours, such as downloading unauthorized software or accessing unsecured websites, which can compromise the security of company systems.
3. Use of personal devices
It’s not uncommon for small business owners to ask casual staff to use their own personal devices, such as smartphones or laptops, to access company networks or data. These devices may not have adequate security measures in place, making them vulnerable to malware or unauthorised access.
Some regulatory standards and industry best practices require organisations to implement strict access controls and maintain an audit of user activity. The use of personal devices (and shared logins) may violate these requirements, leading to potential compliance and legal issues.
Blurring boundaries between work and personal life further complicates cyber security efforts, as individuals may inadvertently compromise security protocols.
4. Insider threats
While not all casual employees pose a cyber security threat, businesses must know the potential for insider threats. Casual employees who feel disengaged, undervalued or insecure about their employment may be more susceptible to malicious activities, such as stealing or leaking sensitive information.
The rise of hybrid work models also presents unique challenges in terms of data protection and privacy. With casual employees accessing company networks and sensitive information from various locations, the cyber risk of data breaches and attacks is exacerbated.
5. Weak password management
The use of shared logins and software access among casual employees can dramatically increase the cyber risk for small businesses. Weak password practices can be easily compromised, providing cyber criminals unauthorised access to sensitive business information.
Shared logins make it difficult to track individual user activity, leading to a lack of accountability for actions taken within the system. If a security breach occurs, it may be difficult to identify the responsible party, hindering the investigation and rapid remediation process.
If a casual employee leaves the organisation or changes roles, it may be unclear who still has access to the shared login, increasing the risk of unauthorised access after they have departed.
Don’t be casual about your casuals
To ensure casual staff are a key part of your cyber defence, there are some simple steps you can take:
- 1. Implement individual user accounts
- 2. Enforce strong password policies
- 3. Set multi-factor authentication (MFA) on all your online accounts
- 4. Conduct regular access reviews
- 5. Encourage your casual staff to do the Cyber Wardens training
As the major employer of a growing casual workforce, all Australian small businesses should aim to foster a culture of cyber security awareness and encourage casual employees to report any suspicious activities or security incidents promptly.
The Cyber Wardens program will give small businesses the skills to build a culture of cyber security and ward off lurking cyber threats.
Help protect your small business from scams and hackers with free and simple cyber security training