Experts Explain Hidden Cyber Threats Among Interns

Interns and hidden cyber threats (photo: iStock)

JAKARTA - Organizations tend to think less about the risks associated with how interns can pose a threat to their organization's cybersecurity and what you can do to address them.

Kaspersky revealed that many companies think that interns will not be in the system or business for long and it is unlikely that they will be able to gain access to any credential information.

That's understandable, but that doesn't mean you should ignore the fact that inexperienced interns without adequate knowledge can harm organizations simply by clicking on phishing links, applying weak passwords to their work accounts, or becoming victims of social engineering.

To prevent these things from happening, following Kaspersky, as a digital cybersecurity provider, describes some recommendations that need special attention.

Orientation Session

Before you give interns access to organizational infrastructure and equipment, it's a good idea to familiarize them with the essentials. First and foremost, describe the organization's accepted standards of security policy, two-factor authentication, and passwords.

When you involve interns in operations, they must apply password settings. While password security seems to be a common topic of discussion, these new workers may not be familiar with the importance of not using the same password across multiple services, and they may not even fully know what a "strong password" is.

Least Privilege Principle

When giving interns access to organizational resources, you must follow the principle of least privilege, which means that everyone gets only the minimum level of access to their work. This is actually a good principle to follow in general, but it becomes even more important when you work with interns.

Agreement on the Prohibition of Disclosure of Confidential Information

Many organizations do not ask their interns to sign nondisclosure agreements, again because they view interns as having only a minor and temporary role.

However, it's good to do it. Even if the intern won't be privy to any company secrets, signing an NDA is a great way to convey to these newbies that they shouldn't talk about business processes in private conversations.

Information Security on Personal Social Media Accounts

On the one hand, organizations can benefit if interns talk passionately on social media about how interesting their jobs are. On the other hand, interns may inadvertently disclose important information in their posts, for example, taking selfies with internal documents behind them.

"This is why we recommend that you articulate clearly to interns the organization's policies on the use of social media," Kaspersky said in a release.

Furthermore, companies should try not to email lengthy instructions as the chances of them reading them from A to Z will be very low. A more effective approach is to provide verbal direction.

Access to Job Resources After Internship Ends

All good things must come to an end, including internships. Some participants may choose to be with you to continue the internship, but some will definitely leave. Pay special attention to those who decide to leave the company.

Be sure to revoke all access to internal organizational resources after the interns leave. Having additional accounts with access makes this a potential vulnerability.

Training Interns in Cyber Security Fundamentals

As a rule of thumb, Kaspersky recommends training all employees in cybersecurity basics. However, interns are rarely included in such training sessions. This is a mistake.

Intern training will help reduce the risk to your own cybersecurity, and at the same time will be an important lesson to learn when they leave your organization.

You don't even need to invest significant resources in this training. There is some open source material online covering the basics of cybersecurity that can be shared with your interns.