Secure Hiring and Onboarding: Free Security Tool
Secure Onboarding for HR: Applicants Can Be Bad Actors, Too
This module is for Human Resources professionals, IT professionals, hiring managers, and others involved in the recruitment and onboarding of employees. It features an in-depth interview with KnowBe4 staff who recount their real-life experience in uncovering a bad actor working for a nation-state government, disguised as a “new hire” during his onboarding process. We detail KnowBe4's quick response to secure the network and consequent efforts to educate others on this attempted attack and how it was foiled.
By the End of the Secure Onboarding Module, You Will Be Able To:
- Improve organizational hiring security practices
- Raise awareness about hiring-based security threats
- Provide practical knowledge for identifying risks
Secure Onboarding FAQs
How Can a Job Applicant or “New Hire” Be a Security Threat?
A job applicant or “new hire” can be a security threat if they use a stolen or fake identity, misrepresent who is attending interviews, or attempt to gain access to internal systems during onboarding.
What Are the Most Common Impersonation Tactics During Recruitment and Onboarding?
The most common impersonation tactics include look-alike email domains, fake documentation, altered identity details, pressure to bypass standard steps, and last-minute requests to change payroll or banking information.
What Does Secure Onboarding for HR Typically Include?
Secure onboarding for HR typically includes standardized identity verification, secure handling of documents, clear approval paths for access requests, and consistent escalation steps when suspicious activity is identified.
How Can HR and IT Work Together to Improve Secure Onboarding?
HR and IT can improve secure onboarding by using a shared onboarding checklist, aligning on who approves access, and establishing a fast escalation path for identity or fraud concerns.
What Are Practical Red Flags HR Can Watch for During Secure Onboarding?
Practical red flags include inconsistencies across documents and profiles, reluctance to complete verification steps, unusual urgency for access, and requests to communicate outside approved channels.