An ongoing argument in the security world centers around the measure of loyalty from security officers who are actually employees of the company they protect versus being simply contract vendors from an outside security firm. A similar concern can be raised if we compare the security vigilance of full-time employees at a company versus interns, volunteers, or part-time employees.
Full-time employees certainly have a vested interest in their own safety in their workplace, and may be more likely to follow access control policies, wearing and using their identification (ID) badges, preventing “tailgaters” from entering the building after them, and practicing good cybersecurity protocols. Part-timers, volunteers (as are routinely found in city and county government jobs), and interns may not have the same sense of connection to the company and can see themselves “on the outside looking in” since they aren’t fully committed to the company, and the company is not fully committed to them. As such, they may not have the same desire to follow company security policies, often because they may see themselves as not playing that significant of a role in the day-to-day operations. But is this always true?
Another way to look at it is that these part-time employees may in fact be more vigilant about security, because they want to make a good impression with their potential future full-time bosses, they want to demonstrate they can follow security rules and polices and be a good team player, or perhaps they aren’t as jaded or nonchalant about the need to comply with security policies as the full-time employees.
Part of creating a vigilant security culture starts with a complete orientation or on-boarding process for all employees, including the part-timers, volunteers, and interns. They should all be trained together and should hear the same message from the HR and security department stakeholders, including answers to these critical questions:
- Do they know who the security leaders in the organization are, by name and contact information?
- Have employees been fully empowered to contact security leaders to ask questions or provide information about security concerns?
- Do they know who to report serious security issues to—like workplace violence threats, thefts, ethics violations, drug use, misuse of the computers systems by insiders or outsiders, etc.—and when to do it, and why to do it?
- Do they know how to document a potential or actual security issue using the company’s type of a Security Incident Report?
- Do they know who to give that report to?
It’s certainly possible that some part-timers, volunteers, or interns may not care about any of the above because they see this particular job merely as a stepping stone to something bigger and better somewhere else. But if we can “indoctrinate” them early, by including them in the same training and orientations sessions as the full-time employees, holding them accountable, and rewarding them when they do comply, then we may be able to build their sense of loyalty and connection to the organization for however long they are there.