Add Cybersecurity Best Practices to Your Next Hire’s Training

By slowing down your training process and making sure to touch every element of the new staff member’s responsibilities, including security, you can be confident that your new hires won’t be more of a detriment than the benefit they’ve been brought on to be. Let’s identify some security-related training items that you absolutely have to touch when onboarding new employees.

Keep It Clean

The first element that you want to train your new hires on is a simple one and will actually benefit everyone: Keeping a clean workstation. We all have worked with that one person that has stacks of paper, old coffee cups, and other trash taking up the majority of their desks. You may be thinking, why does keeping a clean desk benefit the organization? Mainly because it is easier to find things if they are filed in the proper place, but also because people who don’t keep a tidy workplace have a tendency to leave sensitive information out in the open. If anyone that walks by has access to work documents, there is a good chance that there is going to be some information left exposed that could, if used by someone outside the organization, become a major problem. 

If it is explained, as a part of the onboarding process, that your business has a Clean Desk policy–in which it is expected that any documents that have any potentially sensitive information be filed away from public view–it will go a long way toward ensuring that passersby won’t have access to that information. Under a Clean Desk policy, all sensitive or confidential information has to be removed from public view at the end of each day. 

Bring Your Own Device Policy

Most people won’t think much of bringing their phone anywhere they go; and, the modern business can use this ubiquity to their advantage. Before that can happen, however, the new staff members have to be on board with your Bring Your Own Device (BYOD) policy. The purpose of your BYOD is to secure the use of personal devices on the business networks. This policy also includes all Internet-connected devices like smart watches, music players, and the like. Since each device carries with it the possibility of threat, choosing which devices you want to support on your network is the first step. Remember, it’s not necessarily about totally restricting personal devices, it’s about establishing policies to protect company data when personal devices are present.

As far as training goes, you will inform your new hires that your business has a very serious BYOD policy that they can accept or deny. If they choose not to participate, their devices will not be available on the organization’s network. If they opt in (which many begrudgingly do) they will gain access to company resources, while giving the organization the ability to manage the use of business files, applications, and access on the device. All new hires need to understand that their use of business resources from that device could be monitored and managed by network administrators. You’ll want to explain what you, as the business owner, can and cannot do, and that is not to invade their privacy (you don’t want employees thinking you can read their text messages, and they WILL assume that if you aren’t careful).

Computer Habits

Data Management 

Managing data is a big deal for nearly any organization, and during the onboarding process it should be brought to new hires’ attention. It is their responsibility to file digital data in the proper places. If your organization doesn’t do a good job informing new hires exactly how they go about managing their internal data before deploying them to do a job, there is a good chance that data that belongs in one place will be filed away in another. It has a negative effect on the overall efficiency of the business. 

Removable Media

Nowadays, using removable media in business is just dumb. Most businesses have network attached storage and cloud computing resources that they can use to transfer information. If an employee were to have to use an external media source it would have to be one provided by the company. Any other removable media should not be brought into a business. 

Cybersecurity

Chances are that any worker that is using a computer for work, will need to be taught how to interact with online resources, including email and social media. As far as risk, access to the Internet for a new employee is right up there with giving them hazardous materials to dispose of. Even the most seasoned Internet users can fall victim to phishing attacks or other malicious entities on the Internet, so for the uninitiated, it is important that they understand just how critical it is to be vigilant in the face of unrelenting threats. Before they are unleashed, they should have to prove that they:

  • Understand phishing tactics – Phishing is the number one threat to any business right now. Phishing, a social engineering tactic that aims to gain authorization to network resources, can result in data breaches, malware, and more. 
  • Shadow IT – New hires should understand that network administrators handle the downloading, updating, and deleting of software, not employees. The better they understand that any unapproved application could be the one that puts a business in danger, the more likely they will be reluctant to go ahead and try to download unapproved software on their company workstations.
  • Social media – Having a social media training program that makes them understand that their social media use in the workplace should be commensurate with their social media-related tasks, makes sense for any business.
  • Email scams – Besides phishing (which we can’t stress enough is the most prevalent problem facing the modern business), spam emails are a threat as routing through them wastes time and hinders productivity.

Since employees play an important role in your business’ success, when you onboard some new ones make sure that they won’t be the ones that reverse that trend. If you would like help from our IT experts at Level5 Management, call us today at (561) 509-2077.