Information security should be a priority for every HR department when onboarding employees. A strong relationship between the HR and IT departments can help to create an onboarding process that puts cybersecurity practices front and center from the very start. Here is how to integrate cybersecurity training from the first day an employee starts work at the company.
Create security awareness right away
The moment an employee has access to the company network, cybersecurity becomes an important part of their responsibility. Employees need to be made aware of cyber threats, why certain policies are in place and what the consequences are of not following them.
It is easy to rush through explanations and sign off on documents while working through an onboarding checklist with a new employee but taking the time to stress security awareness will make them more vigilant from the outset and aware of what they need to do to keep the organization safe.
Enable easy reporting of security issues
It is important that new employees know who to contact if they have any security or compliance questions. If new employees understand more about helpdesk support processes, they know what to expect and they can avoid phishing attacks that use helpdesk response tactics. Employees should be able to easily report suspicious emails.
By using the secure mail module in GoAnywhere MFT, your employees can send their messages as secure packages and recipients get an email with a unique link so they can download the message and files through a secure HTTPS connection. Secure mail can be sent from within a user’s internet browser or from Microsoft Outlook and users can attach multiple files to one package.
Provision user access
Provisioning user access involves configuring each user’s ‘least privileged’ access whereby they receive only the information they need to do their work and no more. The employee’s hiring manager needs to make sure the correct access is given.
HR can work together with IT to make sure to implement role-based access control (RBAC). If organizations copy an existing employee’s permission set onto a new employee, this can result in new employees getting more access than they need to do their jobs.
Emphasize security around common tasks
Stolen or compromised login credentials can cause a costly data breach. The security of basic employee tools, like logins, often does not receive enough attention. New employees may have varied histories and not really know about best practices when it comes to protecting passwords and the like.
Bombarding new employees with complicated rules can be confusing for them. Highly technical guides or those filled with technical jargon may not be read. Consider making content that focuses on the security around common tasks that may be completed in the early days of employment, such as system login, password reset etc.
Help employees to help each other
Consider pairing seasoned employees with new hires as mentors. They could answer questions about how to keep data safe, get system access or how to request technical help. Having a security ambassador program for each department could also be a way to answer employee questions as they arise and each department could receive timely security updates from ambassadors.
Plan for ongoing security training
Cybersecurity awareness training results often wear off after a few months. Cyber threats keep evolving and ongoing training is important. Repeat training will help all employees to be more aware of security risks at all times. Building a security-aware culture takes time but it is worth the time and the effort and can save costs over the long term.