Welcome, let's improve your business today!
Growth can be very exciting for a business. It generally means that all the hard work that has gone into getting the business to that point has paid off. For some in your organization however, it can be a very stressful time. This is because once you commit to pay new employees, there’s some pressure to get them up to speed quickly. After all, what are you paying them for?
By slowing down your training process and making sure to touch every element of the new staff member’s responsibilities, including security, you can be confident that your new hires won’t be more of a detriment than the benefit they’ve been brought on to be. Let’s identify some security-related training items that you absolutely have to touch when onboarding new employees.
The first element that you want to train your new hires on is a simple one and will actually benefit everyone: Keeping a clean workstation. We all have worked with that one person that has stacks of paper, old coffee cups, and other trash taking up the majority of their desks. You may be thinking, why does keeping a clean desk benefit the organization? Mainly because it is easier to find things if they are filed in the proper place, but also because people who don’t keep a tidy workplace have a tendency to leave sensitive information out in the open. If anyone that walks by has access to work documents, there is a good chance that there is going to be some information left exposed that could, if used by someone outside the organization, become a major problem.
If it is explained, as a part of the onboarding process, that your business has a Clean Desk policy--in which it is expected that any documents that have any potentially sensitive information be filed away from public view--it will go a long way toward ensuring that passersby won’t have access to that information. Under a Clean Desk policy, all sensitive or confidential information has to be removed from public view at the end of each day.
Most people won’t think much of bringing their phone anywhere they go; and, the modern business can use this ubiquity to their advantage. Before that can happen, however, the new staff members have to be on board with your Bring Your Own Device (BYOD) policy. The purpose of your BYOD is to secure the use of personal devices on the business networks. This policy also includes all Internet-connected devices like smart watches, music players, and the like. Since each device carries with it the possibility of threat, choosing which devices you want to support on your network is the first step. Remember, it’s not necessarily about totally restricting personal devices, it’s about establishing policies to protect company data when personal devices are present.
As far as training goes, you will inform your new hires that your business has a very serious BYOD policy that they can accept or deny. If they choose not to participate, their devices will not be available on the organization’s network. If they opt in (which many begrudgingly do) they will gain access to company resources, while giving the organization the ability to manage the use of business files, applications, and access on the device. All new hires need to understand that their use of business resources from that device could be monitored and managed by network administrators. You’ll want to explain what you, as the business owner, can and cannot do, and that is not to invade their privacy (you don’t want employees thinking you can read their text messages, and they WILL assume that if you aren’t careful).
Managing data is a big deal for nearly any organization, and during the onboarding process it should be brought to new hires’ attention. It is their responsibility to file digital data in the proper places. If your organization doesn’t do a good job informing new hires exactly how they go about managing their internal data before deploying them to do a job, there is a good chance that data that belongs in one place will be filed away in another. It has a negative effect on the overall efficiency of the business.
Nowadays, using removable media in business is just dumb. Most businesses have network attached storage and cloud computing resources that they can use to transfer information. If an employee were to have to use an external media source it would have to be one provided by the company. Any other removable media should not be brought into a business.
Chances are that any worker that is using a computer for work, will need to be taught how to interact with online resources, including email and social media. As far as risk, access to the Internet for a new employee is right up there with giving them hazardous materials to dispose of. Even the most seasoned Internet users can fall victim to phishing attacks or other malicious entities on the Internet, so for the uninitiated, it is important that they understand just how critical it is to be vigilant in the face of unrelenting threats. Before they are unleashed, they should have to prove that they: