February can be a busy time for many businesses in terms of new starters, but given the ever-evolving working environment it is vital that businesses rethink their induction plans to place a focus on IT and cyber security.
With an influx of younger tech savvy employees now making their way into the world of work they are driving a need for businesses to rethink their induction and IT policies to not only continue to maintain and encourage a use of technology that can assist in productivity, but also one that does not compromise on security risks. As such we have produced an IT induction plan for you to use when welcoming new team members into your business.
1. All new employees need an account
Before anything, it is vital that you get all new team members set up on your systems. You should coordinate with your hiring manager and HR to collect the information that you will need to set up their accounts. You’ll also need to determine what equipment and software they will need to be able to complete their tasks.
2. It IS your job
Regardless of whether your new team member is joining Marketing or your own in-house IT team, it is important to make it clear that they play an active part in detecting or reacting to cyber security threats. Effective security management should not limit cybersecurity responsibilities to a dedicated team but instead should be companywide, drawing on all team members. Training should not be limited to IT personnel but the whole company on a rolling basis to ensure effective threat detection and management methods continue to stay up-to-date.
3. Present your BYOD policy
With the rise of digital impacting almost industry vertical, modern workplaces have now begun to accommodate team members who wish to bring their own devices into work to boost their productivity and expand the type of work that they can complete. What can often get overlooked however is how own devices can cause huge weaknesses in your cyber security and data protection chains – it gives your businesses data a clear path outside of the organisation in the event of such devices getting breached, misplaced or stolen. As such, BYOD device policies should be in place and presented to all new employees.
4. Be clear about what can and cannot be shared
If your business isn’t yet on social media then it should be. It brings a whole new dynamic to the way your business communicates with both prospects and clients, but new starters should also be made aware of the risks associated with it before using such tools. Encouraging employees to share your businesses post is a great way to start, and you should be clear about the information that can and cannot be shared by employees on their own accounts – this relates to the threat of social engineering, a technique employed by cyber criminals today where attackers can use social accounts to pick up key pieces of information about employees and things like their tone, things important to them and so on. These are then used to form phishing emails and other attack methods.
This is by no means a comprehensive list of what should be included in your new starter’s IT orientation process, but it gives you a great starting place. As we mentioned earlier, employees are your weakest link when it comes to cyber security. Don’t get what we mean? See our most recent infographic here.
All businesses should be taking cybersecurity seriously. Recent findings showed that 42% of SMBs experienced at least one breach to their systems in 2018, with 17% of cases taking one or more days to recover from. If you’d like to see how we can help to protect your systems and data, have a look at our Complete Cyber Security package.