5 Things New Employees Must Be Told About Information Security
With summer recruitment in full swing, it’s a good time to think about how your company establishes the importance of data security with new employees.
An earlier Ponemon report showed that 66% of respondents said employees are the weakest link in their efforts to create a strong security posture.
But research has shown that many businesses don’t follow best practices on employee training. For example, the 2017 U.S. Information Security Tracker showed that 49% of C-Suites train employees on their industry’s legal requirements only once a year or less, and 39% of SBOs never train employees on their industry’s legal requirements.
Today, information security awareness should be part of the hiring process. Make it clear to new hires that the company prioritizes data security, and that every employee has a responsibility to prioritize it too.
Information Security Priorities for New Employees
Be Aware of Social Engineering Techniques
In the first few weeks of a job, new employees will be opening a lot of emails and other correspondence from coworkers and customers they don’t know – and this is an opportune time for information thieves to use email phishing scams. Warn employees about attackers on social media, blogs and email who will attempt to gain their trust in order to get access to sensitive information. Make it policy that new hires verify that downloads and links in emails are legitimate. On-going training should cover common social engineering techniques and how technology, knowledge and good work habits can combat threats.
Create Strong Passwords on Day One
A 2017 SecureAuth Corp survey showed that despite the commonly known rule to vary account passwords, 81% of people used the same password for more than one account. Easy-to-guess passwords are an issue too. Support strict password protocols in the workplace. Ensure that new employees have adequate password protection on all their devices, and use strong passwords. Never share passwords, and don’t write them on sticky notes (a common habit) or save them in unsecured files.
Mobile Device Security
Many businesses offer flexible working options. But there are risks of working with mobile devices including loss or theft, connecting to weakly-secured public Wi-Fi, and even shoulder-surfing in public places. Educate new hires on these risks and how to safeguard their devices and data. Also, before new employees download apps, they should get corporate approvals.
Understand Data Sharing Risks While Out of Office
Teach new employees about privacy, security, and how the lessons learned at work should apply outside of the office too. Oversharing too much personal information on social media platforms is fodder for attackers who research their potential victims online. There is also a risk of mistakenly sharing sensitive corporate information. Effective training should cover what not to share online, and key warning signs for fake profiles.
Information Security Basics
Don't forget security basics, such as keeping desks clear of confidential data (implement a Clean Desk Policy), shutting down devices when not in use, and notifying IT of suspicious emails, activity or lost devices. Teach new hires to store sensitive information securely, and to follow protocols for secure destruction of confidential data on paper and in digital form. Partner with a document destruction company for streamlined and secure services.
Start Protecting Your Business
To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.