Skip to content
English
Incident Support Customer Portal
Contact Us
  • There are no suggestions because the search field is empty.

What are the basic security requirements when onboarding new staff?

Onboarding new staff is an essential opportunity to integrate security practices into the work culture and ensure that employees understand their role in protecting the organisation's data and assets.

Setting up strong security measures from the start can significantly reduce the risk of security incidents caused by negligence or lack of awareness.

Here are the basic security requirements when onboarding new employees:

1. User Access Control & Account Setup

  • Create User Accounts: Establish user accounts for email, applications, network access, and other essential systems. Ensure that the account creation follows the least privilege principle, giving employees only the access they need to perform their job duties.

  • Set Strong Passwords: Assign strong, complex passwords, or require employees to set their own during initial login. Encourage the use of a password manager to store passwords securely.

  • Multi-factor Authentication (MFA): Enable MFA for all critical accounts, especially for accessing sensitive data and systems. This adds an additional layer of security by requiring employees to authenticate using something they know (password) and something they have (like a phone or hardware token).

  • Role-Based Access Control (RBAC): Set up permissions based on the employee’s role in the company. Ensure that the employee can only access data and systems necessary for their work.

2. Security Awareness Training

  • Cyber security Training: As part of the onboarding process, provide security awareness training that covers essential topics like:

    • Phishing prevention
    • Password management
    • Social engineering
    • Data privacy and protection
    • Incident reporting procedures

  • Acceptable Use Policy (AUP): Ensure that the new employee understands the organization’s Acceptable Use Policy (AUP), which outlines guidelines for using company assets like computers, mobile devices, and internet access.

  • Security Best Practices: Educate new employees on security best practices, such as:

    • Locking devices when unattended
    • Using strong passwords and avoiding password reuse
    • Not sharing login credentials or sensitive information
    • Proper handling and storage of sensitive data

3. Device and Endpoint Security

  • Device Setup: Ensure that all company-issued devices (e.g., laptops, desktops, smartphones) are properly configured with security software, such as:

    • Antivirus/anti-malware programs
    • Firewall
    • Disk encryption (e.g., BitLocker for Windows or FileVault for macOS)

  • Mobile Device Management (MDM): If employees use mobile devices (either company-issued or BYOD—Bring Your Own Device), implement MDM solutions to remotely manage, track, and secure those devices, ensuring they are compliant with company policies.

  • Endpoint Security: Ensure that the devices are enrolled in endpoint detection and response (EDR) systems to monitor and respond to potential security incidents in real-time.

4. Secure Data Access and Management

  • Data Access Guidelines: Teach employees about data protection practices and the importance of keeping sensitive information secure. Explain how to access, share, and store data securely.

  • Data Classification: Help employees understand different types of data classification (e.g., public, internal, confidential, restricted) and the corresponding levels of protection for each type.

  • Cloud Storage and File Sharing: If employees need to access cloud storage or file-sharing tools, ensure they understand how to use them securely, including encryption and avoiding sharing files with unauthorised individuals.

5. Communication and Collaboration Tools Security

  • Secure Communication: Ensure employees are familiar with secure communication practices, especially when discussing sensitive data. This may include using encrypted email services, secure messaging platforms, or Virtual Private Networks (VPNs) when working remotely.

  • Collaboration Platform Security: If employees use collaboration tools (e.g., Slack, Microsoft Teams, Zoom), ensure that they are aware of security settings, such as private group settings, user access controls, and message retention policies.

6. Physical Security Measures

  • Office Security: Provide guidelines on physical security, especially for employees working in the office or shared spaces:
    • Locking computers when not in use.
    • Not leaving sensitive documents unattended.
    • Securely disposing of printed materials.
    • Ensuring proper access control (e.g., ID badges or keycards).
  • Remote Work Security: If employees are working remotely, set expectations around physical security (e.g., using secure home Wi-Fi networks, avoiding public Wi-Fi for work-related activities) and using VPNs to ensure a secure connection to company resources.

7. Background Checks and Screening

  • Conduct Background Checks: Depending on the nature of the role, performing background checks (e.g., criminal, credit, or employment history checks) may be part of the security process for evaluating whether the employee poses a risk to the organization.

  • Security and Privacy Agreements: Ensure employees understand their legal and ethical responsibilities by having them sign non-disclosure agreements (NDAs) or confidentiality agreements, particularly if they’ll have access to sensitive or proprietary information.

8. Incident Reporting Process

  • Introduce Reporting Channels: Ensure that new employees are aware of the channels and processes for reporting security incidents, including potential security breaches, phishing attempts, or suspicious activities.

  • Clear Instructions: Provide clear instructions on how to report an incident or breach, who to contact, and the steps employees should take to minimize potential damage.

9. Ongoing Security Monitoring

  • Continuous Monitoring: Implement monitoring tools that track employee activity on the company network to detect unusual behavior that could indicate a security threat. This is particularly important in high-risk roles or for accessing sensitive data.

  • Security Audits: Conduct periodic security audits and checkups to ensure that employees continue following security protocols after onboarding and that there are no gaps in security.

10. Exit Procedures (for when staff leave)

  • Revoke Access: As part of the offboarding process, ensure that all accounts, devices, and access rights are revoked or reassigned to prevent unauthorised access after an employee departs.
  • Data Return and Deletion: Have the employee return any company-issued devices and securely delete any sensitive data or files from their personal devices.

Conclusion

Onboarding new staff with strong security measures is essential to safeguarding your organisation's assets, data, and reputation. By setting up secure access, providing security training, ensuring device security, and educating employees about data protection, you reduce the risk of potential security breaches and foster a culture of cyber security awareness from day one. Proper security onboarding also helps employees understand their responsibility in protecting the organisation’s information, ultimately enhancing overall cyber security.