When trying to fill a position at any organization, there are many things to consider before making an offer to a prospective employee. While many hiring managers will make sure candidates have experience with or willingness to learn various tools, they rarely ask about the fundamentals of cybersecurity knowledge. Employees are an important line of defense against cyberattacks. Since they are often the last line of defense, a few key things should be covered during employee onboarding.
You probably have a password policy of some kind in place. By requiring a certain level of complexity for passwords and frequently changing them, you can help ensure employee accounts stay secure. However, it is important to make sure that these are policies that employees are required to follow, not just guidelines. You can ask your IT department to set up forced password changes after specific time intervals, and they can also set up rules so that passwords must meet a minimum level of complexity and not be reused. Talking to employees about the importance of strong passwords and keeping them private is a great first step in IT security.
Secure Networks and VPN
We are often more concerned with being able to get online than wondering what dangers our connection might present. While your office uses a private, secure network, it is important that employees know the risks they face when they work remotely. Public Wi-Fi networks (and even some home networks) are often unsecured, and this gives hackers the ability to distribute malware to connected devices. If employees are working from home or just taking a meeting in a coffee shop, they should always use a Virtual Private Network (VPN), which will encrypt their data and hide their IP address, preventing malicious attacks on their devices. You can also make sure that certain tools, like your finance software, can only be accessed through your in-office network or your VPN. This will help employees know the importance of secure networks while also forcing them to use them even if they otherwise wouldn’t.
Recognizing Phishing Attempts
One of the easiest ways for your employees to accidentally cause a security breach is through a phishing email. By following links or opening files, they can open their device, and your company, to malicious software and data breaches. It is important that employees know how to spot a phishing attempt so they can avoid them. Paying attention to the sender's address, spelling and grammar, and whether or not the message is unusual or unexpected, even if it seems to come from someone trustworthy, are all good ways to spot an untrustworthy email. For more tips, check out our brief guide here.
There are plenty of things that need to be done within an organization to protect against cyber threats, but these are a few things your employees can be aware of to help. Introducing these topics during the onboarding process makes sure employees know that the information is important. It may seem like common sense, but everyone starts with different levels of technical and security knowledge. Including time for even basic security training is an essential part of the hiring process.