Periods of rapid growth are exciting, often chaotic times for small businesses. As new employees join the team, they provide an infusion of valuable new perspectives and talents. Unfortunately, they also tend to create a lot of new security vulnerabilities as well.
The issue boils down to the simple fact that employees are the main source of risk for data breaches. While most of these occur due to inadvertent errors and not malicious acts, it doesn’t make them any less damaging to your business.
New employees pose an even greater risk because they’re not familiar with your security procedures and may have picked up bad habits in their previous workplace.

Employee security training and guidelines

New employees already have a lot to take in when getting started, but it’s critical that security guidelines are covered in detail early on. Often, employees are fully informed about your company’s security responsibilities. Giving your new hires comprehensive security awareness training can help close this knowledge gap.
The onboarding process should be designed with the assumption that each new employee has no existing knowledge about security best practices.
It’s important to cover even the most rudimentary subjects, such as not writing passwords on sticky notes or opening suspicious emails. This may feel like a remedial course for the more tech-savvy hires, but having it reinforced for everyone is still important.

Include security training in the onboarding process

Here are some other things to consider during the onboarding process:
 – Schedule an in-person meeting with an IT manager or another employee who has a strong understanding of your security policies
 – Provide each new hire a security checklist, outlining do’s and don’ts in an easy-to-reference format
 – Enroll them in cyber security awareness training right away and complement the training with regular phishing tests
 – Enable automated reminders such as password security prompts, email warning tags, etc.
 – Provide a contact sheet for employees who have questions or think they may have inadvertently put company information at risk
 – If employees will be using their personal devices, have them sign a BYOD agreement and consider installing a mobile device management application

How to update your data security policy

The proliferation of personal devices and powerful consumer cloud services being used for work have removed much of the control that companies once had over their information. This in turn has entrusted individual workers with protecting sensitive business data.
Since employees account for most security breaches, it’s important to shift as much of that responsibility and control back to the company.
This can be done by automating some systems and creating mandatory restrictions where needed. For instance, implementing multi-factor authentication and stringent password requirements can help ensure your employees aren’t exposing their network credentials. This goes for the IT team as well.

Take back control of employee security

Moving to cloud services for things like email and productivity apps greatly streamlines the process of getting new hires up and running, cutting down the amount of ad-hoc configuration that must be done and the potential for errors or inconsistency along the way. This can also ease the off-boarding process when employees are on their way out, which is equally important for protecting your business (nearly 30 per cent of incidents involve former employees).
Finally, it’s critical to work with employees and solicit their feedback to ensure the technology tools provided suit their needs. If not, they may turn to alternate, unsecured solutions which puts company information at risk and out of your control.