As we explored in a previous column, onboarding employees effectively is critical for a security company’s hiring and employee retention success. And as our world and industry grow increasingly connected, making cybersecurity a part of the onboarding process is a necessity. According to Identify Theft Resource Center’s Annual Data Breach Report, there were 1,862 data compromises in 2021 — a 68 percent increase over 2020  — with 1,613 of those directly related to cyberattacks. And the cost of a data breach rose from $3.86 million in 2019 to $4.24 million in 2021.

The Security Industry Association (SIA) recommends creating policies for new hires and offering refresher training for current employees to increase cybersecurity awareness, help prevent incidents and keep data protected.

Here are some top cybersecurity onboarding tips and topics to focus on to help you get your hires off to a good start in a safe and secure way. These recommendations come from SIA’s Cyber Onboarding Guide for Employees.

Strong Password Practices

  • Train new hires on how to set strong passwords — e.g., using longer passphrases rather than simple passwords — and emphasize the importance of setting a unique password for every account.
  • Teach employees about safe password storage, ideally leveraging a password manager with strong authentication. If passwords are stored elsewhere electronically, they should be encrypted and password-protected, and if written down they should be stored in a secure location away from employee computers.

Using Company-Issued Hardware

  • Instruct employees that whenever possible work should be done on company-issued devices that are maintained and updated for security on a regular, trusted schedule.
  • Remind staff to keep your company-issued devices password-protected, physically secure them when not in use, leverage company-provided web portals or virtual private networks and immediately report lost or stolen devices to the IT department.

Wi-Fi Security Precautions

  • Emphasize to new hires that public Wi-Fi networks are not secure, so it’s best to limit activity on them.
  • If a public Wi-Fi network must be used, instruct staff to ensure the network is the one it’s purported to be (and not a duplicate network set up by a hacker) and log in to the company VPN once connected for added protection.

Safe Email Habits

Teach hires to look for indicators of a malicious email (e.g., poor grammar or messages that urge quick action or claim that the recipient must verify their credentials).

Remind staff not to click on links or open attachments from emails unless they are from recognized, trusted sources.

Safe File Sharing

  • Train new hires on safe file-sharing habits — avoiding use of USB drives to share files with others and instead leveraging more secure methods like email, network drives or cloud storage.
  • Ensure your organization limits access to sensitive information on a need-to-know basis, and institute strong authentication to reduce unauthorized access to data
  • Additionally, onboarding should include review of and attestation to your company’s: acceptable use policy, privacy policy, access control policy, physical security policy, and remote work policy (even if the employee is an office employee, as there could be a time that they transition to remote work either through a job change or some other event).
  • A special thank you to Antoinette King, founder of Credo Cyber Consulting and vice chair of SIA’s Cybersecurity Advisory Board, for lending her expertise in reviewing and validating these recommendations.
  • Want even more guidance on cybersecurity onboarding for new hires?

Check out the full SIA guide here.