Author Profile Picture

Carol Evenson

Del Ile Technology Inc.

Training Manager

googletag.cmd.push(function() { googletag.display(‘div-gpt-ad-1705321608055-0’); });

Keys to Training New Employees on Security Protocols

default-16x9

Every network is vulnerable to hackers all over the world. Organizations should be concerned with all the threats out there. In fact, a recent report by DataIQ stated that  by the end of 2016 over 1 billion data breaches. With the average data breach costing tens of thousands of dollars, it has become imperative for businesses to establish safety measures. Many companies overlook the fact that one of their best security solutions lies within their employees.

Security Risks

Employees that have not been trained in security policies may inadvertently put the company at risk by:

  • Using generic or predictable passwords
  • Improperly securing computers when away from their desk, or leaving laptops or mobile devices exposed to thieves
  • Downloading files from the Internet
  • Falling for social media or email scams
  • Failure to report suspicious behavior or odd network performance

Taking the time to train new hires on correcting these behaviors before they even get to their desks can eliminate many of these security issues and reduce your risks. This is particularly true of the increasingly common use of outsourced, remote employees who supervise themselves. According to PNMsoft, "Today’s businesses are increasingly managed offsite; with employees completing their tasks remotely." They should also be trained in security policies before getting network access.

Security Policies

Instituting security awareness programs, and following up to see that they are followed, provides new employees with the motivation for protecting organizational data. Proactive behavior for protecting information must be taught and encouraged. There should be clear, documented policies in place outlining good practices.

Employees must also be reminded of the consequences to the company should data breaches happen or malignant software be introduced. The cost to companies of data breaches has increased 23% over the past three years, according to IBM. New employees at every level should be familiarized with the company's security program, especially managers who must ensure that such policies are being followed.

IT Risk Assessment

The first step in designing and implementing a sound security policy is to review current steps being taken and overall security awareness among existing employees.

Some key questions needing answers are:

  • Are there already security policies that are not enforced?
  • Do employees receive security training?
  • Do employees know how to recognize and respond to possible network intrusions?

These questions can help companies identify areas that need improvement. Policies should align with business objectives. After new hires are trained, assessments should be made to determine whether the training has been effective.

Security Starts at the Top

One important step is getting upper management on board. According to Blue Coat, 70% of business data breaches result in a $10,000+ loss. Executives must understand that security breaches can damage or ruin companies, and justifies the costs of protection, particularly taking the time and trouble to train new employees. Many vulnerabilities are due to human error, and executives should understand that this is something than can be addressed.

Designing Your Program

Launching a comprehensive security program should bring together leaders from a cross-departmental range of employees. IT, HR, accounting, marketing, customer service, and others may have valuable input on proactive security measures. Special conditions may be needed for certain departments, but it's important that security awareness be instilled in the entire company.

Every phase should be documented for later review, such as:

  • Overall policy defining enterprise-level objectives and values
  • Evaluation of current policies to identify problems and suggest corrective measures.
  • Detailed documents describing how the program should be implemented and managed in various departments or locations.
  • Generation of a training program for new hires with appropriate resources, materials, and instructors.

In addition, the security program should be documented for reference and available on the company's intranet as an employee resource. It should also be included in orientation materials.

Whatever the eventual format taken in employee training, it should be emphasized that employee vigilance and good security practices are a vital part of protecting the organization's information. New hires should be introduced to a company culture that puts emphasis on security awareness and expects security policies to be followed.

Author Profile Picture
Carol Evenson

Training Manager

Read more from Carol Evenson