top of page
Writer's pictureJared Thompson

How do you embed Cyber Resilience in New Employees?

75% of UK workers will be job hunting this January (according to Reed). With many workers pondering new year career resolutions, as a business, you might also be welcoming new starters into your office (or even remotely).


But what information and tasks should a new employee complete before starting a new job to help keep themselves and your business secure? To help, we have created a Cyber Security New Employee Checklist for employers, which includes further tips and links to other security resources to help your business improve its resilience to cybercrime.


New Employee Cyber Security Checklist

New Employee Cyber Security Checklist for Employers


Recent research showed that UK workers are still going into the office (an average of 1.5 days a week), so you must lay down the basic policies and instructions for any new employee.


Cyber Security Guidance specific to office-based employees

  • Implement Security Policies - Manuals, IT Guidance, Confidentiality (or Non-Disclosure) Agreements

  • Provide them with physical security access - Keycard, Parking pass, etc

  • Set up their account access - websites, social media accounts, software, Slack, Canva

  • Device setup - Laptop, account, GDrive access

    • Ensure firewalls and anti-virus software are enabled

    • Give them password guidance & access to your password manager

    • Show them how to store physical and digital files

    • Tell them how to share sensitive data with colleagues

    • Ensure they know how to lock their computer and desktop

    • Do they know what to do if they receive a phishing email or are the victim of a cyber attack?

  • Are your employees using ChatGPT?

    • Make sure you clearly define the scope for which employees could use chatbots (like ChatGPT) and the limitations that might be in place.

    • Make sure you regularly review this to ensure it is up to date with any new regulations or legislation that may emerge.


Cyber Security Guidance specific to Asset Management


The NCSC offers a working definition of an asset, points to valuable data sources, and details how asset management and cyber security can be mutually beneficial. Learn more about Asset Management here.


What devices do your employees have access to?

  • Laptop / Computer / Phone / Tablet


A woman working remotely

Guidance specific to Remote / Hybrid Workers


With the growing trend of companies having employees who work 100% remotely or spend a couple of days in the office, you must make employees aware of the security risks they may face. So here are some of the questions you should ask any new hires.

  • Are they suited to working from home or working remotely? What do they need?

  • Do you have a policy on home working / remote working / BYOD?

  • Ensure employees do not use personal social media or eCommerce accounts on work devices.

  • Make sure employees have account access across multiple devices

  • Ensure they're aware of your Password Manager

  • Setup with your company VPN

  • Recommended when they can/can't work away from home and how to secure themselves in remote environments (cafes/airports/hotels)


Guidance for Policies

What policies should be covered by employers with employees?


Businesses can implement as many policies as they like, but they must cover anything relevant to your company and processes. To help you get started, here are five policies that every business should implement with employees.

  • Cyber Security Policy

The more we rely on technology to collect, store and manage information, the more vulnerable we are to security breaches. Human errors, cyber-attacks and system malfunctions can cause financial damage and may jeopardise your company's reputation.


A cyber security policy outlines your guidelines and provisions for securing your data and technology infrastructure.

  • Anti-Virus / Anti-Malware Policy

An Anti-Virus policy aims to promote the use of anti-virus and anti-malware software. Employees should be educated about the Policy and given directions to ensure all legal regulations are followed.

  • Password Policy

Hacked passwords are among the most common causes of data breaches, and it's not surprising when people set weak passwords such as '123456' and 'Password'. Businesses should mitigate this threat by creating a password policy that outlines specific password creation instructions.

  • Device Usage Policy

This Policy explains your company's rules on using work devices and personal devices used during work hours and when working remotely.

  • Work From Home (WFH) / Hybrid Working Policy

Working from home needs to be managed carefully, especially with new hires; you must have a valid working-from-home policy. Your Policy should outline what homeworking means and how employees can ask to work from home. In addition, it should outline some of the working-from-home rules that are specific to your business.

free membership banner

What guidance is needed when using work devices?


If you hand over a new laptop, mobile or tablet to employees, they must know the security basics. Check out our guide on 'How to ensure new devices are secure from cyber attacks.'


  • Show them how to create a data backup - does this include the cloud and an external drive?

  • Show them how to update software, applications and devices

  • Make sure that devices have encryption enabled

  • Ensure each device has a VPN and document access to your company network

  • What company account passwords and account access do they need?


Guidance for Online Company Accounts

What guidance is needed for using any online company accounts?


If you hand over the keys to your Twitter account to employees, they need to know some basics.

  • What passwords are on each account? Do they need guidance when creating their account?

  • Run them through the accounts privacy settings

  • Ensure they have specific user roles - avoid giving admin access

  • Which devices can they be logged in to?

  • Do they need a Bring Your Own Device (BYOD) policy?


What guidance do employees need when using Social Media?

  • Do they need guidance on what they post on their personal social media accounts?

  • Do they need guidance on what they post on work social media accounts?

  • Make sure you review the personal privacy settings on these accounts.


What training should a new employee receive?

  • All employees should receive a basic level of Security Awareness Training

    • Has it been completed?

    • Where to go if they have any technical issues?

  • Training on the basics of GDPR and how you handle data

  • Training on the use of Social Media at work and when talking about the business

  • Training on any In-house systems your business uses

  • Training on new and emerging software like ChatGPT and AI

security awareness training banner

Contact us today to discuss any cybersecurity questions relating to new employees or learn more about the Security Awareness Training we can give your employees.

Comments


How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.

 

Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.

 

This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page