A common
problem many organizations face with their security awareness program is the
new hire process. They are tasked to train and secure new hires, but often have
very limited time and resources to do this (sometimes no more than 15 minutes
to 'secure' each new hire during the initial on-boarding). In addition, new
hires are bombarded and overwhelmed with everything else they are learning, to
include healthcare, how email works, how their new computer works, expenses,
etc. I have had great discussions about this challenge in the last few months
and this is what I came up with to do what we are asked to accomplish.
- Do not try to secure your new hires during the on-boarding process. It’s too much information in too little time, and the new hires can’t remember it all anyways.
- Instead of focusing on policies
and behaviors, focus on laying a foundation. Make sure new hires
understand your organization takes security seriously, the important role
they play (technology can't stop everything) and set expectations what
they will learn through the security awareness program. Explain what and
who the security team is, how the security team will be communicating to
them, and what the new hires can expect training wise over the next six
months.
- If your awareness program uses a
certain brand, mascot or logo show this to the new hires and explain to
them whenever they see this brand, its part of the security program.
- Finally, make sure they know who
and how to contact the security team and where they can learn more.
Ultimately
the new hire process is not about securing employees, but building a
relationship with them, ensuring they understand the importance of security,
and explaining to them what to expect in the coming months.
No comments:
Post a Comment