Importance of Cybersecurity in the Employee Onboarding and Offboarding Process
Malicious actions taken by disgruntled former employees have the potential to cripple any business, no matter how large or small. It happened to Amazon, to Apple, to the infidelity matchmaking website AshleyMadison, and to the automotive innovators at Tesla. And it has occurred at many small and mid-sized organizations as well. Former employees have stolen intellectual property and trade secrets—including proprietary software and technical information—and have taken passwords, administrative privileges, and intimate knowledge of their former employers’ IT environments with them when they left their jobs.
Of course, not all harm that employees do to information security is accomplished in bad faith. In the 2019 Verizon Data Breach Investigations Report, for instance, “privilege abuse”—including the abuse of credentials accidentally disclosed to criminals by victims of social engineering attacks—and “data mishandling” were among the most common causes of breaches, and together were responsible for more than half of the incidents included in the survey. Employee errors, accidents, and misconfigurations remain among the leading causes of data breaches year after year and have held this position since indexing began.
This is why it’s critical to have cybersecurity measures in place for the Employee Onboarding and Offboarding process.
Developing the proper onboarding and offboarding procedures can have a major impact on your organization’s cybersecurity risk profile. Both malicious acts and innocent mistakes will be far less likely to result in a data breach if you have the right policies and workflows in place.
Read on to learn about best practice guidelines to help your incoming employees keep cybersecurity front-of-mind, and to prevent employee departures from increasing your vulnerability.
How to Get Employees on Board with Cybersecurity Policy and Compliance
New hires are often your most eager, attentive, and motivated employees. If you can successfully turn this beginner’s enthusiasm into good habits, you’ll have taken an enormous step towards creating a strong and resilient cybersecurity culture within your organization.
Implement a well-designed Security Awareness Training program and make participation mandatory, not optional. Look for a program that provides information in various types of media and in differing formats to engage employees with diverse learning styles. Research indicates that including games and quizzes can boost employees’ ability to remember information from the training, and incorporating testing and assessment can help you evaluate the training’s effectiveness, and show you which individual employees are likely to pose the greatest risks.