A common problem many organizations face with their security awareness program is the new hire process. They are tasked to train and secure new hires, but often have very limited time and resources to do this (sometimes no more than 15 minutes to 'secure' each new hire during the initial on-boarding). In addition, new hires are bombarded and overwhelmed with everything else they are learning, to include healthcare, how email works, how their new computer works, expenses, etc. We had a great discussion about this challenge in the last MGT433 two-day course , this is what we as a class came up with.
- Do not try to secure your new hires during the on-boarding process. Its too much information in too little time, and the new hires can't remember it all anyways.
- Instead of focusing on policies and behaviors, focus on laying a foundation. Make sure new hires understand your organization takes security seriously, the important role they play (technology can't stop everything) and set expectations what they will learn through the security awareness program. Explain what and who the security team is, how the security team will be communicating to them, and what the new hires can expect training wise over the next six months.
- If your awareness program uses a certain brand, mascot or logo show this to the new hires and explain to them whenever they see this brand, its part of the security program.
- Finally, make sure they know who and how to contact the security team and where they can learn more.
Ultimately the new hire process is not about securing employees, but building a relationship with them, ensuring they understand the importance of security, and explaining to them what to expect in the coming months.