Cyber security induction   

Written By Melonie Cole

Have you ever endured grueling “compliance training”, mindlessly ticking boxes to reach the end? 

Too often this as the only form of induction into cyber security for a new employee. What a wasted opportunity! 

Building a good security culture begins on day one. A new employee’s induction is the perfect opportunity to introduce the desired security mindset of your organisation and embed strong security culture.  

Staff who join an organisation that highlights the importance of positive security behaviour are more likely to reinforce these behaviours as part of their ongoing habits. As new staff become more experienced, these behaviours will be passed down to subsequent new employees, where the cycle continues, enhancing security culture. 

Start as you want to continue 

Equip new employees with the knowledge, skills and abilities to practice good security from the beginning.  

Security education should be iterative, so people are not overwhelmed from the get-go. 

Focus initially on the big-ticket items – the essential security practices that new starters need to know immediately and grow their understanding over time. 

Convey the ‘why’ 

Give new employees the ‘why’. New employees may have a limited understanding of what security means or why they need to care about it. 

A meaningful induction programme that defines why security is important to your organisation will help new employees understand why they need to develop a security conscious mindset and take the actions required of them. This sets the foundation for more advanced learning (role-specific) and creates a space where people feel empowered to make good decisions when online and to seek out help if unsure. 

Help with security set ups 

Whether remotely or in person, get this done in a way that employees feel they can ask questions and they leave the session with a better understanding of security and privacy settings, MFA, and how to share information safely.  

Practical sessions are worth their weight in gold. Explaining how a password manager works and getting it set up is a perfect example of a task which can be challenging for many people, but done together, with someone who can explain the ‘why’ as much as the ‘how’ is a much better experience. 

Once someone gets stuck into their role, security will undoubtedly slip from their mind. Take the opportunity to build trust with your security and IT teams and for the employee to hit the ground running with knowledge and devices all set up.  

Keep the cyber security comms burning! 

Consider how to best communicate security messages to new employees ongoing. Set a journey of education over the lifecycle of employees and tailor messages to the needs of different roles and individuals. Identify those people who need advanced or more training to help them build required skills and make them feel valued and equipped with the knowledge they need for their role. Make cyber security interesting, relevant and employees will engage and want more.  

For help with cyber security training and awareness 

Contact Mindshift for help building your training and awareness programme.  

Melonie Cole
Previous

How do I know what apps are safe?
Next

What do you need to do to be secure online?