Are new hires putting your data at risk?

Periods of rapid growth are exciting, often chaotic times for small businesses. As new employees join the team they provide an infusion of valuable new perspectives and talents. Unfortunately they also tend to create a lot of new security vulnerabilities as well.

The issue boils down to the simple fact that employees are the main source of risk for data breaches. While most of these occur due to inadvertent error and not malicious acts, it doesn't make them any less damaging to your business.

New employees pose an even greater risk because they're not familiar with your security procedures and may have picked up bad habits in their previous workplace.

Employee security training and guidelines

New employees already have a lot to take in when getting started, but it's critical that security guidelines are covered in detail early on. Often, employees be fully informed about your company's security responsibilities. Creating a standardized data security training for new hires can help close this knowledge gap.

The onboarding process should be designed with the assumption that each new employee has no existing knowledge about security best practices.

It's important to cover even the most rudimentary subjects, such as not writing passwords on sticky notes or opening suspicious emails. This may feel like a remedial course for the more tech-savvy hires, but having it reinforced for everyone is still important.

Include security training in onboarding process

Here are some other things to consider during the on-boarding process:

• Schedule an in-person meeting with an IT manager or another employee who has a strong understanding of your security policies.

• Outfit each new hire's desk with a laminated security checklist, outlining do's and don'ts in an easy-to-reference format.

• Schedule an annual refresher training for employees who have been with the company for more than a year.

• Provide a contact sheet for employees who have questions or think they may have inadvertently put company information at risk.

How to update your data security policy

The proliferation of personal devices and powerful consumer cloud services being used for work have removed much of the control that companies once had over their information. This in turn has entrusted individual workers with protecting sensitive business data.

Since employees account for most security breaches, it's important to shift as much of that responsibility and control back to the company.

This can be done by automating some systems and creating mandatory restrictions where needed. For instance, implementing stringent password requirements and required timed updates can ensure that none of your employees are using easily guessed passwords like “123456" for years on end. This goes for the IT team as well.

Take back control of employee security training

Moving to cloud services for things like email and productivity apps greatly streamlines the process of getting new hires up and running, cutting down the amount of ad-hoc configuration that must be done and the potential for errors or inconsistency along the way. This can also ease the off-boarding process when employees are on their way out, which is equally important for protecting your business (nearly 30 percent of incidents involve former employees).

Finally, it's critical to work with employees and solicit their feedback to ensure the technology tools provided are suiting their needs. If not, they may turn to consumer solutions for things like file sync and share, which puts company information at risk and out of your control.