Taking on your first employee? Don’t forget security

Taking on your first employee is a huge step for any new business.  

There’ll be a lot for you to think about: registering as an employer, taxes, pension scheme, employer’s liability insurance, training and, of course, security. 

There’s the personal security/health and safety aspect: is your workplace going to be a safe and secure place for them to work? 

And then there’s the security of your business. How will you protect your business information and systems now there are two of you? 

Securing your business 

If your new employee will be coming to your (now shared) workplace, you’ll need to provide them with access to the building or office, even if you are not present. Don’t forget to consider how you’ll stop other people using that access. 

If you are providing them with IT equipment you should think about how that equipment will be physically stored when not being used and how it will be secured against attack

To make life easier for yourself in the future, as your business grows and you add more employees, we suggest developing an asset inventory too. Start as you mean to go on, and keep control of what assets your business has. 

On the other hand, if your new employee will be using their own phone or computer, we recommend that you develop a ‘bring your own device’ policy. This should cover what devices are acceptable, how the device will be secured, what will happen if the device is lost or stolen (or needs fixing), how your company data will be secured, whether you will install software onto the device to keep company information in one secure location on the device, and so on. Protecting mobile devices, whether they are yours or theirs, is important. 

Give your new employee guidance  

While it was just you, you could keep your policies (guidelines for working) in your head, but now there will be two of you, you’ll need to share them, and you’ll need some additional policies as well. The list will vary depending on what your employee will be doing – for example, you might need a secure development policy, or a social media security policy – but could include: 

  • Password policy – what will count as an acceptably strong password? How, or where, will your employee store their passwords?  
  • Backup policy – how will you back up the data that your business creates, and how often?  
  • Acceptable use policy – what is it OK for them to do with your IT equipment and information? 
  • Information security policy – how will you secure the information your business uses, whether this is customer data or company data? 
  • IT security policy – how will you secure your IT systems? What will you do if there’s a problem? 

You probably already have a way of dealing with these things already, while it was just you in the business, but by writing them down, you’ll be able to communicate how you want your employees to work. You’ll need to explain these policies to them, and should provide some security awareness training too, to reduce the risk that they click on a malicious link. If you haven’t already, we suggest you do the same training.  

The North West Cyber Resilience Centre has a checklist that you could follow (tailoring it to suit your circumstances, of course) for new employees. 

In summary 

Don’t forget to think about securing your business when you’re thinking about expanding your business. A bit of work thinking about cyber security for your business before your first employee joins will save you time later. 

If you’d like some help putting policies in place to help secure your business, just contact us on 0113 733 6320.