Setting the cyber security tone during on-boarding


Part of your employer brand is communicated to employees through the quality of your on-boarding process. A good on-boarding process for new employees matters: it sets the tone and keeps the chosen employee engaged with the process, so they don’t jilt the employer for a different offer partway through the process.

On-boarding actions are likely to include contact from the line manager and smooth handling of all the paperwork in advance of Day 1.

For larger companies, this might include also setting up contacts with a current employee, or with other new starters, access to a portal of company information (sometimes with pre-reading) and it might include a goodie bag of branded swag.

What does this have to do with cyber security, you ask?

On Day 1, your new employee is likely to be set up with company ID, new IT kit, lots of new logins, meetings, instructions and things to read…

They will be anticipating emails from you, tasks to complete, links to click and so on, both before starting and on the first day or two.

This is a great time for an attacker to spoof a company email address, and send a phishing link to your prospective employee, either to phish them personally, or your business through them. The attacker might find out that you have a brand-new employee through a social media such as LinkedIn, through a New Job post from them, or a Welcome post from you.

So, one of the on-boarding tasks you could consider before Day 1—particularly if you’re not big enough to be able to put up a secure new-starter portal—is some initial cyber security awareness training. Perhaps add some guidance on what a genuine company email from you might look like, and who they might expect to hear from.

Not only would this reduce the risk of your new hire clicking on a phishing link just because they are eager to please, but it also sets the security tone for your company. Your new hire will know that security is considered to be as important in your company as setting up the pension scheme.

“This is how it is to work here: we are security-minded.”

See also our post on Tone from the Top.

Would you like more tips on cyber security awareness training, or on how to establish a secure culture? Please contact the Click and Protect team on 0113 733 6230, or fill out our contact form.