75% of UK workers will be job hunting this January (according to ,Reed). With many workers pondering new year career resolutions, as a business, you might also be welcoming new starters into your office (or even remotely).

But what information and tasks should a new employee complete before starting a new job to help keep themselves and your business secure? To help, we have created a Cyber Security New Employee Checklist for employers, which includes further tips and links to other security resources to help your business improve its resilience to cybercrime.

New Employee Cyber Security Checklist for Employers

Recent research showed that UK workers are still going into the office (,an average of 1.5 days a week), so you must lay down the basic policies and instructions for any new employee.

Cyber Security Guidance specific to office-based employees

• Implement Security Policies - Manuals, IT Guidance, Confidentiality (or Non-Disclosure) Agreements
• Provide them with physical security access - Keycard, Parking pass, etc
• Set up their account access - websites, social media accounts, software, Slack, Canva
• Device setup - Laptop, account, GDrive access
  • Ensure firewalls and anti-virus software are enabled
  • Give them password guidance & access to your password manager
  • Show them how to store physical and digital files
  • Tell them how to share sensitive data with colleagues
  • Ensure they know how to lock their computer and desktop
  • Do they know what to do if they receive a phishing email or are the ,victim of a cyber attack?
    • Do they need to know their role in your company's ,Cyber Incident Response Plan?

Cyber Security Guidance specific to Asset Management

The NCSC offers a working definition of an asset, points to some useful data sources, and details how asset management and cyber security can be mutually beneficial. Learn more about ,Asset Management here.

What devices do your employees have access to?

• Laptop / Computer / Phone / Tablet

Guidance specific to Remote / Hybrid Workers

With the growing trend of companies having employees who work 100% remotely or spend a couple of days in the office, you must make employees aware of the security risks they may face. So here are some of the questions you should ask any new hires.

• Are they suited to working from home or ,working remotely? What do they need?
• Do you have a policy on home working / remote working / BYOD?
• Ensure employees do not use personal social media or eCommerce accounts on work devices.
• Make sure employees have account access across multiple devices
• Ensure they're aware of your Password Manager
• Setup with your company VPN
• Recommended when they can/can't work away from home and how to secure themselves in ,remote environments (cafes/airports/hotels)

What policies should be covered by employers with employees?

Businesses can implement as many policies as they like but they must cover anything relevant to your company and your processes. To help you get started, here are five policies that every business should implement with employees.

• Cyber Security Policy

The more we rely on technology to collect, store and manage information, the more vulnerable we are to security breaches. Human errors, cyber-attacks and system malfunctions can cause financial damage and may jeopardise your company's reputation.

A cyber security policy outlines your guidelines and provisions for securing your data and technology infrastructure.

• Anti-Virus / Anti-Malware Policy

An Anti-Virus policy aims to promote the use of anti-virus and anti-malware software. Employees should be educated about the Policy and given directions to ensure all legal regulations are followed.

• Password Policy

Hacked passwords are among the most common causes of data breaches, and it's not surprising when people set weak passwords such as '123456' and 'Password'. Businesses should mitigate this threat by creating a password policy that outlines specific password creation instructions.

• Device Usage Policy

This Policy explains your company's rules on using work devices and personal devices used during work hours and when working remotely.

• Work From Home (WFH) / Hybrid Working Policy

Working from home needs to be managed carefully, especially with new hires; you must have a valid working-from-home policy. Your Policy should outline what homeworking means and how employees can ask to work from home. In addition, it should outline some of the working-from-home rules that are specific to your business.

What guidance is needed when using work devices?

If you hand over a new laptop, mobile or tablet to employees, they must know the security basics.

• Show them how to create a data backup - does this include the cloud and an external drive?
• Show them how to update software, applications and devices
• Make sure that devices have encryption enabled
• Ensure each device has a VPN and document access to your company network
• What company account passwords and account access do they need?

What guidance is needed for using any online company accounts?

If you hand over the keys to your Twitter account to employees, they need to know some basics.

• What passwords are on each account? Do they need guidance when creating their account?
• Run them through the accounts privacy settings
• Ensure they have specific user roles - avoid giving admin access
• Which devices can they be logged in to?
• Do they need a Bring Your Own Device (BYOD) policy?

What guidance do employees need when using Social Media?

• Do they need guidance on what they post on their personal social media accounts?
• Do they need guidance on what they post on ,work social media accounts?
• Make sure you review the personal privacy settings on these accounts.

What training should a new employee receive?

• All employees should receive a basic level of ,Security Awareness Training
  • Has it been completed?
  • Where to go if they have any technical issues?
• Training on the basics of GDPR and how you handle data
• Training on the use of Social Media at work and when talking about the business
• Training on any In-house systems your business uses

Contact us today to discuss any cybersecurity questions relating to new employees or learn more about the Security Awareness Training we can give your employees.