What should onboarding include on the topic of cybersecurity?
Cybersecurity probably seems like a big topic to include in onboarding, but it is increasingly important for employees at every level to develop necessary competencies in this area. Many individuals think they have “a basic understanding” of what they are expected to do in order to prevent security breaches through online connections, but in most cases that is not enough.
Onboarding should address the minimal and sufficient cybersecurity understanding and skill needed during an employee’s initial time with the organization. The level of detail depends on the nature of the organization and the work the employee does. The level of skill required to detect, avoid, and report possible breaches does not depend on the employee’s level in the organization, or on the employee’s knowledge of organizational strategies or business plans.
Why is cybersecurity important?
Onboarding should address the two basic reasons for the importance of cybersecurity. These are not only about the security of business information, but increasingly about the personal information of individuals.
- Our identities are increasingly online. Credit agencies, our workplaces, and social media networks that we use every day contain a vast amount of information about each of us.
- Supply chains that keep us fed and clothed are managed through information technology.
Cybersecurity concerns apply to every employee because breaches in the security of information can affect everyone. The company Risk Based Security reported that in 2021, the number of records exposed exceeded 37 billion. The impact of major data breaches involving organizations such as Equifax, Amazon, Marriott, and Microsoft means it takes more than changing passwords in order to limit the damage.
How do breaches of security take place?
We are surrounded by technology that constantly collects information. This includes personally identifiable information about individuals such as user names and passwords, information about bank accounts and credit cards, and other details. If the technology is not designed correctly, the information can be compromised. If people do not use the technology correctly, the information can be compromised.
In addition to the design and use of technology, information is protected by laws such as:
- The European Union’s General Data Protection Regulation (GDPR)
- The California Consumer Privacy Act (CCPA)
- The New Zealand Privacy Bill
- The United States’ Health Insurance Portability and Accountability Act (HIPAA)
- Intellectual Property Laws
Protection is also provided by cybersecurity measures built into local procedures and compliance requirements, such as those that cover use of personal devices (BYOD)
Awareness and action
An important part of onboarding is the inclusion of training to recognize possible or actual breaches of information, and what to do when a breach is detected. The first step is to contact the internal IT group or an external organization that can provide the necessary services. The details of this action should be covered in onboarding, and in supporting documentation.
There are hundreds of software applications in online listings to support cybersecurity. After you have defined what you are looking for, you may want to use a shortlist chart such as this one in Capterra.com to review the choices that fit your needs and organization. Note that some of these choices include support for training and some are intended for use by It, but onboarding should provide employees with preparation to use the appropriate tools.