Onboarding a new employee isn’t as simple as it sounds. In addition to making sure you provide the proper training for the job this team member will perform, it’s also important to make sure he or she is given thorough training in other aspects of your organization and operations.
Over the next few months, we’ll be covering some of the areas you don’t want to miss when onboarding the latest additions to your team, starting with your IT policies, below.
Confidential Data Policy
Confidential data must be handled with great care, as it generally carries more risk than any other data your company has on file. With that in mind, you need to make sure your confidential data policy tells team members exactly how this type of information should be handled. You should also include examples of the types of information your organization considers to be confidential data in the policy.
Acceptable Use Policy
An acceptable use policy should provide details on what is and is not permissible when it comes to using your organization’s IT resources such as the internet connection, email, computer systems, network connections, social media, and personal use, among others. For example, if employees are not permitted to use company-owned devices for personal use or to access social media sites, it needs to be stated here.
This can help reduce the risk of exposure by letting employees know exactly how to use your IT resources, and all employees should be required to sign off that they have read and understood it.
Network Security Policy
A network security policy is essential for two key reasons: data security and risk mitigation. In this policy, team members can find the more technical side of IT security guidelines and procedures pertaining to passwords, firewalls, security testing, and more.
Physical Security Policy
The physical components of your company’s IT resources are just as important as the ones you can’t see, so make sure employees know your standards for maintaining secure operations to protect the valuable resources housed within your office as well as those that team members may use when working remotely. This policy should cover any network devices owned or provided by your organization, as well as people working in your office and any visitors.
Wireless Network and Guest Access Policy
Wireless access can be risky, but with the right policies and guidelines in place, it can be done safely as long as guest access is closely monitored.
In your wireless network and guest access policy, make sure to clearly outline the steps you want to be taken in order to ensure the security of the wireless infrastructure, and make sure that employees know that the policies in place apply to them and anyone else accessing the network through a wireless connection.
Team members need to be reminded that passwords not only safeguard their own accounts within your organization but also provide protection for the entire company. Anyone that has an account that is connected to your network needs to know this policy well and understand best practices for creating a strong password, the importance of never sharing passwords with others unless it is done safely through a password management system, and the risks associated with reusing passwords.
Email is a great tool for communication but can also be the portal for security threats to enter your organization. In your email policy, make sure that your organization’s usage standards are clearly outlined, and remember that it covers the entirety of your email system from the web-based application to any related hardware, as well as external email accounts that are accessed through your company’s network.
Mobile Device Policy
Risks associated with the use of mobile devices are on the rise as these devices are more commonly used for storing sensitive data while working on-the-go. A mobile device policy must cover any device that could come into contact with any of your organization’s data.
Incident Response Policy
From computer viruses to stolen devices or hackers infiltrating your organization and accessing your network, your organization could be at risk at nearly any moment. You’d rather have an incident response policy and never use it than not have one and find yourself frantic when the unthinkable happens. Anything and everything that could affect your company’s integrity and security of information and other similar assets should be covered in this policy, and it should include a plan of action for reporting and resolving any issues if an event occurs.
Onboarding new team members takes time, but when done correctly, you’re less likely to run into issues later on because your new employees have a better understanding of your organization’s policies and procedures from the start. Stay tuned for more information–our next post in this series will cover training for new team members.