The big day has arrived. A new employee is joining your organization today! All the numerous interviews, background checks, and internal decision making discussions have led to this moment. Your new hire is eager to get started and to make a positive impact. What can you do to help new people become stellar employees more quickly? One important way is to offer Security Awareness and Compliance Training as part of new employee onboarding. 

Onboarding training is an essential aspect of bringing a new employee into an organization. There are numerous checklists that have been developed to ensure that new hires feel comfortable and supported in their new positions. Many of these checklists have line items for policies to be reviewed, including Security and Compliance. However, if you are only mentioning these policies in passing or handing new employees a document to read and sign in order to mark this box on the checklist, you are missing a golden opportunity for building a trust relationship with new colleagues. 

Security Awareness and Compliance Training is more than knowing the policies of what to do or not do. It is knowing why these policies are in place, what/who they are protecting, and the consequences of not following them. You never want employees to feel exposed because they are lacking the context for Security and Compliance policies. For example, everyone who drives knows what a speed limit sign is and what it is telling you. It is in every Driver’s Ed course and is a question on every driver’s license test. Even knowing the law, many people choose not to follow the speed limit. They have plenty of reasons why they don’t do as they know they should.  Unfortunately, many times people do not understand the law until they are pulled over by law enforcement for speeding and get an expensive ticket or, even worse, they witness or are involved in an accident that is the result of the speed limit being ignored. 

Security Awareness and Compliance Training should provide your new employees with  

  1. A strong outline of the security and compliance landscape of an organization – This should include not only internal policies, but also Industry and Governmental protocols and regulations (e.g., PCI DSS, HIPAA, GDPR, FERPA, etc.) that impact your organization. 
  2. A review of Security Awareness best practices – We should never assume that an employee comes to a new company knowing what to do (or not do) when it comes to cyber security. Every employee should complete Security Awareness Training (SAT) within the first 10 days of employment. Employees should also receive training in Data Privacy and Protection during onboarding. 
  3. An understanding of the importance of the new employee’s role in the overall security and compliance stature of the organization – 90% of data breaches are caused by human error, often in the course of performing work duties. Onboarding should  include targeted training tailored to the employee’s role, such as Secure Coding training for development teams or Anti-Money Laundering for financials teams. 
  4. Relevant, real life examples of the Policies in action, with opportunities for practice – People learn best when knowledge is tied to examples that are pertinent  to the individual. This is why Gamification has risen in popularity in training over the last several years, as well as Exercises (tabletop, walk-throughs, full-scale, etc.). It also why Phishing Simulation is an important training tool for employees’ development. 
  5. Information on whom to contact if employees have security and compliance questions – We know that one of the fastest ways to lose an employee is to not provide them support for success. If a user cannot name who to contact in the case of incidents which may arise in the course of their duties, they are not being fully supported. Be sure to include Subject Matter Expert (SME) Points of Contact for new employees during onboarding. Resist the temptation to always have employees work through their managers, as sometimes the incident that they need to report involves a manager. 

Security Awareness and Compliance Training during new employee onboarding takes time and resources to complete. Many times, we have been waiting for so long to bring in a new employee that we are tempted to rush them through employee training and get them working, collaborating, and producing. However, skipping or excluding training opportunities during the Onboarding phase can lead to serious security and compliance issues for the employee and the organization. The return on this type of investment is not only well-trained staff, but also new employees who

  • understand your expectations of them in relation to security and compliance, 
  • understand and personify your organization’s commitment to security and compliance, 
  • feel they are part of a team who follows best practices, and
  • provide a strong brick in your Human Firewall. 

Not sure how to get started? Global Learning Systems can help! We offer an award-winning program, Human Firewall 2.0, that takes the guesswork out of creating and executing your Security Awareness and Compliance Training. We have affordable plans tailored specifically to maximize ROI. You can select the training titles that you need for your business and work with our team to create a continuous training plan to ensure that your employees are getting the right information at the right time. 

Authors: 

Marina Kelly is the Technical Director at Global Learning Systems and the principal author of the Secure Coding with OWASP Top 10 – 2017 training course.

Roge Holman – Channel Partners facilitates the Global Learning Systems Partner Program.