Hit enter to search or ESC to close



Cybersecurity tips for onboarding new staff

With New Zealand's job market very active, many companies will be onboarding and offboarding staff. Cybersecurity expert Hilary Walton provides essential tips for reducing risks when managing employee changes.

Hilary Walton is Chief Information Security Officer at Kordia. 

In this article Hilary provides some key tips to help businesses reduce their cyber risk as they onboard and offboard staff. And she discusses why it’s so important to incorporate cybersecurity aspects into business processes when employees join or leave an organisation. 

Hilary Walton Kordia

1. Secure access to systems 

Whether your employees work from home or on site, they must log into the company network to access their work systems and data. Having multi-factor authentication (MFA) enforced across the entire organisation is the first step to cybersecurity.  

Doing so is extremely easy if you’re using cloud-based enterprise solutions such as Google Workspace or Microsoft Office 365. It’s one of the quickest and most impactful ways to reduce the risk of unauthorised access by hackers, especially in remote working environments.

Another useful tool to add protection to your cybersecurity front door is to have every employee using a password manager. There are plenty of free options available, which can easily be downloaded as an app on your phone, or accessed via their desktop. 

2. Incorporate cybersecurity into staff training 

The next step is to add a section on cybersecurity in your onboarding materials. Include information such as where to find security policies, who to contact in case of a security event, and how to spot and deal with a phishing email. This will help promote a strong sense of cyber risk awareness and compliance from your staff. 

  • Scams can come via email, text or even social media, so it’s important to reinforce the dangers around clicking blindly on links and checking any suspicious messages before you reply or download attachments.
  • Train employees to lock their screens when they leave the computer unattended, and to pick up  printing from the printer straight away.
  • Make sure they understand how to securely share files and use password protection.
  • Have a clear policy about using the personal use of work devices and how transportable devices such as laptops and mobiles should be managed.

In most cases, line managers handle the onboarding procedures for their staff members, so it’s important they also fully understand the processes to educate their staff and monitor compliance with your policy.

3. Have a process for when staff leave 

Having a consistent offboarding process is just as important.

  • Make sure that when employees leave, there is a protocol in place to ensure their accounts are closed and access revoked.
  • It’s important to have an offboarding session to remind the employee of what data they can take with them, and the consequences of taking what they’re not supposed to. This can be done as a standard process by the IT or HR team to ensure consistency and the employee does not feel singled out.
  • Track the date the IT team is notified of an exit, as well as the date staff left the business and their account deactivated.
"Common sense is not always common when it comes to cybersecurity, and with hackers using sophisticated social engineering techniques to fool unsuspecting users, vigilance is key."  Hilary Walton, CISO Kordia

A thorough onboarding and offboarding process will reduce risks to the business and protect your employees from unknowingly opening doors to external threats. However as the threat of cyber events continue to rise, it is important that processes are reviewed regularly and updated when the environment or risk level changes.

Cyber CTA block

Your cyber insurance sorted

Cyber risks differ for every company and industry. It is important to speak with an expert cyber insurance broker about what coverage your business might need for the most suitable protection. Crombie Lockwood’s expertise in the field, matched with its robust claims management process, ensures any business can obtain the insurance protection best suited to this ever-evolving situation.  

Contact a broker

Published April 2022