Background Checks:
Conduct thorough background checks on potential employees, including verifying employment history, education, and criminal records. Do negative marks on any of these mean you shouldn’t proceed, not necessarily, but you are responsible for opening that dialogue and ensuring their situation is within your risk appetite.
Communicate Security Culture Expectations
If your organization boasts a security culture, make damn sure it is communicated at as many levels of the onboarding and even recruitment process as possible. Additionally, gauge a prospective candidates security literacy relative to your expectations. You certainly do not need to turn down a prospect who isn’t a cyber warrior, but knowing that they may need assistance is useful information for their direct supervisor.
Access Control Assistance:
Ensure proper categorizing of necessary access controls to ensure that new employees only have access to the information and systems necessary for their roles. Often times, technical leaders simply configure the access passed to them in procedures. Make very sure these procedures are mapped well to the job function and actual level of needed data.
Policy Acknowledgment:
Ensure employees acknowledge and understand cybersecurity policies on day 1 as well as through regular reviews and sign-offs.
Ensure the secure termination of access for departing employees, including immediate revocation of system access. Additionally, conduct exit interviews to gather feedback on cybersecurity practices and identify potential security concerns. Often times, these departing employees will shed light on some of the most sensitive systemic issues with full transparency. Do note though, some of it will be simply blowing steam.
Technical Incident Point of Contact:
Establish clear procedures for responding to security incidents, including a designated point of contact within the HR team for employee documentation and handling purposes. In these emotional occurrences, documentation related to affected persons as well as any needed personnel investigations will be best presented in incident debriefing with clear documentation of dates, times, and clear interpretation of discovered artifacts.
Assist in Investigation:
Provide support to the cybersecurity team by gathering relevant employee information and coordinating interviews if necessary.
Maintain Confidentiality:
Ensure confidentiality throughout investigations to protect the privacy of employees and the integrity of the investigation.
Repeat Offender Discipline:
Handling of employees who progress beyond the highest level of an accountability schedule, such as with phishing testing, will require formal guidance and expectations to improve-documentation. If an acceptable risk tolerance cannot be met, termination will be necessary.