Business cyber safety: Life cycle of an employee

December 29, 2016 - Tags: Managing

This guest blog post is provided by Public Safety Canada which leads Get Cyber Safe, a national public awareness campaign about Internet security and online safety.

Hiring a new employee should feel like New Year's Day: a fresh start, full of promise and potential. Some resolutions may become new healthy habits. But once the food is eaten, the dishes are done, and the party favours are stored away for another 12 months, most people generally fall back into old routines.

The same can be said for employees, who start out full of energy and ideas. Some become so fully entrenched into the company, they become indispensable. Others come in bringing innovation and new vision, then leave to pursue new opportunities elsewhere.

It's important to keep cyber safety in mind throughout the life cycle of an employee.

  • When looking to hire a new person, it is recommended you perform background checks for all new employees. References alone are not always sufficient given the potential for fraud through social engineering.
  • Publish and enforce an employee security policy that defines what rules apply to employees and what discipline is applicable in the event of a security incident where an employee is at fault.
  • Implement a security awareness program outlining your company's security policies as well as known cyber threats. Keep all employees regularly updated on any changes to policies, threats and security measures. Invite employees to acknowledge that they understand their security-related responsibilities.
  • Be clear about how non-competition, non-disclosure, intellectual property rules and contractual obligations apply in the context of your business's cyber security. For example, you may want to tell new employees that emails to competitors are not allowed without prior approval.
  • When an employee's responsibilities change in the company, adjust data and remote access privileges. Access should only extend to the applications, information and services that are required for work to be performed. All employees authorized to have remote access privileges should be required to sign a simple Remote Access Agreement to indicate that they understand the associated rules and responsibilities.
  • Clearly state and enforce the consequences of security lapses especially where employees may have ignored or broken rules or caused harm to your business.
  • Unfortunately, there have been many cases of former employees accessing internal networks and stealing data or planting malware. When an employee or contractor is terminated or departs, it is a good idea to ensure their accounts are closed quickly. If not, the open account can be exploited by the departing employee or by hackers. As well, ensure that business property such as laptops, keys and access badges are returned when they leave.

A new employee, just like the right New Year's resolution, can bring the revitalization and prosperity your business needs. Taking precautions simply ensures that your business remains safe and healthy.


Posted by Lee on January 11, 2017
Great article. As businesses become more and more reliant on technology so too does their reliance on the employees to 'do the right thing'. It's not enough these days to simply assume they will know the do's and don'ts of IT compliance. A detailed set of procedures and user control (security) is at the very least required.
A good training regime as well as a thorough understanding of the ramifications of non-compliance should also be a baseline requirement.
I have worked for many IT companies and some of the procedures I have seen are shocking to say the least.
Again thanks for the article, it was a very well laid out interesting read.
Posted by Mario on January 4, 2017
Date modified: