Welcome! Sign here, here, here .... and here
Information security should be an integral part of every employee’s time with the organization, from their first day to their last. Most organizations put newcomers through some sort of ‘welcome aboard’ rite-of-passage not long after they join although the details vary markedly. For some it is a full immersion course lasting one or more more agonizing days, for others it’s little more than a quick chat with someone from HR and off you jolly well go. Neither approach is ideal for everyone because we are all different, but it seems tailoring orientation sessions to suit the newcomers is beyond the capabilities of man.
The fundamental purpose of induction or orientation training is to bring new employees quickly up to a basic level of understanding regarding their new work environment. With respect to information security, the accepted wisdom in many organizations is that new recruits must be informed in particular about their information security obligations laid out in various laws, regulations and policies. These are of course Very Important Things, therefore the information should be put across in a very formal and stilted manner, apparently, complete with the rigmarole of our intrepid newcomers signing numerous pieces of paper to acknowledge receipt of said obligations.
Given our unique approach to awareness, you won’t be surprised to discover that we prefer something a bit different. We see a newcomer’s first days on site as a clean-slate opportunity for us (Information Security) to tell them a little about what makes us tick, and to find out just a bit about them (our new colleague). Most of all, we’d like to initiate a productive, mutually beneficial relationship that will last, we hope, for a good long time. Given our overall aim to establish a corporate culture of security, we know there is more to this than forcing newcomers to sign a few forms and heed the implied warnings about keeping in line. The orientation/induction sessions are our first chance to start explaining to newcomers what information security is about, why it is necessary, what it involves, and how everyone plays a part ... and at the same time an opportunity to discover their preconceptions, their needs, even their hopes and dreams.
At the root of it all, we see our fellow employees not as "our biggest security challenge", Jack, but as partners and allies who are, on the whole, fighting our corner. Opening the dialog, exploring common ground and building a trusted relationship will, we believe, make a huge difference in the long run - and it starts right there and then on day one.