COVID-19 has not only changed the way we live, but it has also forced many changes to be made to standard business processes.
The HR department especially has been forced to confront challenges to hiring, offboarding, and contracting activities. As companies in multiple jurisdictions continue to look for advice from state and federal authorities on COVID-19 safe work plans, we will look at some security considerations from a physical security as well as cyber security perspective.
The challenge of virtual onboarding
The days of a coffee meeting with new hires during an interview, or on day one of the new job seem distant. Some of the challenges that recruiters and managers experience in the current virtual era include interviewing new employees, onboarding, working, and even team-building activities.
As the new employees complete their three-or six-month tenure, their performance review is also likely to be virtual. Many new employees may have never even met a co-worker in person or even stepped foot into the office.
Apart from the obvious challenges that working remotely can bring, a less obvious, but equally important factor is ensuring that new employees have the opportunity for a thorough induction, which includes training in the information security processes and policies. HR and Security teams must work collaboratively for an effective outcome in this area.
Tips for navigating the new onboarding process
- Do not skip on background or police checks. Now more than ever, you need to ensure the person you are interviewing online is legitimate. Does the person have the skills, qualifications and experience listed in his/her resume?
- Implement an ongoing training and education program for all your employees. Some roles such as system administrators or developers will need specific and ongoing training. One-off training and education sessions will not suffice in this “new normal.”
- Communicate the incident response process to employees at regular intervals through a newsletter or highlight the process on a common visible place like the Intranet homepage. Make sure all employees feel supported – especially in this remote working arrangement.
Additional measures include communicating VPN protocols, secure Wi-Fi considerations, and using multifactor authentication wherever possible. More cyber security tips for working from home are available here.
What do if you’re a job seeker
Individuals looking for jobs should also be aware that not all roles advertised are legitimate. Scammers use fake job ads to trick people into sending them money or personal information.
- Never transfer money or send bank account details to potential employers when applying for jobs online
- Never send a copy of your driver’s license or passport at the online application stage
- Check the recruiter’s or hiring manager’s contact details. If you are unsure whether a call or email is genuine, verify the identity of the person contacting you through an independent source, such as a phone book or online search.
Other Considerations for HR and Security Teams
The move towards remote working is here to stay for the foreseeable future. This means that the relationship between HR professionals and security teams has to be collaborative to meet the needs of a company from a physical and cyber security perspective.
- Ask your security team to review and advise on best practices for tools and applications usage. While new tools may help with productivity, it’s important that they are assessed from a risk perspective before being downloaded on devices.
- Review and revoke system access for employees on a periodic basis by implementing the policy of least privilege. Employees only require access and permissions to do their jobs, and this should be explained in the security induction during onboarding.
Managing operational, architectural and technological access controls was a challenge before COVID-19. Now health controls such as social distancing, temperature screening, and personal protective equipment (PPE) checks have added an entirely new element to maintaining proper access controls in office buildings.
- Access control systems will be even more important when a return to office in batches commences. Access control restricts entrance to secure areas of a property, building, room, file cabinet, drawer, or other areas containing sensitive information, assets or data. They also monitor usage of certain spaces.
- For employees who were made redundant from their job or had left the company during the lockdown, check that their physical swipe passes are appropriately wiped if your company doesn't have an automated solution to manage access control.
- Remind employees of the process for visitors or contractors attending the premises; it’s mandatory to sign in and provide identification.
Melissa Misuraca is Vice President, Cyber Risk at Kroll and Simon Ashenden is Associate Managing Director, Security Risk Management at Kroll