top of page
  • Writer's picturevitormaleite

Security Onboarding: The Gateway to Security Policies in the Company

Updated: May 5

This week, I had the pleasure of conducting another onboarding session for new employees who recently joined the company. It was the management of this onboarding that inspired me to write about their importance for companies.

I believe that most companies have their onboarding processes established, but not always are topics related to information security considered. This is the point I want to emphasize—they should be.

New employees are arriving excited, fresh, without any preconceived notions about the new work environment. Thus, in addition to what is typically covered in onboarding, this is also a great opportunity to introduce them to the company's security policies. One policy that deserves special attention at this moment is the Acceptable Use Policy.

By making the Acceptable Use Policy the foundation of the onboarding presentation, employees will understand from the start what is allowed and what is not when dealing with the company's assets on a day-to-day basis. Therefore, key topics that must be addressed include:

  • Responsibilities: concerning safe attitudes and behaviors that everyone should adopt and responsibilities regarding the information that everyone has access to, whether it belongs to the company or clients (Intellectual Property Rights | Ethics);

  • Use of corporate machines and cell phones: emphasizing how these assets can and should be used;

  • Communication Channels: specifying the permitted means of daily communication, such as Meet, Teams, Zoom, etc.;

  • Storage Media: declaring which storage media are authorized. If the company uses corporate Google Drive, other means like OneDrive, Dropbox, and the like are not allowed;

  • Information Classification: considering what we covered in this article;

  • Appropriate Internet Use: highlighting precautions in browsing, distinguishing between reliable and unreliable sources, and specifying what topics are allowed or not to be accessed;

  • Best Practices in Password Usage: how passwords should be created, the criteria involved, and how they should be stored.

Certainly, newcomers may make mistakes—this is natural for humans. However, to keep them vigilant, it is the responsibility of the security team to regularly conduct awareness campaigns on these and other topics. After all, onboarding was just the gateway to these security topics.

Source: cover photo by Sigmund na Unsplash

3 views0 comments

Recent Posts

See All


bottom of page