Secure networks begin at staff induction day

Company inductions are usually a whistle-stop affair. The new joiner will normally meet and greet everyone, bar the cleaner, and...

Company inductions are usually a whistle-stop affair. The new joiner will normally meet and greet everyone, bar the cleaner, and get given an "all-you-need-to-know" explanation on health and safety do's and don'ts in the office. Interspersed with the occasional fire drill and first aid course, most employees have a basic grasp of what to do to prevent or deal with an accident in the workplace.

In the same breath, could it be said that new joiners have the faintest clue about the part they can play in avoiding infecting the network with downloadable Internet files or dubiously titled e-mail attachments? I think you will find that the answer is a resounding "no".

When you stop and think about it, how much additional effort would it take for someone to spend five minutes with a new employee to explain that all Internet content entering, circulating and leaving a building contains a risk? In my opinion basic security tips must be regarded as a central part of the staff induction process. Yes, I know the perennial "let's make IT part of the business" argument springs to mind, but this is not about a campaign that needs to be pored over at board level, but simply an area that needs to be bundled into the induction day.

Findings from the latest survey by Web filtering software company SurfControl reveal that 75% of workers from all walks of life have never received any type of training on how to use e-mail and the Internet to minimise threats to the company network. Putting this figure into context, the entire business community would be up in arms if three-quarters of the UK's workforce admitted to having never been taught by their employer not to share their passwords with friends and colleagues.

Whether you are from an IT or business background, this figure should make for worrying reading and the induction day is the perfect vehicle to start educating employees about what they can and cannot do. While almost every company has one form of anti-virus software or another, I know of cases where the Bugbear virus circumvented MS Outlook simply because staff were accessing their free e-mail accounts.

With some uniform parameters set for new and existing staff this could and would have been avoided. No doubt when the IT manager eventually identified the entry point for the infection, the response was probably, "I didn't know that" or "Nobody told us that". Think about how many times you have heard this muttered and suddenly the 75% survey finding really does show that the majority of workers are in the dark.

The IT department, in conjunction with human resources, needs to take a stand and champion best practice tips to be included in any induction programme.

IT security is a complex technological challenge, but employees need to understand the steps they can take to minimise the growing number of virus and bandwidth threats that come with Internet and e-mail use in the workplace.

Another benefit to including IT security in the induction programme is that suddenly the IT department is elevated from the status of a team in the back room to professionals that have immediate visibility with the company's employees. Rather than new joiners thinking the IT department is full of faceless entities, they can now get a better grasp on the importance of good IT housekeeping and appreciate that IT staff do a great deal more than just coming to their rescue when their PC crashes.

I believe that getting this subject on the table for discussion would be a leap forward. It is not going to stop every Internet and e-mail network problem, but if one employee realises it is a bad move to open up an e-mail attachment that looks and feels suspect then it is a step in the right direction for the organisation as a whole.

And in case you think this is a problem that does not need attention and things will never change, the survey revealed that 84% of IT professionals admitted to having never received training on how to use the Internet and e-mail to avoid security problems.

Steve Purdham is chief executive of SurfControl

Read more on Network software