Looking to improve staff engagement in information security?

Learn some onboarding lessons from marketers

The marketing department can teach us a lot about onboarding. Whilst they work hard to ensure a user’s first impression leads to engagement, the same objective should be considered by an employer during the HR onboarding process.

Creating the right first impression for new staff is crucial for employers. In the words of Michel Falcon, an employee experience expert, “It’s not enough to simply say, “we have a full time trainer, that’s the experience.” …..”a successful employee onboarding experience is what your employee feels, sees and hears after they have been hired. Similar to how a company will map out and design their customer experience, you must do the same for your employees”.

Of course, the benefits of happy and engaged employees are numerous but it is particularly relevant in today’s environment of ever-increasing exposure to cyber threats and information security breaches. I’ve talked much in previous blogs about the threats to information security posed by poorly informed employees, those disengaged or, worse still, employees with a grudge! The stats speak for themselves with a 2015 Government report that shows the alarming cost and scale of data breaches and just how many (75% of large organisations suffered staff related security breaches in 2015) are associated with the ‘human factor’.

It’s little wonder, therefore, that ISO 27001:2013 places great emphasis on information security awareness, communication and training and, why any successful information security management system (ISMS) should include a comprehensive HR onboarding plan that includes it.

So how do you design a good employee onboarding plan?

Information security is just one element of onboarding that will be more easily absorbed by ‘engaged’ staff and we could do worse than learn from our marketing colleagues about how to build engagement.

Tell your story

Any marketer worth their salt will tell you the heart of a great user onboarding experience is a story. A story of how their lives will change for the better in adopting your product.

Do the same for your employees. Yes, sell your organisation, celebrate what makes it great. It’s your opportunity to remind new staff you only recruit the best. Make them feel valued and special.

Start with making sure all new employees understand your culture and ethos, why you do what you do and why your policies and procedures are in place.

At Alliantist, our mission is “to make the world a better place by equipping people to get their work done well”. We have a strong heritage in information security, placing it at the heart of everything we do and constantly reinforcing our commitment to our ISO 27001:2013 policies and procedures.

We celebrate working in a paperless environment, with our own software making it easier to get our work done more efficiently. In reality, what that means is a culture of focus and efficiency. We plan, we get organised and, as such, we have very few of those last minute panics that are so often associated with a ‘working late’ culture.

So, as an employer, demonstrate that those who understand, adopt and reinforce your values are more likely to succeed. Show them what success looks like. Yes, you too could enjoy seeing your kids mid-week evenings (or not as the case may be!), relaxed in the knowledge that your work life is under control.

Your aim is to have happy employees that are proud to be part of your firm and are committed to its success. Those that are will be more likely to consider the impact of their actions on that all important area of information security.

Meet expectations

A good marketer knows that the first interaction post ‘sale’ needs to match the user’s expectation. And so it is for employees. Your interview experience told your story, now reinforce that story and make sure the reality matches.

In our example, the tool we use to achieve a paperless working environment is instrumental in making us more organised, more effective and less stressed. For that reason, an early introduction to pam, the software platform behind ISMS.Online, is fundamental to demonstrate how every employee works on a day-to-day basis, as well as how we use it to manage our ISO 27001:2013 policies and controls.

We use the pre-built frameworks within ISMS.Online to build our individual employee onboarding plans as projects. That way, on day one, we can introduce new staff to their plan and show a structured process with document linking to all the key company information such as mission statement, organogram, CSR policy, and, of course, the relevant ISO 27001:2013 policies.

Help users (employees) win

Marketers keep in mind that no customer buys a product to read long manuals; everyone wants to use it right away. What makes your new iPhone purchase such a joy? You plug it in and it just works!

So don’t overwhelm your new employees with endless reading material on their first day. No-one, other than a masochist, wants to be locked in a room and forced to read a folder of policies and procedures, however important information security is to the organisation.

Cyber security Report

Better to emphasise verbally the key elements and rules, get their IT access securely set-up and point them to the relevant policies to read, accept and acknowledge as understood, within an acceptable timescale. This is so much more time-efficient. A smart employee will use down-time to read and digest important business policies whilst maximising the time with colleagues to get them up and running in the job quickly and efficiently.

The beauty of our ISMS.Online system is that it is a complete online environment for ISO 27001:2013, and any other compliance, and that it is accessible remotely and securely, 24/7.

The onboarding framework is used to set-up group members with responsibilities in the onboarding plan plus the deliverables and key activities, with tasks and timescales assigned.  The new recruit is given access, on a need-to-know basis, to the ISO policies relevant to their job role. Easy document linking saves paper and time and it means that the line manager, or anyone you choose to have visibility within the plan, can see at a glance what has been done and what is left outstanding.

Any questions can be raised as a discussion or ‘note’ against the specific activity, which proves great for learning what elements may or may not be creating a problem for employees.

Don’t overlook the copy

From a marketing perspective, we are often asked to consider, “If your product was a person, would you enjoy talking to him/her?”. In other words, is your written communication consistent with your brand and presented in an engaging manner to your defined audience.

It’s no different for HR onboarding and it’s another good reason why our onboarding framework is so useful. It enables you to prioritise the communications, delivering them in bite-size pieces to be digested, where appropriate, to fit the employee’s own schedule but within your defined timescale.

Remember the Peak-End rule

The Peak-End rule  was first formulated in 1993 by social research. It states that most people remember their experiences by the climax event, and how the experience ended.

If you have emphasised your commitment to a thorough onboarding plan, then do not let it drift! If you don’t demonstrate the importance of completing the plan on time then your employees could, quite rightly, interpret its content as not worthy of attention.

Information security relies on everyone in the organisation having fully read the relevant policies and understood and committed to upholding them. That’s why ISMS.Online is so key to our success. Our onboarding is treated like any other project and allows us to monitor its progress. It also enables us to assign a ‘sign-off’ level once we are are assured the initial ‘project’ is complete.

After all, a marketer would insist on encouraging confirmation message once a transaction is complete. How great for employer and employee to see, at a glance, that all elements of the onboarding process have been 100% completed satisfactorily and on time!

And finally, of course, the end is just the beginning! Onboarding is only one phase of the HR lifecycle. Thankfully, ISMS.Online supports the whole process with all the same tools and frameworks that are needed for onboarding available to support continuous development and training right through to exit.

It’s just one of the reasons our own UKAS certified auditor was so impressed with our ISO 27001:2013 implementation.

If you’d like to discover the other reasons, or see for yourself how ISMS.Online can be used for successful HR onboarding and much more, contact us today for a discussion or to book your demo.

ISMS Online Rating: 5 out of 5
Share This