Cyber Hygiene for New Employees: What to Know from Day One?

Introduction

Cyber hygiene is a set of knowledge and habits that helps everyday computer users make safer decisions when using digital devices and the internet. It’s not just about strong technical skills, but about continuous and ongoing learning. It’s important to start paying attention to cybersecurity from the very first day at work. We’ve put together a clear overview of the key points every new employee should know and consider when starting a new job.

Secure Authentication

A secure password is like a lock on your front door – it protects against unwanted intruders, and the same principle applies to your account. A strong password should meet the following requirements:

• At least 12 characters long (NB! Check your organization’s information security policy – it may vary, but from a security perspective, 12 characters is a minimum). Generally, the longer the password, the better.
• Includes lowercase and uppercase letters, numbers, and special symbols (#%@!).
• Avoids predictable patterns like 12345.
• Does not include personal information like childrens’ or pets’, dates of birth etc., as this information is easily accessible and makes passwords easier to guess.
• Passwords should be unique – not reused across multiple accounts.

Since most people have many accounts they use daily, remembering long and secure passwords can be challenging. The solution is to store your passwords in a password manager. This keeps them protected and accessible from any location. If your company uses a password manager, be sure to use it for your work–related credentials.

Sometimes, even strong passwords can leak through data breaches or phishing attacks. In such cases, attackers may gain access to the victim’s account. To prevent unauthorized access, we recommend enabling multi–factor authentication (MFA). This adds an extra layer of security, requiring two–step verification, such as a fingerprint or a confirmation code sent to your phone. MFA makes it significantly harder for attackers to gain access to your accounts.

Device and Network Usage

To prevent data leaks and unauthorized access to company resources, use only approved devices and software. Personal devices often lack the same security controls and protection as company–secured equipment, making them risky to connect to corporate networks or services.

No one likes others snooping through their computer. An unlocked device essentially gives access to all logged in accounts and possibly sensitive files. Reduce this risk by locking your screen whenever you step away (Win+L for Windows computers, Control + Command + Q for Apple computers). Do this even for a short break or when you’re still in the office.

Finding a reliable internet connection in an unfamiliar place can be tricky. However, when connecting to an unknown Wi–Fi network, it’s important to use a VPN to ensure your connection is encrypted and private. A VPN hides your activity from the local network, securing the connection end to end. Depending on company policy, using mobile data may also be a safer alternative to unknown Wi–Fi.

Daily Cyber Hygiene

Always log out of all devices at the end of the workday. If you’re away for a longer period, locking the screen isn’t enough – it’s best to shut down the device or at least log out. With just the screen locked, background programs may continue to run, potentially making it easier to gain access to your system.

Keeping software up to date is an ongoing task, but it’s vital to maintain secure and efficient systems. You don’t need to interrupt your work every time an update is available, but as a best practice, install all updates within the first day – ideally after the workday ends.

We’ve all probably deleted important work by accident. That’s why it’s essential to store important files in the company’s cloud or backup environment. Saving files to external drives or personal cloud storage without permission removes them from company oversight and compromises their confidentiality. Work–related and personal cloud solutions should remain completely separate.

Cyber Hygiene as a Continuous Learning Process

A newly hired employee is often seen as an easy target by cyber attackers because they’re still unfamiliar with internal procedures and may not recognize suspicious behavior. That’s why it’s important to be cautious with emails from internal contacts like IT support or direct managers. Always verify the identity of the sender through a secondary channel to avoid falling victim to fraud.

Also, find out who to contact in your company if you suspect a cybersecurity incident or believe you’ve fallen victim to a scam. Don’t hesitate to report it – acting quickly can prevent or minimize the impact of an attack. Make sure to participate in internal cybersecurity training sessions to stay informed about the latest threats. Cybersecurity is everyone’s responsibility, and together we can build strong defenses. People are the most important link in the cybersecurity chain!

Conclusion

Strong cybersecurity doesn’t just rely on technical systems – it starts with people, and new employees play a crucial role. That’s why it’s so important to follow best practices for cyber hygiene and build safe habits that help ensure a secure work environment.