Fast-growing companies know firsthand how challenging recruitment can be. HR teams are intensely focused on how they can attract and secure top talent in a highly competitive environment. As you race to get ahead in the hiring game, it’s important not to overlook the critical steps needed to maintain the company culture you’ve worked so hard to create. If you’re committed to a culture of security to address the increasing cyber threats we all face, don’t forget to bring that into your recruitment efforts.
Building a culture of security in your organization begins as early as recruitment. Embedding security-first thinking into your hiring process demonstrates the priority it has to potential employees. Waiting to bring this value to light until after the hire is complete misses an opportunity to establish a strong foundation from the beginning. Begin with a review of your candidate engagement process, identifying stages that could incorporate elements of your security culture and creating structures to make that part of the standard going forward.
As you evaluate areas of the process for improvement, consider these factors as effective starting points.
Articulate the vision
During the interview process, most companies today include a focus on culture fit. This is a natural time to share how security is embedded in the vision and values of the organization. Providing details on how security-first thinking is actually implemented in daily tasks shows the importance given to cybersecurity at the highest level. Additionally, it’s an opportunity to test for alignment of values by asking questions around how the candidate manages certain scenarios, such as their password hygiene practices or typical habits with public Wi-Fi usage. Relating to this common value from the beginning leads to greater success for sustaining it over the long run.
Rethink the resume
Finding top talent that is also a strong culture fit may mean thinking differently. You might bring some of your best staff on board by not limiting your options to those with a traditional background. A McAfee report on Hacking the Skills Shortage indicated that only 23% of cybersecurity professionals believe an IT degree adequately prepares students for a role in the industry.
No matter what your industry, look into alternate measures of experience and aptitude for different roles to expand your candidate pool.If you are in cybersecurity, consider identifying your next superstar based on their skill as a gamer. Looking at current cybersecurity employees, nearly half are estimated to be frequent or experienced video gamers, which tends to indicate that they will have top skills such as:
- An understanding of how to approach adversaries
- A fresh outlook compared to traditional hires
Plan for a distributed workforce
The workplace has changed over the years, with more companies moving to accommodate distributed workforces. A Gallup survey in 2017 showed 43% of employed Americans have spent some time working remotely. While this is a boon for workers, it’s a potential headache for IT teams conscious of the vulnerabilities this could open to cyberattacks. Getting ahead of this should happen during the onboarding process. While IT will manage security measures for systems and equipment used remotely, HR can be a good partner by providing training to support their efforts. Standardize onboarding procedures to account for the need to educate new staff on the risks of data theft and fraud and arm them with approved practices for protection.
Applying security-first thinking before your new hire even starts will help build an organizational culture of security from the ground up.
Steps for Building a Culture of Security Through Recruiting and Hiring
Security-first thinking isn’t just for IT teams. HR has a responsibility to establish and maintain a corporate culture of security with all employees. By implementing a few key changes in the recruitment and hiring process, long-term impact can begin on day one.
Follow us to stay updated on all things McAfee and on top of the latest consumer and mobile security threats.