Onboarding the Team

When all paperwork is complete and the new team member is ready to set up their work machine and mobile device for work, the technical team will be responsible for completing all steps in this section. Nobody is exempt from any of the steps in this section, even if the new hire is an expert in information and network security. The company provides a new work machine to all new hires. If the new hire wants to use their own machine, the security team must take the necessary steps to ensure the device is not compromised.

The HR Manager keeps a copy of this checklist, and ensures all steps are complete.

Security 101

Responsible person: New Employee

Device Provisioning

Responsible person: Operations Manager

  • Provision of a new laptop, or set up the personal laptop for work
  • Provision of a new mobile, or set up the personal mobile phone for work
  • Provision of all accessories and equipment required for the work
  • Confirm ownership of SIM Card and the mobile handset

Device Setup

Responsible person: Head of Technology

  • Ensure full-disk encryption is enabled with a strong passphrase
  • Ensure bios settings password is enabled with a strong passphrase
  • Ensure the machine runs a genuine operating system
  • Ensure the machine is free from malware pirated/cracked/nulled software

Operating System Setup

Responsible person: Head of Technology

  • Set screen to lock automatically in 5 minutes or shorter inactivity
  • Set screen to lock automatically when the laptop lid is closed
  • Disable location, camera, and microphone access by default
  • Disable analytics, telemetry, and all virtual assistants like Cortana and Siri
  • Disable all cloud backup services like Dropbox and OneDrive

Network Setup

Responsible person: Head of Technology

  • Ensure a wired connection to the work machine
  • Ensure a separate, secured wireless network used only for work
  • Enable the firewall, and block all incoming connections on all networks
  • Turn off auto-connecting to open wireless networks
  • Ensure automatic updates are enabled in the operating system settings

Browser Setup

Responsible person: Head of Technology

  • Install Mozilla Firefox, set it as the default browser, and enable automatic updates
  • Turn off the built-in password manager & Firefox Sync feature
  • Install the password manager addon for Firefox
  • Install the essential add-ons* to improve the privacy of Firefox

Mobile Device Setup

Responsible person: Head of Technology

  • Perform malware scan of the personal mobile phone
  • Enable automatic update of the operating system
  • Enable automatic updates from the app stores
  • Ensure restricted permissions for existing apps
  • Ensure restricted accessibility settings
  • Turn off telemetry, cloud backups, tracking, and personalized ads

Work Account Setup

Responsible person: Accounts Manager

  • Create the public email address
  • Set up an email client on the work and personal devices
  • Create My Yarsa account, assign it to a dummy group
  • Ensure new, strong passphrase is set, and 2FA is enabled
  • Allow access to required apps, and ensure 2FA is enabled

Third-party Account Setup

Responsible person: Billing Manager

  • Activate Windows OS if needed
  • Purchase one-off tools and services
  • Add to existing subscription seats
  • Subscribe for new services
  • Complete onboarding

Getting Started

Responsible person: Team Lead

  • Join first video call with the team
  • Assign a partner for proper onboarding

*Essential Add-ons for Mozilla Firefox Browser: HTTPS Everywhere, uBlock Origin, DuckDuckGo Privacy Essentials, Password Manager

NOTE: Product and Company names like Mozilla, Firefox, Windows, Cortana, Siri, OneDrive, Dropbox, etc. are trademarks and registered trademarks of their respective owners.

Previous Monitoring and Use of Internet
Next Payments and Benefits
Table of Contents