Hiring Hackers? Protect Your Company Before Day One
(Chapter 2 – Human Resources Security)
Most security risks don’t come through the firewall. Some actually walk in the front door with a freshly printed employee badge, waiving a laptop request.
Chapter 2 of the VDA ISA 6.0.3 catalog covers Human Resources Security. Its core purpose is making sure your organization won’t hand or leave access to your systems to the wrong person.
What TISAX® is looking for:
- Identity checks
- Security responsibilities defined before someone is hired
- Background checks – when the role justifies it
- Onboarding training that covers real risks, not just HR formalities
- User agreements and NDAs signed before access is granted
- No systems access until onboarding is complete
- Access immediately revoked when someone leaves
Where it usually breaks down:
- “We’ll get to training later, just give them access so they can start.”
- HR and IT don’t talk – one thinks onboarding is done, the other doesn’t.
- NDAs aren’t tracked or stored.
- Former employees still show up in the email system or Active Directory.
- No one owns the process – it just kind of happens.
What to fix:
- Build an onboarding checklist. Use it.
- Tie system access to completion of that checklist.
- Make sure HR, IT, and department leads are on the same page – literally.
- For offboarding: pull access fast, and document that it’s done.
If you only do one thing:
Pick your last three hires and exits.
Check if they still have access, if the NDA is signed, and whether training actually happened.
If you find gaps – and you will – don’t patch them. Fix the process.
Next up:
Episode 4 – “Goodbye Doesn’t Mean Good Riddance”
We’ll dig into why offboarding is one of the biggest blind spots in security – and how to fix it before it turns into a problem.
