New Employee Account Security Checklist: Protect Your Company from Day One
A complete security checklist for new employees setting up work accounts. From passwords to 2FA to access permissions — start your new job the secure way.
New Employee Account Security Checklist: Protect Your Company from Day One
Starting a new job is exciting. You get your laptop, set up your email, gain access to Slack, project management tools, cloud storage, and a dozen other services. But in the rush to get productive, security often takes a back seat — and that's exactly what attackers count on.
New employees are prime targets. You don't know the company's communication patterns yet, you're eager to please, and you're setting up multiple accounts in rapid succession. A single weak password or missed security setting can become the entry point for a major breach.
The First-Day Security Setup
1. Change Every Temporary Password Immediately
Your IT department hands you a temporary password for email, VPN, and internal tools. Change them all. Right now. Not "after lunch." Not "tomorrow."
| Do | Don't |
|---|---|
| Use 12+ character unique passwords | Reuse your personal passwords |
| Use a password manager (1Password, Bitwarden) | Write passwords on sticky notes |
| Create different passwords per service | Use one password for everything |
| Include letters, numbers, and symbols | Use your name or birthday |
2. Enable Two-Factor Authentication Everywhere
Every service that supports 2FA should have it turned on — email, Slack, GitHub, cloud storage, HR portals. Use an authenticator app (Google Authenticator, Authy) rather than SMS, which is vulnerable to SIM-swapping attacks.
3. Lock Your Devices
- Laptop: Lock your screen every time you step away (
Win+Lon Windows,Ctrl+Cmd+Qon Mac) - Work phone: Enable biometric authentication + a 6-digit PIN
- Auto-lock: Set to 5 minutes or less
Receiving Credentials During Handover
When a departing colleague shares account access with you, it often happens over iMessage or Messenger — convenient but insecure. Chat messages persist, can be screenshot, and may be backed up to cloud services you don't control.
The secure way to handle account handover:
- Create new accounts with transferred permissions whenever possible
- When password sharing is unavoidable, use LOCK.PUB to send credentials via an encrypted, self-destructing memo
- Change the password immediately after receiving it
- Revoke the previous employee's access right away
5 Common Security Mistakes New Employees Make
Mistake 1: Forwarding Work Files to Personal Email
"I'll just finish this at home" — and now confidential documents live permanently in your personal Gmail. Always use company-approved file sharing tools.
Mistake 2: Connecting to Public Wi-Fi Without VPN
Working from a coffee shop? Always use your company VPN. Public Wi-Fi networks are easy to intercept.
Mistake 3: Saving Passwords in the Browser
Chrome's "Save password?" prompt is tempting. On shared or company devices, always decline. Use a dedicated password manager instead.
Mistake 4: Keeping a Former Employee's Credentials
It's shockingly common: the previous person left, and you're still using their unchanged login. Change the password, terminate all active sessions, and set up your own credentials.
Mistake 5: Falling for Phishing Emails
New employees don't know what legitimate internal emails look like yet. "URGENT: Reset your password now" messages are how attackers get in. When in doubt, verify with IT directly — don't click the link.
For Managers: Onboarding Security Checklist
Security isn't just the new hire's responsibility. Managers should ensure:
- Apply least-privilege access (only the systems they actually need)
- Use secure channels for sharing temporary credentials
- Confirm security training completion
- Set up remote wipe capability on company devices
- Document the offboarding process for account deactivation
When sharing credentials with new team members, use LOCK.PUB to create password-protected memos that disappear after being read — much safer than sending passwords over Messenger or email.
New Employee Security Setup Summary
| Task | Done? |
|---|---|
| Changed all temporary passwords | ☐ |
| Set 12+ character unique passwords | ☐ |
| Enabled 2FA on all services | ☐ |
| Configured device auto-lock | ☐ |
| Installed and configured VPN | ☐ |
| Set up a password manager | ☐ |
| Completed phishing awareness training | ☐ |
| Revoked former employee access | ☐ |
Wrapping Up
Whether it's your first job or your fifth, cybersecurity at a new company starts on day one. Every skipped setting is an open door. Take 30 minutes to go through this checklist — your future self (and your IT team) will thank you.
Need to share sensitive login credentials with a colleague? Use LOCK.PUB to create password-protected, encrypted links and memos. Starting with good security habits on day one is what separates professionals from amateurs.
Keywords
You might also like
Slack Connect Security Risks: What You Need to Know About External Sharing
Slack Connect lets you collaborate with external partners, but it comes with serious security risks. Learn how to protect sensitive data when using shared channels.
How to Protect Employee Data on HR & Payroll SaaS Platforms
HR and payroll platforms like BambooHR, Gusto, and Workday store sensitive employee data. Learn the risks and how to share this information securely.
Employee Onboarding Security Checklist: A Complete Guide for IT Teams
A comprehensive security checklist for onboarding new employees. Covers account provisioning, password policies, 2FA setup, security training, and access control.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free