I have some webpages on my website that I don't want everyone to be able to see, but myself (as admin) and my employees will work on them, if I Deny General Public permissions on them will that work? Is that the correct thing to do?

You should never Deny General Public Permissions!

General Public is everyone - whether they are logged in or not. It includes you before you've logged into your website, as well as you after you've logged in. Because you're included in this if you denied General Public permission to do something then you (even though you're admin!) also would not be able to do it yourself!

The best practice is to just leave General Public unset or remove the General Public permission record if you don't want non-logged in users to see something.

However, also remember that you probably want one general public landing page for you and your employees to be able to log into your system. You can set this webpage to be the homepage on your website globe object.