When you bring someone new into the business, your first thought is usually about getting them set up to succeed.
A laptop, email account, access to the right systems, and an introduction to the team.
But what often gets overlooked is the risk that comes with those early days.
Research shows nearly three quarters of new starters (71%) fall victim to phishing or social engineering attacks within their first 90 days. That means cyber criminals are actively targeting your newest people, and too often they succeed.
Why does this happen?
Think about how it feels to start a new job. You want to make a good impression. You don’t know all the processes yet. You are eager to follow instructions and do the right thing.
Attackers know this. They take advantage by sending convincing emails or messages that appear to come from the boss, HR, or even IT support.
A fake HR portal asking for personal details
An urgent invoice that looks legitimate
A spoofed email from a senior manager asking for sensitive information
Because your new starter has not yet learned who is who or what “normal” looks like, they are more likely to get caught out.
In fact, new employees are 44% more likely to click on these scams than long-standing colleagues. And when attackers pose as company executives, new hires are 45% more likely to believe them.
That is a significant gap and it shows how vulnerable your business can be during the onboarding stage.
What can you do about it?
The answer is simple. Do not wait until new hires have “settled in” before giving them cyber security training. Those first few days and weeks are when they need it most.
Training should cover how to spot phishing emails, what social engineering looks like, and how to respond if something feels suspicious.
Businesses that provide tailored awareness training and run phishing simulations during onboarding see real results. The risk of falling for a phishing attack drops by around 30%. That is a big win for a small investment of time and effort.
Of course, security software and firewalls still matter. But your people are the first line of defence. Right now, your newest employees could also be your weakest link, unless you give them the tools and confidence to protect your business from day one.
If you would like to set up simple and effective cyber security training for new starters, or want to strengthen your business security overall, we are here to help. Get in touch.
