When onboarding a new team member, most business leaders focus on logistics—providing a laptop, setting up email access, granting system permissions, and introducing them to the team. However, the initial weeks of employment are also one of the most vulnerable periods for your organization’s cybersecurity.
This risk is often overlooked.
Recent research reveals a concerning trend: 71% of new hires fall victim to phishing or social engineering attacks within their first 90 days. Cybercriminals are actively targeting new employees, and too often, they succeed.
Why is this happening?
Starting a new job can be overwhelming. Employees are eager to make a good impression, unfamiliar with internal processes, and more likely to follow instructions without question. Threat actors exploit this uncertainty by crafting deceptive messages that appear to come from trusted sources such as HR, IT support, or senior leadership.
These scams may prompt new hires to update personal information on fraudulent portals, respond to fake invoices, or share sensitive data in response to seemingly legitimate requests. Because new employees are still learning the organization’s norms and personnel, they are significantly more susceptible to these tactics.
In fact, new employees are 44% more likely to engage with phishing attempts than their more experienced colleagues. When attackers impersonate company executives, new hires are 45% more likely to be deceived.
This gap highlights a critical vulnerability during the onboarding process.
What can be done?
Cybersecurity training should begin on day one. Early education on identifying phishing attempts, understanding common attack methods, and knowing how to respond to suspicious activity is essential.
Organizations that prioritize early-stage security awareness see measurable improvements. The same study found that companies implementing tailored training and realistic simulations for new staff reduced phishing risk by 30% post-onboarding.
While technical safeguards such as firewalls and antivirus software remain important, they are not sufficient on their own. Employees are the first line of defense—and new employees may be the weakest link unless they are equipped with the right tools and knowledge from the start.
If your organization is looking to implement effective cybersecurity training for new hires or enhance overall security practices, we’re here to help. Contact us to learn more.
