Security Risk
When you hire someone new, do you consider how secure your business truly is?
Most business owners focus on making sure their new starter has what they need. You know, a laptop, email account, access to the right systems… maybe a quick intro to the team.
But those first few months of a new employee’s journey are one of the most dangerous times for your business’s cybersecurity.
And it often flies completely under the radar.
New research has revealed a worrying truth. Nearly three-quarters of new hires (71% to be precise) fall for phishing or social engineering attacks within their first 90 days on the job.
That means cybercriminals are actively targeting your newest team members. And too often, they succeed.
Why is this happening?
Well, think about how it feels to start a new job. You’re trying to make a good impression. You don’t know all the processes yet. You’re keen to follow instructions and do the right thing.
Cybercriminals know this. They capitalize on that uncertainty with cleverly written emails or messages that appear to come from the boss, HR, or even tech support.
These scams might ask your new hire to update their details on a fake HR portal. Or they might send a bogus invoice that looks urgent. Sometimes it’s as simple as an email pretending to be from a senior manager, asking for sensitive information or for a quick favor.
Because that new employee hasn’t yet learned who’s who and what’s normal, they’re much more likely to fall for it. In fact, new employees are 44% more likely to click on these traps than colleagues who’ve been around a while.
It’s not just theory. The stats back it up. When attackers pose as company executives, new starters are 45% more likely to be fooled than experienced staff.
That’s a big gap, and it shows just how vulnerable your business can be during the onboarding period.
So… what can you do about it?
The key is to recognize that cybersecurity training shouldn’t wait until your new hire has “settled in”. Those early days are precisely when they need clear guidance on identifying phishing emails, understanding how cybercriminals operate, and knowing what to do if something seems suspicious.
Businesses that take this seriously see real results. The same report found that companies offering tailored security awareness training and running realistic simulations for new staff saw their phishing risk drop by 30% after onboarding. That’s a massive difference. It shows that a bit of extra effort at the start pays off.
Of course, tools like good security software and firewalls are still essential. But on their own, they’re not enough. People are your first line of defense.
And right now, your newest people might be your weakest link. Unless you provide them with the tools and knowledge to help protect your business from the outset.