When someone joins your business, your first thought is usually practical:
- Do they have a laptop?
- Have they got an email address?
- Can they access the systems they’ll need?
That’s all important. But there’s something many leaders don’t consider: how exposed the business becomes to cyber threats during those first few weeks.
Research has shown a surprising trend—71% of new employees are caught out by phishing or social engineering attempts within their first 90 days. In other words, criminals are deliberately targeting your latest recruits… and more often than not, they succeed.
Why are new starters such easy targets?
Starting a new role can feel overwhelming. You’re eager to get things right, but you don’t yet know the processes, the people, or the culture. That makes new hires more likely to trust emails and messages that look like they come from managers, HR, or IT.
Attackers exploit this uncertainty. They might:
- Send a fake HR portal link asking for personal details.
- Issue a realistic-looking but fraudulent invoice.
- Pretend to be a senior leader requesting sensitive data or a “quick favour”.
Because new staff can’t always tell what’s normal, they’re far more likely to be duped. In fact, they’re 44% more likely to click on phishing attempts than long-standing employees, and 45% more likely to trust a message posing as an executive.
What can you do to lower the risk?
The answer isn’t complicated: make cyber awareness part of onboarding from day one. Don’t wait until new hires “settle in”. The early days are exactly when they need to know how to spot suspicious messages, what red flags to look for, and who to ask if something doesn’t feel right.
Companies that provide tailored security training and phishing simulations during onboarding have seen phishing risks drop by 30%. That’s a huge improvement, and it comes simply from preparing people properly.
Of course, you still need strong security software, firewalls, and monitoring. But technology only goes so far. Your employees are the true first line of defence—and your newest ones need the right tools and knowledge from the moment they join.
Final thought
Your latest hire could either be your weakest link or a strong part of your defence. The difference comes down to how well you prepare them.
If you’d like to put effective security training in place for new starters—or strengthen your wider defences—we’d be happy to help.
