When you welcome a new team member, you’re probably focused on making sure they have everything they need – a laptop, an email account, access to the right systems, and a warm introduction to the team.
But there’s one crucial thing many businesses overlook during onboarding: cyber security.
Those first few weeks of a new employee’s journey can be one of the riskiest times for your business’s data security – and cyber criminals know it.
The Hidden Risk of the Onboarding Period
According to recent research, nearly three-quarters of new hires (71%) fall for phishing or social engineering attacks within their first 90 days.
That’s an alarming statistic – and it tells us that attackers are deliberately targeting your newest people.
Why? Because starting a new job comes with a unique mix of uncertainty and eagerness. New employees are still learning who’s who, how things work, and what looks “normal”. They want to make a good impression, follow instructions, and get things right – and cyber criminals exploit that mindset.
How Attackers Target New Employees
Modern phishing attacks are no longer riddled with spelling mistakes or obviously fake links. They’re cleverly crafted to mimic legitimate communication.
A new hire might receive an email that appears to come from HR asking them to “verify their employee details” on a fake portal. Or a message that looks like it’s from the IT team requesting a password reset. Sometimes it’s a senior manager urgently asking for an invoice to be paid or confidential data to be shared.
Because the employee hasn’t yet learned what’s typical in your organisation, they’re 44% more likely to click on a malicious link or follow a fraudulent request than established staff.
And when an attacker pretends to be a company executive, new hires are 45% more likely to be fooled. That’s a significant vulnerability – and it often goes unnoticed until it’s too late.
For examples of common phishing tactics, the National Cyber Security Centre (NCSC) provides a helpful guide on recognising and reporting suspicious emails.
Why Cyber Security Training Can’t Wait
Many businesses make the mistake of waiting until new employees are “settled in” before introducing security training. But those early days are precisely when they need it most.
A strong onboarding cyber security programme should include:
- Awareness training — explaining phishing, ransomware, and common scams.
- Practical examples — showing what suspicious emails or messages look like.
- Clear reporting procedures — making it easy for staff to ask questions or raise concerns.
- Simulated phishing exercises — helping employees recognise threats in a realistic, safe way.
The data supports this approach: businesses that deliver targeted cyber security training and run phishing simulations for new hires see their phishing risk drop by up to 30% after onboarding.
For detailed advice, the NCSC’s 10 Steps to Cyber Security framework is an excellent starting point.
People Are Your First Line of Defence
Technology plays a vital role – tools like email filters, antivirus software, and firewalls all strengthen your defences. But no system is fool proof. Human error remains the single biggest factor in most breaches.
That’s why it’s essential to empower your people, especially new starters, to act as your first line of defence. With the right guidance and culture, your newest employees can quickly become one of your greatest security assets.
If you don’t already have a structured security onboarding process, it’s time to build one. The Information Commissioner’s Office (ICO) also offers resources to help ensure your business meets its data protection obligations.
Strengthen Your Cyber Security from Day One
Your newest team members don’t have to be your weakest link. With a proactive approach to onboarding, clear communication, and regular awareness training, you can turn potential vulnerabilities into lasting strengths.
If you’d like support setting up effective cyber security training for new starters – or want to strengthen your organisation’s overall protection – we can help.
Get in touch today to start building a more secure future for your business.
