When you hire someone new, do you think about how secure your business really is?
Most business owners focus on the basics, getting the new starter set up with a laptop, email account, and access to the right systems. Maybe a quick intro to the team.
But here’s what often gets missed: those first few months are one of the most dangerous times for your business’s cyber security.
And it often goes completely under the radar.
New research has revealed a worrying truth: 71% of new hires fall for phishing or social engineering attacks within their first 90 days.
That means cyber criminals are actively targeting your newest employees, and too often, they succeed.
Why? Because starting a new job means learning new systems, following new processes, and wanting to make a good impression. That eagerness to get things right can easily be exploited.
Attackers know this. They send cleverly written emails that look like they come from a manager, HR, or tech support. The message might ask the new hire to:
Update details on a fake HR portal
Approve a “time-sensitive” invoice
Share login credentials or personal information
Because your new employee doesn’t yet know what’s normal or who’s who, they’re much more likely to take the bait.
In fact, new employees are 44% more likely to click on phishing links and 45% more likely to be fooled by emails impersonating executives compared to experienced staff.
That’s not just a small gap. It’s a major vulnerability. And it means your business is at its weakest point right when you’re welcoming someone new.
Cyber criminals count on this window of opportunity. One wrong click can compromise your systems, expose sensitive data, or even bring down your operations.
The best way to reduce the risk is to make cyber awareness part of your onboarding process from day one.
Don’t wait until your new hire settles in. Those early days are when they need guidance the most.
Here’s how to strengthen your defences:
Run a cyber induction session: Teach new staff how to spot suspicious messages and what to do if something looks off.
Use realistic simulations: Phishing tests can help employees recognise real-world tactics safely.
Provide clear reporting steps: Make sure everyone knows how and where to report a potential scam.
Refresh training regularly: Cyber threats evolve, so keep awareness active across the team.
The results speak for themselves. Businesses that provide tailored awareness training for new starters see up to a 30% drop in phishing risk after onboarding.
That’s proof that a small investment upfront pays off in long-term protection.
Good security software and firewalls are essential, but they can’t stop human error. Your people are your first line of defence.
And right now, your newest people might also be your weakest link unless you empower them with the knowledge and confidence to protect your business from day one.
My team and I can help you build an onboarding process that strengthens security from the start.
Get in touch and let’s make sure your newest hires don’t become your biggest risk.
