When onboarding a new employee, do you take into account the potential implications for your organisation’s cybersecurity?
For many business leaders, the immediate priority is ensuring the new hire is equipped with the necessary resources to begin their role such as a laptop, email account, system access and an introduction to the team.
However, the early stages of employment often present a heightened risk to your organisation’s cybersecurity posture.
Recent research highlights a concerning reality: nearly three-quarters of new employees (71%) become victims of phishing or social engineering attacks within their first 90 days. This indicates that cybercriminals are intentionally targeting new hires, with alarming success.
Why does this occur?
The onboarding period is characterised by enthusiasm, a desire to make a strong impression and a lack of familiarity with internal systems and protocols. Cybercriminals exploit this vulnerability by sending deceptive communications designed to appear as though they come from trusted sources such as senior executives, Human Resources or IT.
These attacks may take the form of fraudulent HR portals requesting personal information, urgent payment instructions or messages impersonating senior managers requesting sensitive data. As new employees are still unfamiliar with communication patterns and standard practices, they are significantly more likely to fall victim to these scams. In fact, they are 44% more likely to engage with phishing attempts than longer-tenured colleagues and 45% more likely to be deceived by impersonation attacks involving company executives.
How can organisations mitigate this risk?
It is critical that cybersecurity training is delivered from the outset, rather than delayed until employees have settled into their roles. The first days of employment are when clear, practical guidance is most effective, helping new hires identify phishing attempts, understand common tactics used by cybercriminals and know how to escalate concerns.
Organisations that adopt this proactive approach see measurable improvements. According to the same research, businesses that provide tailored security awareness training and conduct realistic phishing simulations during onboarding reduce phishing risk by 30%.
Of course, technical safeguards such as antivirus software, firewalls, zero trust policies and managed EDR (Endpoint Detection & Response) remain essential. However, they are not sufficient on their own. Employees, particularly those who are newly hired, represent the first and most important line of defence.
Without timely training and support, new employees may represent the most vulnerable point in your cybersecurity defences. With the right preparation, however, they can quickly become an integral part of your organisation’s resilience.
If you would like to explore practical strategies for strengthening cybersecurity training during the onboarding process, or to discuss measures for enhancing your broader security posture, we would be pleased to assist.
Posted in: News, Services. Tagged:
Can we help?
Contact usIf you have enjoyed reading this article and want to know more about Bluecube, please get in touch. Our friendly team will be happy to answer any queries.
