When you bring someone new onboard, do you think how it may affect your security posture?
Most business owners focus on helping the new starter settle in and making sure they have what they need. Things like a laptop, email account, access to the appropriate systems, and a quick intro to the team.
But the first few months that the new employee is with the organisation can be one of the highest risk times for the business’ cyber security.
And it’s often overlooked by many.
Research shows that 71% of new hires fall for phishing or social engineering attacks within the first 90 days on the job.
Cyber criminals know this and actively target the newest members on the team. And they do so, because they often succeed.
How does this happen?
Those who start in a new role are keen to make a good impression. They don’t know all the processes yet but are eager to follow instructions and do the right thing.
Cyber criminals prey on their uncertainty and try trick them with well written emails that look like they’re from the boss, HR, or even the tech team.
These scams my ask the new employee to verify their details on a fake HR portal. Or it may be a fake invoice that needs urgent action. Sometimes it may be a request for sensitive information, or a quick favour from senior management.
They know the new team member is unfamiliar with all the procedures and relevant staff, so they are more likely to fall for it. And the stats show that new employees are 44% more likely to action these scams, compared to their colleagues who have been there for a while.
They’re some alarming stats that show how vulnerable a business can be when onboarding new staff.
So…what can you do about it?
The first thing is to recognise that cyber security training should not be delayed until the new hire has ‘settled in’. The early days are the most crucial times for training and guidance on how to spot phishing emails, and the process of escalation when something seems off.
The same report shows that businesses that recognize this and address it seriously, see real results. Those that offer tailored security awareness training with realistic simulations for their new staff saw a 30% reduction in phishing risk. That’s a big difference.
It goes without saying, that security software and firewalls are still essential. But your people are the first line of defence.
And, without the appropriate training and knowledge, your new people may be your weakest link.
If you’d like help setting up simple, effective cyber security training for your new starters, or want to talk about improving your cyber security overall, we’re happy to help.
Leave a comment!