New member of staff… new security risk?

New member of staff… new security risk?

When you hire someone new, do you think about how secure your business really is?

Most business owners focus on making sure their new starter has what they need. You know, a laptop, email account, access to the right systems… maybe a quick intro to the team.

But those first few months of a new employee’s journey are one of the most dangerous times for your business’s cyber security.

And it often flies completely under the radar.

New research has revealed a worrying truth. Nearly three-quarters of new hires (71% to be precise) fall for phishing or social engineering attacks within their first 90 days on the job.

That means cyber criminals are actively targeting your newest team members. And too often, they succeed.

Why is this happening?

Well, think about how it feels to start a new job. You’re trying to make a good impression. You don’t know all the processes yet. You’re keen to follow instructions and do the right thing.

Cyber criminals know this. They take advantage of that uncertainty with cleverly written emails or messages that look like they come from the boss, HR, or even tech support.

These scams might ask your new hire to update their details on a fake HR portal. Or they might send a bogus invoice that looks urgent. Sometimes it’s as simple as an email pretending to be from a senior manager, asking for sensitive information or for a quick favour.

Because that new employee hasn’t yet learned who’s who and what’s normal, they’re much more likely to fall for it. In fact, new employees are 44% more likely to click on these traps than colleagues who’ve been around a while.

It’s not just theory. The stats back it up. When attackers pose as company executives, new starters are 45% more likely to be fooled than experienced staff.

That’s a big gap, and it shows just how vulnerable your business can be during the onboarding period.

So… what can you do about it?

The key is to recognise that cyber security training shouldn’t wait until your new hire has “settled in”. Those early days are exactly when they need clear guidance on spotting phishing emails, understanding how cyber criminals operate, and knowing what to do if something seems off.

Businesses that take this seriously see real results. The same report found that companies offering tailored security awareness training and running realistic simulations for new staff saw their phishing risk drop by 30% after onboarding. That’s a massive difference. It shows that a bit of extra effort at the start pays off.

Of course, tools like good security software and firewalls are still essential. But on their own, they’re not enough. People are your first line of defence.

And right now, your newest people might just be your weakest link. Unless you give them the tools and knowledge to help protect your business from day one.

If you’d like help setting up simple, effective cyber security training for new starters, or want to talk about making your business more secure overall, we can help. Get in touch.  

May I take this opportunity in thanking you for your prompt action in dealing with our hardware problem last week. We were in jeopardy of not being able to pay some clients employees at the end of last month and although we needed to work additional hours we fulfilled our deadlines on time.
Infinity Business Solutions - a company aptly named! They always provide solutions, they're always business like and offer no end of help and advice. It gives us great confidence to know that Infinity are on board.
I just wanted to say thank you for all the hard work put in supporting our systems It is really appreciated that you are on the ball  and I really feel that we can rely on Infinity when it counts.
The staff at Infinity are always cheerful, courteous & helpful and pretty much resolve problems first time. Nothing is ever too much problem and they even are prepared to help outside of hours when urgent help is needed. Keep up the good work...and don't lose the personal touch!
Infinity understand that down time is the most important issue and do all they can to ensure that our staff have minimal down time when experiencing problems.
Infinity understand that down time is the most important issue and do all they can to ensure that our staff have minimal down time when experiencing problems.
You don’t know how good it is not having SPAM arriving every 3 minutes! I’ve received no SPAM since 4pm yesterday ... nothing in my Inbox, Junk Mail folder or caught by the SPAM controls within Exchange. Perfect!
Having benefitted from Infinity’s support since 2013, we remain impressed with their technical ability and focused approach to keeping our IT systems updated and working as they should. After using a larger IT support company we chose Infinity because of their size, with them being big enough to cope, but small enough to care. We made the right choice - the quality of their service has always been excellent, and we’ve come to regard them as part of the team.
Unfortunately our business suffered a ransomware attack however thanks to Infinity’s support we were able to get by with minimal downtime. Rob and the team worked tirelessly throughout Friday and Monday and over the weekend to ensure we weren’t left negatively affected by the event. We were very glad for the great back ups and systems that we had invested in thanks to Infinity’s past recommendations.