An email lands on a Tuesday morning.
It appears to come from the CEO. The name checks out. The wording feels polished. Even the signature seems authentic.
"Hey — can you help me with something quickly? I'm tied up in meetings. I need you to take care of a vendor payment. I'll fill you in later."
The new hire hesitates.
They've only been in the role for four days. They're still learning the workflow, still trying to understand what normal looks like, and they certainly don't want to be the person who challenges the CEO in week one.
So they respond and try to help.
In a matter of minutes, the harm is already underway.
Why the first week is the biggest risk
Each spring, companies welcome a fresh group of hires, many of them recent graduates and summer interns starting their first professional roles. For organizations, it's onboarding season. For attackers, it's prime opportunity.
Keepnet Lab's 2025 New Hires Phishing Susceptibility Report found that CEO impersonation emails are 45% more likely to work on new hires than on experienced staff.
Threat actors don't usually target your most experienced employees. They focus on the people who are still learning the environment, because the early days are full of uncertainty and unfamiliar routines.
A new employee may not know what a typical request looks like. They may not recognize how the CEO normally communicates. They haven't had time to develop instincts or confidence, and criminals exploit that gap.
But the new hire isn't the real issue. The biggest risk isn't someone who's reckless. It's the person who wants to be useful.
If you lead a business, you probably already know exactly who on your team would jump in first.
The real weakness isn't training. It's the setup.
Go back to that employee's first day.
The laptop wasn't ready. Access wasn't fully provisioned. The email account was still being created. They used someone else's login to check something fast. They saved a file to the desktop because the shared drive wasn't available. They pulled up a client number on their personal phone because it was quicker.
None of it felt unsafe. It felt practical. It felt like doing what was necessary to keep the day moving.
Yet during that first week, before the basics are fully in place, important problems quietly stack up. Shared credentials create untracked access, files sit outside backup systems, personal devices handle business data, and nobody has explained what to do when something seems wrong.
The same Keepnet report found that new employees are 44% more susceptible to phishing than tenured staff. That difference isn't about negligence. It's about disorder. When onboarding is messy, security becomes an afterthought. That's exactly the kind of environment a phishing email is designed to enter.
The attack didn't invent the weakness. The first day did.
How to make day one safer
Solving this doesn't mean delivering a long security lecture on day one. It means making sure three essentials are ready before the new hire arrives.
1. Access should be set up, not improvised.
Have the laptop ready, create credentials in advance, and define permissions clearly. No borrowed logins, no temporary fixes, and no "we'll handle that later this week."
2. They should know what normal looks like in your company.
This can be a quick 10-minute conversation. Does the CEO ever email about payments? Does anyone? What should they do if something feels suspicious? This isn't a formal training session; it's practical orientation.
3. They need a safe place to ask questions.
The employee who paused before opening that message probably would have asked for help if they knew where to turn. Many first-week mistakes stay hidden because new hires don't want to seem inexperienced.
Give them a person. Give them a process.
Most security failures don't happen because someone ignores the rules. They happen because no one has taught the rules yet.
Maybe your onboarding is already strong. Maybe your team is small enough that the first few days feel more personal than procedural. But if you've ever watched a new hire improvise through week one — or if you're planning to hire this spring — it's worth having the conversation before that Tuesday email shows up.
Click here or give us a call at 1300 136 420 to schedule your free 15-Minute Discovery Call.
And if you know another business owner who's about to hire, pass this along. The smartest time to secure the door is before anyone tries to open it.
