Today’s cyber threats are evolving faster than ever. And 90% of cyberattacks involve the human element. To protect your organization, your team—especially your new employees—must have the knowledge and skills to recognize these threats.
A well-designed cybersecurity onboarding program can help. When it’s done right, an onboarding program arms employees with the skills to identify and safely respond to suspicious activity and reduce human-targeted threats.
In this blog post, we’ll explore four ways cybercriminals are launching attacks against your employees. And we’ll share the key elements of a cybersecurity onboarding program to help you turn every employee into a cyber defender.
4 key cybersecurity topics for new employees
Whether they’re new hires, existing employees or C-suite leaders, all employees need to recognize that cybersecurity is everyone’s job. Every individual helps contribute to a strong security culture.
These are the four threat areas that your new hires should be trained on:
1. Password security: the first line of defense
Weak passwords make it easy for cybercriminals to gain unauthorized access to systems. New hires should be taught about how to create unique, complex passwords. A good password includes a mix of numbers, letters and special characters. Multifactor authentication (MFA) adds an extra layer of security.
2. Phishing and email scams: recognizing deceptive tactics
Cybercriminals use phishing emails, smishing texts or vishing calls to trick people into sharing sensitive details like passwords or financial information. This can lead to identity theft, financial loss or unauthorized access to company systems. New employees should learn to spot phishing attempts. Warning signs include unexpected requests, urgent language, suspicious links or attachments, odd website addresses and unusual branding.
Beyond phishing, employees should also be aware of business email compromise (BEC) threats. In these attacks, cybercriminals pretend to be executives or coworkers. They may ask for money transfers or confidential data. To stay safe, new hires should always verify suspicious requests by contacting the person directly through official channels.
3. Data privacy and device security: safeguarding sensitive data
New hires should be taught the essentials of data privacy, device security and safe online habits. Start by familiarizing them with company policies for protecting sensitive data. Make sure they know why it’s important to use company-approved software and remind them to keep their devices locked when not in use. Also, report a lost or stolen device to IT right away.
Cloud and internet security is also critical. Employees should learn to be cautious when they're accessing websites and cloud platforms. Avoid using public or unprotected Wi-Fi networks. And before entering sensitive information online, always check for “https://” and the padlock icon to ensure the site is secure.
4. Emerging threats: the new frontier of cyberattacks
Threat actors are aggressively evolving their attack tactics to exploit collaboration tools like Teams and Slack. AI-driven attacks—like deepfakes, fake websites and branded phishing—are being used to further deceive users. And generative AI (GenAI) helps bad actors impersonate people and brands.
Sophisticated and highly convincing attacks can manipulate people into behaving in unsafe ways, like clicking malicious links, sharing personal information or transferring funds. To be successful, security awareness programs must be agile and teach users about today’s sophisticated and evolving threats. This ensures that they’re prepared for the targeted attacks that they’re likely to face.
Incident reporting best practices
It’s important to clearly explain what a cyber incident is, such as unusual network activity or unauthorized access attempts. Encourage new employees to report any suspicious activity to the IT or security team immediately. This should be done through the proper channels, like email or your internal ticketing system.
Make sure employees understand and follow company policies so that your security team can respond quickly and effectively. After an incident, employees should review what happened so that they can learn from the experience and improve their cybersecurity awareness.
Prepare new hires to be cyber defenders
When it comes to keeping your organization safe, new hires need to know that what they do matters. Security awareness training isn’t just for onboarding, it should be ongoing. A proactive approach ensures that everyone plays a role in protecting your organization and building your security culture. Over time, this strengthens your cybersecurity posture.
Learn how Proofpoint enables your security awareness program
Proofpoint ZenGuide™ is a security awareness and behavior change solution that empowers organizations with continuous, practical education that transforms employee behavior. It helps organizations reduce security incidents related to risky behaviors, improves employee engagement and fosters a security-minded culture.
Engage your workforce through automated, risk-based learning and our adaptive human risk approach. ZenGuide enables lean security teams to easily develop, maintain and scale personalized education and targeted interventions. It fosters more effective changes in employee behaviors and cultural attitudes, which can help to reduce human risk.
Join our webinar
Sign up for our upcoming webinar. We’ll explore the latest cyberattack tactics, discuss the importance of adding another layer of protection for users, and give you practical strategies for helping your workforce recognize and respond to targeted threats. Plus, you’ll learn the key elements of an effective cybersecurity onboarding experience to set up your new employees up for success.
March 25, 2025
13:00 BST / 14:00 CET / 17:00 GST
