Blog

New Hire, New Security Risk

New Hire, New Cyber Risk: Are Michigan Firms Overlooking This Hidden Threat?

October 06, 20253 min read

When you welcome a new team member, do you think about cybersecurity or just HR checklists?
Most Michigan business owners focus on the basics: laptop setup, email access, software logins, and a quick office tour.

But here’s the uncomfortable truth:
🛑 Your newest employee is also your newest security risk.


Why Are New Hires So Vulnerable to Cyber Attacks?

Did you know 71% of new hires fall for phishing or social engineering attacks within their first 90 days?
That’s not an exaggeration that’s straight from the latest research on workplace cyber behavior.

Think about it.
When someone starts a new job, they’re eager to impress. They don’t yet know who’s who or what’s “normal.” They’re trying to do the right thing. And cybercriminals love that uncertainty.

Here’s how they take advantage:

  • An email “from HR” asking them to verify login details.

  • A fake “invoice” marked urgent.

  • A “quick request” from someone posing as the managing partner.

To a new hire, all of that looks legitimate.
And because they’re still learning the ropes, they’re 44% more likely to click something they shouldn’t.

New Hires are a Cyber Security Risk


What’s Really at Stake for Michigan Firms?

For accounting, legal, and medical practices in Michigan, this isn’t just a tech problem it’s a trust and compliance problem.
One wrong click could expose client financials, patient data, or confidential case files.

That’s why insurers, auditors, and even clients are now asking tougher questions:

  • “Do you train new staff on cybersecurity before they gain access to client data?”

  • “Do you run phishing simulations as part of onboarding?”

  • “How quickly can you identify and respond to a social engineering attempt?”

If you can’t confidently answer “yes,” you’ve got a gap to close.


When Should Cybersecurity Training Start?

Right away.
Cyber awareness shouldn’t wait until after onboarding it should start with it.

Businesses that provide security awareness training in those first few weeks reduce phishing risk by up to 30%, according to industry data.
That’s real protection for your clients, your revenue, and your reputation.


How Can Small Firms Keep It Simple?

You don’t need an enterprise-sized budget to build smarter defenses.
Start with three simple moves:

  1. Include cybersecurity in onboarding. Make it part of your welcome process.

  2. Run short phishing simulations. Teach staff to spot red flags before it’s real.

  3. Create a clear “if something looks off” policy. Encourage employees to pause and verify.

Then, reinforce it with good tech, firewalls, email filtering, and monitoring, to back up your people.


Why It Matters Now

Michigan firms are already under pressure from insurers, clients, and compliance frameworks like CIS Controls v8.1 and NIST CSF 2.0.
Strengthening your “people layer” is one of the simplest ways to protect your business and meet those standards without overcomplicating IT.


🎥 Watch the full video:
Your newest hire could also be your biggest cyber risk

We break down how attackers target new employees—and what Michigan SMBs can do about it.

If you’d like help building a cybersecurity onboarding plan that fits your business, let’s talk.
Big Water Technologies — Keep IT Simple.

#MichiganBusiness#CyberSecurity#BigWaterTech#KeepITSimple#SmarterBusiness
John Lowery is the CEO of BigWater Technologies, where he leads with a passion for innovation and excellence in delivering advanced IT solutions. With over two decades of experience in the tech industry, John specializes in strategic planning, operational efficiency, and driving customer success.

John Lowery

John Lowery is the CEO of BigWater Technologies, where he leads with a passion for innovation and excellence in delivering advanced IT solutions. With over two decades of experience in the tech industry, John specializes in strategic planning, operational efficiency, and driving customer success.

Back to Blog

Ready For A No-Nonsense Approach To IT?

  1. Hire us to set your IT strategy up for sustainable success.

  2. Learn about our proven No-Nonsense approach.

  3. Get an IT roadmap designed specifically for you.

  4. Fearlessly grow your business.

Get in Touch with us!

Call us at (248) 220-7714 or or fill out the form below.

Featured Posts

New Hire, New Security Risk

New Hire, New Cyber Risk: Are Michigan Firms Overlooking This Hidden Threat?

October 06, 20253 min read

When you welcome a new team member, do you think about cybersecurity or just HR checklists?
Most Michigan business owners focus on the basics: laptop setup, email access, software logins, and a quick office tour.

But here’s the uncomfortable truth:
🛑 Your newest employee is also your newest security risk.


Why Are New Hires So Vulnerable to Cyber Attacks?

Did you know 71% of new hires fall for phishing or social engineering attacks within their first 90 days?
That’s not an exaggeration that’s straight from the latest research on workplace cyber behavior.

Think about it.
When someone starts a new job, they’re eager to impress. They don’t yet know who’s who or what’s “normal.” They’re trying to do the right thing. And cybercriminals love that uncertainty.

Here’s how they take advantage:

  • An email “from HR” asking them to verify login details.

  • A fake “invoice” marked urgent.

  • A “quick request” from someone posing as the managing partner.

To a new hire, all of that looks legitimate.
And because they’re still learning the ropes, they’re 44% more likely to click something they shouldn’t.

New Hires are a Cyber Security Risk


What’s Really at Stake for Michigan Firms?

For accounting, legal, and medical practices in Michigan, this isn’t just a tech problem it’s a trust and compliance problem.
One wrong click could expose client financials, patient data, or confidential case files.

That’s why insurers, auditors, and even clients are now asking tougher questions:

  • “Do you train new staff on cybersecurity before they gain access to client data?”

  • “Do you run phishing simulations as part of onboarding?”

  • “How quickly can you identify and respond to a social engineering attempt?”

If you can’t confidently answer “yes,” you’ve got a gap to close.


When Should Cybersecurity Training Start?

Right away.
Cyber awareness shouldn’t wait until after onboarding it should start with it.

Businesses that provide security awareness training in those first few weeks reduce phishing risk by up to 30%, according to industry data.
That’s real protection for your clients, your revenue, and your reputation.


How Can Small Firms Keep It Simple?

You don’t need an enterprise-sized budget to build smarter defenses.
Start with three simple moves:

  1. Include cybersecurity in onboarding. Make it part of your welcome process.

  2. Run short phishing simulations. Teach staff to spot red flags before it’s real.

  3. Create a clear “if something looks off” policy. Encourage employees to pause and verify.

Then, reinforce it with good tech, firewalls, email filtering, and monitoring, to back up your people.


Why It Matters Now

Michigan firms are already under pressure from insurers, clients, and compliance frameworks like CIS Controls v8.1 and NIST CSF 2.0.
Strengthening your “people layer” is one of the simplest ways to protect your business and meet those standards without overcomplicating IT.


🎥 Watch the full video:
Your newest hire could also be your biggest cyber risk

We break down how attackers target new employees—and what Michigan SMBs can do about it.

If you’d like help building a cybersecurity onboarding plan that fits your business, let’s talk.
Big Water Technologies — Keep IT Simple.

#MichiganBusiness#CyberSecurity#BigWaterTech#KeepITSimple#SmarterBusiness
John Lowery is the CEO of BigWater Technologies, where he leads with a passion for innovation and excellence in delivering advanced IT solutions. With over two decades of experience in the tech industry, John specializes in strategic planning, operational efficiency, and driving customer success.

John Lowery

John Lowery is the CEO of BigWater Technologies, where he leads with a passion for innovation and excellence in delivering advanced IT solutions. With over two decades of experience in the tech industry, John specializes in strategic planning, operational efficiency, and driving customer success.

Back to Blog

Enroll in Our Email Course

Learn How a No-Nonsense IT Strategy Benefits Your ComBullet listpany:
  • Strategies to allocate your IT budget efficiently

  • Enhance cybersecurity defenses on a bButtonudget

  • Ensure your technology investments continue to serve your business as it grows