The email shows up on a Tuesday morning.
It looks like it is from the head of school or principal. The name matches, the tone sounds right, and even the signature looks familiar.
“Hey, can you help me with something quickly? I am in back to back meetings. I need you to handle a vendor payment. I will explain later.”
The new staff member pauses. They have only been at the school for a few days and are still learning how things work. They do not know what is normal yet, and they definitely do not want to be the person questioning leadership during their first week.
So they go ahead and help.
And just like that, the damage is done.
Why the First Week Is the Most Dangerous Week
Every year schools bring in new employees. Teachers, administrative staff, assistants, and sometimes interns all stepping into unfamiliar environments. For school leadership it is onboarding season. For attackers it is opportunity.
According to Keepnet Lab’s 2025 New Hires Phishing Susceptibility Report, CEO impersonation emails are 45 percent more likely to succeed with new hires than with experienced employees.
Attackers rarely target the most experienced people first. They target the individuals who are still learning the ropes, because during those early days everything is unfamiliar and nothing feels certain. A new staff member does not yet know what a typical request looks like, how leadership normally communicates, or when something feels unusual.
Cybercriminals take advantage of that uncertainty.
But here is the important part. The new employee is not the problem. The most dangerous employee is not the careless one. It is the person trying to be helpful. If you lead a school, you probably already know who on your team would respond first.
The Real Gap Is Not Training. It Is the System
Think back to a typical first day at a school.
A teacher’s laptop may not be fully configured yet. Access to certain systems may still be pending. Email accounts are still being created. Someone borrows another login to check something quickly, a file gets saved locally because the shared drive is not available yet, or a personal phone gets used to look up information because it is faster.
None of this feels risky in the moment. It feels like being resourceful and solving problems.
But during that first week, before everything is fully organized, a few important things can quietly happen. Shared credentials create accounts that nobody tracks. Files end up outside the school’s backup systems. Personal devices interact with school data. And most importantly, no one has explained what to do if something feels suspicious.
The same Keepnet report found that new employees are 44 percent more susceptible to phishing than tenured staff. That gap is not caused by carelessness. It is caused by chaos.
When onboarding is chaotic, security becomes optional. That is exactly the environment a phishing email is hoping to find. The attack did not create the vulnerability. The first week did.
What a Prepared First Day Looks Like
Fixing this does not require a long cybersecurity presentation on day one. It requires three simple things to be ready before the new employee walks through the door.
First, their access should already be configured rather than improvised. Their laptop should be ready, credentials should already exist, and permissions should be clearly defined. No borrowed logins, no temporary workarounds, and no “we will sort that out later this week.”
Second, they should understand what a normal request looks like at your school. This can be a quick ten minute conversation. Does the principal ever email staff asking for payments? Does anyone handle financial requests through email? What should they do if something feels unusual? This is not formal training. It is simply orientation.
Third, they should have a clear place to ask questions. The employee who hesitated before responding to that email probably would have asked someone if they knew who to ask. Most first week mistakes happen quietly because new hires do not want to look inexperienced.
Give them a person. Give them a process.
Most security mistakes do not happen when someone ignores the rules. They happen when someone does not know the rules yet.
A Conversation Worth Having
Maybe your school’s onboarding process is already structured and secure. Maybe your team is small enough that new staff members naturally learn from the people around them.
But if you have ever had a new hire improvising their way through their first week, or if your school plans to bring on new staff soon, this is a conversation worth having before that Tuesday email ever arrives.
At IT for Education, we work with schools across Florida to help leadership teams build technology environments that are secure, reliable, and easy for educators to navigate.
If you would like a second set of eyes on your school’s onboarding and cybersecurity process, we would be happy to talk. You can schedule a quick discovery call with our team to see how other schools are strengthening their systems without adding complexity to their day. Contact us at 305-403-7582
And if you know another school leader preparing to hire this year, feel free to share this article with them. The best time to close that door is before anyone walks through it.
