Security Training for New Hires
Assign interactive security exercises automatically when a new employee joins, with a 30-day completion deadline and manager visibility. Every hire produces an audit-ready evidence record before the probation period ends.
Onboarding Is the Highest-Leverage Window for Security Habits
New hires arrive with fresh email addresses, fresh credentials, and zero context for which messages are real. Verizon DBIR data shows the first 90 days of employment carry a measurably higher click-through rate on phishing tests. Whatever security habits a hire forms in their first month tend to stick for years.
Most onboarding programs still rely on a 45-minute slide deck buried inside a learning management system. Completion gets tracked, but behavior rarely changes, and the evidence package that auditors want often sits in three different tools. New hires want to start contributing, not click through static slides.
RansomLeak runs onboarding security training as a sequence of interactive 3D simulations triggered automatically by the HRIS event. Assignments land in the new hire mailbox on day one, completion is tracked per employee, and managers see a single-screen view of who finished what. The full sequence ships an audit-ready evidence package per hire.
How It Works
Connect your HRIS
RansomLeak integrates with Workday, BambooHR, Rippling, ADP, and SuccessFactors via SCIM or webhook. New-hire records sync automatically, including start date, manager, department, and location.
Auto-trigger the assignment on hire date
A welcome email lands in the new hire mailbox on day one with a secure link to their assigned exercises. No manual enrollment by IT or HR. The default curriculum covers phishing, password hygiene, MFA setup, social engineering, and acceptable-use acknowledgement.
Set a 30-day completion deadline
The platform sends progress reminders at day 7, 14, and 21. Default deadline is 30 days from start date, with optional 60 or 90-day windows for shift-based or part-time populations. Non-completers escalate to the assigned manager and to HR ops.
Give managers visibility, not homework
Each manager sees a single dashboard listing direct reports, completion status, and time-to-complete. No spreadsheet exports, no manual chasing. Managers can nudge a single hire with one click.
Capture knowledge check and acknowledgement
After exercises complete, the hire takes a short scenario-based knowledge check and signs the acceptable-use policy electronically. The signed acknowledgement, completion record, and quiz score export as a PDF evidence packet attached to the employee file.
What You Get
100% completion within 30 days
Customers running the default onboarding flow report 95-100% completion before day 30, compared to 60-75% for manual LMS assignments. The HRIS trigger plus automated reminders removes the chase.
Per-hire audit evidence package
Every new employee file gets a PDF evidence packet with completion timestamps, exercise scores, signed acceptable-use policy, and the iconography of every scenario practiced. Ready for SOC 2 CC1.4, HIPAA § 164.308(a)(5), and ISO 27001 A.7.2.2 reviews.
Baseline phishing-detection rate per hire
A short live-fire phishing simulation at the end of the sequence establishes a per-hire detection baseline. The same metric repeats in the annual refresh, giving you a clear behavior-change number for board reporting.
Signed acceptable-use acknowledgement
The platform serves your acceptable-use policy or one of the standard templates, captures an electronic signature with timestamp and IP, and stores the artifact in the employee record. Pulls into HRIS via webhook on completion.
Manager visibility without spreadsheets
Managers see real-time completion for their direct reports, and IT ops sees the same data rolled up by department. Non-completer escalation runs on a fixed schedule rather than ad-hoc nagging.
Featured Exercises for New Hires
The exercise sequence we recommend for this use case, pulled from the 100+ catalogue.
Phishing Email Detection
New hires get probed early. The exercise teaches the four-step verification habit before a real attacker tests it.
Read the guidePassword Manager Habits
Day-one fundamentals: how to enroll the corporate password manager, generate strong unique passwords, and avoid reuse from personal accounts.
Read the guideMFA Setup Best Practices
Walks the hire through enrolling authenticator apps, FIDO2 keys, and recovery codes correctly the first time.
Read the guideSocial Engineering Defense
Covers pretexting, impersonation, and the reflex to verify out-of-band before sharing access. New hires are common pretexting targets.
Read the guideEmployee Security Responsibilities
Sets clear expectations on what every employee is accountable for: incident reporting, device hygiene, and acceptable-use boundaries.
Read the guideData Classification Basics
Teaches the company taxonomy (public, internal, confidential, restricted) and the right handling rule for each tier.
Read the guideThreats this use case covers
Read the pillar guide for each attack type and the exercises that train against it.
Frequently Asked Questions
How long does the onboarding security training take to complete?
Which HRIS systems does RansomLeak integrate with?
Can we customize the exercise mix for different roles?
What happens if a new hire does not complete on time?
Does the program produce audit evidence per employee?
Can managers see completion status for their direct reports?
How does this fit with our existing LMS?
References
Primary sources cited above.
- SP 800-50 Rev. 1: Building a Cybersecurity and Privacy Learning Program — NIST
- New Employee Onboarding Guide — SHRM (Society for Human Resource Management)
- ISO/IEC 27001:2022 — Information security management systems (Annex A 6.1 Screening, A 6.3 Awareness, education and training) — ISO
- HIPAA Security Rule — Security Awareness and Training (45 CFR § 164.308(a)(5)) — U.S. Department of Health and Human Services (HHS)
- 2024 SANS Security Awareness Report — SANS Institute
- Cybersecurity Workforce Training Guide — CISA (Cybersecurity and Infrastructure Security Agency)
- Cybersecurity Education & Career Development — CISA
Related Reading
See RansomLeak in Action
Try the free exercises or book a demo to see analytics, SCORM export, SSO, and custom content in your environment.