Skip to main content

Navigation

Catalogue

Security Awareness Privacy & Compliance AI & LLM Security Real-World Incidents

By Industry

Healthcare Financial Services Government Manufacturing Retail & E-commerce Education Legal Services SaaS & Technology Managed Service Providers Non-Profit

By Use Case

Employee Onboarding Annual Compliance Cyber Insurance Readiness Audit Evidence Prep Remote Workforce Contractor & Vendor Breach Response Rehearsal M&A Due Diligence LMS Migration Board-Level Reporting

Threat Library

Phishing Ransomware Deepfake Social Engineering Business Email Compromise AI Prompt Injection

Product

Features SCORM FAQ

Resources

Blog Glossary CISO Guide Compliance Mapping Free Exercises Product Data Sheet

Company

About Us Partnerships Vendor Comparisons Contact

Legal

Security & Compliance Privacy Policy Terms of Service
English Українська
Book a Demo
Onboarding

Security Training for New Hires

Assign interactive security exercises automatically when a new employee joins, with a 30-day completion deadline and manager visibility. Every hire produces an audit-ready evidence record before the probation period ends.

By Last reviewed

Onboarding Is the Highest-Leverage Window for Security Habits

New hires arrive with fresh email addresses, fresh credentials, and zero context for which messages are real. Verizon DBIR data shows the first 90 days of employment carry a measurably higher click-through rate on phishing tests. Whatever security habits a hire forms in their first month tend to stick for years.

Most onboarding programs still rely on a 45-minute slide deck buried inside a learning management system. Completion gets tracked, but behavior rarely changes, and the evidence package that auditors want often sits in three different tools. New hires want to start contributing, not click through static slides.

RansomLeak runs onboarding security training as a sequence of interactive 3D simulations triggered automatically by the HRIS event. Assignments land in the new hire mailbox on day one, completion is tracked per employee, and managers see a single-screen view of who finished what. The full sequence ships an audit-ready evidence package per hire.

How It Works

1

Connect your HRIS

RansomLeak integrates with Workday, BambooHR, Rippling, ADP, and SuccessFactors via SCIM or webhook. New-hire records sync automatically, including start date, manager, department, and location.

2

Auto-trigger the assignment on hire date

A welcome email lands in the new hire mailbox on day one with a secure link to their assigned exercises. No manual enrollment by IT or HR. The default curriculum covers phishing, password hygiene, MFA setup, social engineering, and acceptable-use acknowledgement.

3

Set a 30-day completion deadline

The platform sends progress reminders at day 7, 14, and 21. Default deadline is 30 days from start date, with optional 60 or 90-day windows for shift-based or part-time populations. Non-completers escalate to the assigned manager and to HR ops.

4

Give managers visibility, not homework

Each manager sees a single dashboard listing direct reports, completion status, and time-to-complete. No spreadsheet exports, no manual chasing. Managers can nudge a single hire with one click.

5

Capture knowledge check and acknowledgement

After exercises complete, the hire takes a short scenario-based knowledge check and signs the acceptable-use policy electronically. The signed acknowledgement, completion record, and quiz score export as a PDF evidence packet attached to the employee file.

What You Get

100% completion within 30 days

Customers running the default onboarding flow report 95-100% completion before day 30, compared to 60-75% for manual LMS assignments. The HRIS trigger plus automated reminders removes the chase.

Per-hire audit evidence package

Every new employee file gets a PDF evidence packet with completion timestamps, exercise scores, signed acceptable-use policy, and the iconography of every scenario practiced. Ready for SOC 2 CC1.4, HIPAA § 164.308(a)(5), and ISO 27001 A.7.2.2 reviews.

Baseline phishing-detection rate per hire

A short live-fire phishing simulation at the end of the sequence establishes a per-hire detection baseline. The same metric repeats in the annual refresh, giving you a clear behavior-change number for board reporting.

Signed acceptable-use acknowledgement

The platform serves your acceptable-use policy or one of the standard templates, captures an electronic signature with timestamp and IP, and stores the artifact in the employee record. Pulls into HRIS via webhook on completion.

Manager visibility without spreadsheets

Managers see real-time completion for their direct reports, and IT ops sees the same data rolled up by department. Non-completer escalation runs on a fixed schedule rather than ad-hoc nagging.

Featured Exercises for New Hires

The exercise sequence we recommend for this use case, pulled from the 100+ catalogue.

Phishing Email Detection

New hires get probed early. The exercise teaches the four-step verification habit before a real attacker tests it.

Try the exercise

Password Manager Habits

Day-one fundamentals: how to enroll the corporate password manager, generate strong unique passwords, and avoid reuse from personal accounts.

Try the exercise

MFA Setup Best Practices

Walks the hire through enrolling authenticator apps, FIDO2 keys, and recovery codes correctly the first time.

Try the exercise

Social Engineering Defense

Covers pretexting, impersonation, and the reflex to verify out-of-band before sharing access. New hires are common pretexting targets.

Try the exercise

Employee Security Responsibilities

Sets clear expectations on what every employee is accountable for: incident reporting, device hygiene, and acceptable-use boundaries.

Try the exercise

Data Classification Basics

Teaches the company taxonomy (public, internal, confidential, restricted) and the right handling rule for each tier.

Try the exercise
See the full 100+ exercise catalogue

Threats this use case covers

Read the pillar guide for each attack type and the exercises that train against it.

Phishing

Social Engineering

What Is Employee Onboarding Security Training?

Employee onboarding security training is the structured set of security awareness exercises every new hire completes within their first 30 to 90 days. It establishes baseline behaviors for phishing detection, credential hygiene, MFA setup, social engineering defense, and incident reporting. Auditors expect proof that every employee with system access completed the training before getting credentials, mapped to controls like SOC 2 CC1.4, HIPAA § 164.308(a)(5), and ISO 27001 A.7.2.2.

Effective onboarding training is auto-triggered by the HRIS on hire date rather than scheduled manually. The first 90 days carry the highest phishing click-through rate, so habits formed during this window have outsized downstream effect. Per-hire evidence packages, signed acceptable-use acknowledgements, and manager dashboards turn a one-time event into an audit-ready process.

RansomLeak runs onboarding security training as interactive 3D simulations rather than passive video, with HRIS integrations for Workday, BambooHR, Rippling, ADP, and SuccessFactors. Exercises auto-assign on hire date, completion tracks against a 30-day deadline, and managers get a single-screen view across direct reports. Each finished hire produces a PDF evidence packet ready for the next audit cycle.

Frequently Asked Questions

What security teams ask before picking this use case.

How long does the onboarding security training take to complete?

Most new hires finish the default sequence in 90 to 120 minutes spread across the 30-day window. Each exercise runs 12 to 20 minutes and can be paused and resumed. Customers can shorten or extend the curriculum based on role.

Which HRIS systems does RansomLeak integrate with?

Direct integrations exist for Workday, BambooHR, Rippling, ADP Workforce Now, and SAP SuccessFactors. SCIM and webhook endpoints support any other HRIS that emits a new-hire event. Manual CSV upload is available as a fallback.

Can we customize the exercise mix for different roles?

Yes. Default curricula exist for general staff, finance and revenue, engineering, and clinical roles. Each customer can swap exercises in or out and apply different curricula by department, location, or job title via the HRIS attribute.

What happens if a new hire does not complete on time?

Reminder emails fire on day 7, 14, and 21. At day 28, the manager receives a non-completer notification. At day 30, HR ops receives an escalation. Some customers add a credential-revocation hook for hard deadlines, the platform supports a webhook on overdue.

Does the program produce audit evidence per employee?

Every completed hire gets a PDF evidence packet with completion timestamps, exercise scores, the signed acceptable-use policy, and the list of scenarios practiced. Bulk export by date range covers any audit window.

Can managers see completion status for their direct reports?

Yes. Managers get a single dashboard scoped to their reporting line. They can nudge a non-completer with one click. The dashboard never exposes data outside the manager scope.

How does this fit with our existing LMS?

Two options. Run RansomLeak standalone with HRIS integration, or export each exercise as a SCORM 1.2 or 2004 package and assign through your LMS. SCORM exports cover Cornerstone, Workday Learning, SAP SuccessFactors LMS, Docebo, and 50+ other platforms.

Related Reading

Security Awareness Training: The Complete Guide

Read article

Phishing Simulation Training Guide

Read article

Password Security Training for Employees

Read article

Free Security Awareness Training Resources

Read article

Compliance Training for Regulated Industries

Read article

Run This Use Case With Your Team

Book a 30-minute walkthrough. Tell us what you are running. We will scope the assignment template and rollout timeline.

Book a Demo Browse Free Catalogue