Cyber Security Awareness Training Courses for Employees

A foundational course that introduces the core principles of cyber security, covering the threat landscape, common attack types, and essential habits every employee needs to stay safe online.

Relevant Compliance Frameworks

What employees will learn

• Understand the most common cyber threats facing organizations today
• Recognize social engineering tactics and suspicious activity
• Apply safe habits for email, passwords, and web browsing
• Know when and how to report a potential security incident

Why it matters

Cyber attacks frequently succeed because of simple human mistakes. This course builds a baseline of security awareness that helps every employee contribute to a safer workplace.

Covers the essentials of keeping laptops, phones, and other devices secure - from physical protection to software updates and encryption.

Relevant Compliance Frameworks

What employees will learn

• Keep devices updated and patched against known vulnerabilities
• Enable encryption and screen locks on all work devices
• Recognize signs of device compromise or tampering
• Follow safe practices for USB drives and external media

Why it matters

Lost, stolen, or unpatched devices are a common entry point for attackers and a frequent cause of data exposure.

Covers the risks posed by threats from within the organization, whether malicious, negligent, or compromised, and how to recognize the warning signs.

What employees will learn

• Understand the different types of insider threats
• Recognize behavioral indicators of potential insider risk
• Follow data handling and access control best practices
• Know how to report concerns through appropriate channels

Why it matters

Threats from within - whether malicious or accidental - are among the hardest to detect and can cause significant damage.

Covers the importance of strong, unique passwords and modern authentication practices that protect accounts from being compromised.

Relevant Compliance Frameworks

What employees will learn

• Create strong passwords and understand what makes them secure
• Avoid common mistakes like password reuse and predictable patterns
• Use password managers effectively
• Understand the role of multi-factor authentication

Why it matters

Weak and reused passwords remain a leading cause of data breaches. Strong credential hygiene is one of the simplest and most effective defenses.

Learn how phishing attacks work, why they remain the number one threat to organizations, and how to identify and respond to suspicious emails before they cause harm.

Relevant Compliance Frameworks

What employees will learn

• Identify phishing emails by examining sender details, links, and urgency cues
• Spot fake login pages and credential harvesting attempts
• Recognize common phishing tactics like impersonation and brand spoofing
• Verify suspicious requests through safe, out-of-band channels

Why it matters

Phishing is the number one attack vector used to compromise organizations. A single click can lead to credential theft, malware infection, or a full-scale data breach.

Focuses on protecting physical spaces, assets, and information from unauthorized access, tailgating, and social engineering in person.

Relevant Compliance Frameworks

What employees will learn

• Prevent tailgating and unauthorized building access
• Secure workstations, documents, and sensitive materials
• Recognize social engineering attempts in physical settings
• Follow clean desk and secure disposal policies

Why it matters

Physical security breaches like tailgating, unsecured workstations, and document theft are frequently overlooked but easily exploited.

Addresses the unique cyber security risks that remote and hybrid workers face, from unsecured home networks to shared device risks.

What employees will learn

• Secure your home network and Wi-Fi for work use
• Avoid risks when using public Wi-Fi or shared devices
• Follow best practices for video conferencing and file sharing
• Keep work data separate and protected outside the office

Why it matters

Remote workers operate outside the protections of the corporate network, making them a higher-risk target for attackers.

Teaches employees how to browse the internet safely, avoid malicious websites, and protect sensitive information while online.

Relevant Compliance Frameworks

What employees will learn

• Identify suspicious websites and unsafe download sources
• Understand HTTPS and certificate warnings
• Avoid browser-based attacks like drive-by downloads
• Use safe browsing habits on work and personal devices

Why it matters

Unsafe browsing habits expose organizations to malware, data theft, and account compromise through everyday web activity.

Prepares employees for the elevated security risks they face while travelling for business, including device theft, surveillance, and unsecured connections.

Relevant Compliance Frameworks

What employees will learn

• Protect devices and data when travelling domestically or internationally
• Avoid risks from public Wi-Fi, charging stations, and hotel networks
• Recognize surveillance and social engineering tactics targeting travellers
• Follow pre-trip and post-trip security checklists

Why it matters

Business travellers face elevated risks from public Wi-Fi, device theft, border inspections, and targeted surveillance.

Explains the risks of using unapproved software, apps, and cloud services, and why it matters for organizational security.

Relevant Compliance Frameworks

What employees will learn

• Understand what shadow IT is and why it creates risk
• Identify common examples of unapproved tools and services
• Follow approved processes for requesting new software
• Recognize the data security implications of shadow IT

Why it matters

Unapproved apps and services bypass security controls, create blind spots for IT teams, and can expose sensitive data.

Builds the skills to recognize suspicious activity in both physical and digital environments, enabling employees to act as an early warning system.

What employees will learn

• Spot unusual or suspicious behavior in the workplace
• Recognize digital red flags like unexpected access requests
• Develop a mindset of questioning and verifying
• Know how to escalate concerns without hesitation

Why it matters

Employees who are situationally aware are more likely to catch threats early - before they escalate into incidents.

Covers business email compromise and impersonation attacks where criminals pose as executives, suppliers, or trusted contacts to authorise payments or extract data.

Relevant Compliance Frameworks

What employees will learn

• Recognize common impersonation tactics like CEO fraud and vendor scams
• Verify payment and data requests through independent channels
• Spot email header anomalies and display name spoofing
• Follow financial controls that prevent impersonation-driven losses

Why it matters

Business email compromise and impersonation scams cause billions in losses globally each year.

Covers the growing threat of malicious QR codes used in both digital and physical attacks to redirect victims to credential-harvesting or malware sites.

Relevant Compliance Frameworks

What employees will learn

• Recognize the risks of scanning unknown QR codes
• Identify fake QR codes placed over legitimate ones
• Verify QR code destinations before entering any information
• Follow safe scanning practices on mobile devices

Why it matters

Malicious QR codes are increasingly used in phishing campaigns, posted in public spaces, and embedded in documents to bypass link-based defenses.

Focuses on SMS-based phishing attacks that bypass email filters and exploit the trust people place in text messages.

Relevant Compliance Frameworks

What employees will learn

• Identify suspicious text messages and smishing tactics
• Recognize fake delivery, banking, and account verification texts
• Avoid clicking links or calling numbers in unsolicited SMS
• Report smishing attempts to IT and mobile providers

Why it matters

SMS-based phishing bypasses traditional email security controls and catches people off guard on their personal devices.

Explores how attackers exploit social media platforms for reconnaissance, impersonation, and fraud targeting both individuals and organizations.

Relevant Compliance Frameworks

What employees will learn

• Recognize fake profiles and impersonation attempts
• Understand how attackers use social media for reconnaissance
• Protect personal and professional information online
• Identify social media scams like fake giveaways and phishing links

Why it matters

Attackers mine social media for intelligence and use it as a launchpad for targeted phishing, impersonation, and fraud.

Teaches employees how to recognize and respond to voice phishing - phone-based social engineering attacks that use urgency and authority to extract information.

Relevant Compliance Frameworks

What employees will learn

• Identify vishing call tactics like impersonation and urgency
• Verify caller identity through independent channels
• Resist pressure to share sensitive information over the phone
• Report suspicious calls to IT and security teams

Why it matters

Voice phishing leverages authority and urgency to trick victims into sharing credentials, financial details, or access.

Examines how artificial intelligence is being used by cyber criminals to create more convincing phishing emails, fake content, and automated scams.

Relevant Compliance Frameworks

What employees will learn

• Understand how AI is used to enhance phishing and social engineering
• Recognize AI-generated text, images, and voice content
• Identify red flags in AI-crafted scam messages
• Apply verification techniques to counter AI-enabled deception

Why it matters

AI-generated content makes scams harder to detect and dramatically lowers the cost for attackers to launch convincing campaigns.

Teaches employees how to recognize deepfake audio and video, and understand the risks these AI-generated forgeries pose to business operations and trust.

Relevant Compliance Frameworks

What employees will learn

• Understand what deepfakes are and how they are created
• Recognize visual and audio artifacts in deepfake content
• Identify scenarios where deepfakes may be used for fraud
• Verify identity through multi-channel confirmation

Why it matters

Deepfake audio and video can impersonate trusted figures to authorise fraudulent transactions or manipulate decision-making.

Helps employees understand the security and privacy risks of using AI tools at work, from data leakage to compliance violations.

Relevant Compliance Frameworks

What employees will learn

• Recognize what data should never be entered into AI tools
• Understand AI hallucinations and output reliability risks
• Follow organizational policies for approved AI tool usage
• Protect intellectual property and confidential information when using AI

Why it matters

Employees using AI tools may inadvertently leak sensitive data, create compliance risks, or rely on inaccurate outputs.

Introduces the security challenges associated with blockchain, cryptocurrency, and decentralised applications, including wallet security and smart contract risks.

Relevant Compliance Frameworks

What employees will learn

• Understand common blockchain and cryptocurrency threats
• Protect digital wallets and private keys
• Recognize crypto scams like rug pulls and phishing dApps
• Apply safe practices when interacting with Web3 platforms

Why it matters

Emerging blockchain-based technologies introduce new fraud vectors and security risks that traditional training doesn't cover.

Covers the California Consumer Privacy Act and how employees should handle the personal data of California residents.

Relevant Compliance Frameworks

What employees will learn

• Understand consumer rights under CCPA
• Identify personal information subject to CCPA
• Follow data handling and opt-out request procedures
• Recognize common CCPA compliance pitfalls

Why it matters

CCPA gives California consumers significant data rights that organizations must respect, with penalties for non-compliance.

Covers the UK Data Protection Act 2018 and UK GDPR requirements for employees handling personal data in the post-Brexit regulatory environment.

What employees will learn

• Understand UK GDPR principles and data subject rights
• Follow lawful data processing and retention requirements
• Handle subject access requests correctly
• Report personal data breaches promptly

Why it matters

The UK Data Protection Act governs personal data use post-Brexit, with significant penalties enforced by the ICO.

Provides practical guidance on India's Digital Personal Data Protection Act and how it affects the way employees handle digital personal data.

Relevant Compliance Frameworks

What employees will learn

• Understand the key principles of the DPDP Act
• Follow consent and purpose limitation requirements
• Handle data principal rights requests
• Support data fiduciary obligations in daily work

Why it matters

India's DPDP Act introduces significant data protection obligations for digital personal data, with substantial penalties for violations.

Provides a practical overview of the General Data Protection Regulation and what it means for employees who handle personal data.

Relevant Compliance Frameworks

What employees will learn

• Understand key GDPR principles and data subject rights
• Identify personal data and lawful processing requirements
• Follow breach notification and data handling procedures
• Apply data minimization and purpose limitation in daily work

Why it matters

Non-compliance with GDPR can result in fines of up to 4% of global revenue and significant reputational damage.

Covers the Health Insurance Portability and Accountability Act requirements for safeguarding protected health information (PHI).

Relevant Compliance Frameworks

What employees will learn

• Understand what constitutes PHI and ePHI
• Follow the Privacy and Security Rules in daily workflows
• Recognize common HIPAA violations and how to avoid them
• Handle patient data securely across systems and communications

Why it matters

Healthcare data breaches carry heavy penalties and erode the patient trust that healthcare organizations depend on.

Introduces the ISO 27001 information security management standard and explains how employees contribute to maintaining certification.

Relevant Compliance Frameworks

What employees will learn

• Understand the purpose and structure of ISO 27001
• Follow information security policies and procedures
• Recognize your role in maintaining the ISMS
• Report security events and non-conformities correctly

Why it matters

Maintaining ISO 27001 certification requires organization-wide awareness and consistent adherence to security management practices.

Covers the EU NIS2 Directive requirements and what they mean for employee responsibilities in essential and important entities.

Relevant Compliance Frameworks

What employees will learn

• Understand the scope and objectives of NIS2
• Follow incident reporting and risk management requirements
• Recognize your responsibilities under the directive
• Support supply chain security and governance obligations

Why it matters

NIS2 raises the bar for cyber security across essential and important EU entities, with management accountability for non-compliance.

Introduces the NIST Cybersecurity Framework and explains how employees support the Identify, Protect, Detect, Respond, and Recover functions.

Relevant Compliance Frameworks

What employees will learn

• Understand the five core NIST CSF functions
• Follow security controls aligned to the framework
• Recognize how your role supports each function
• Report incidents in line with NIST CSF guidance

Why it matters

The NIST Cybersecurity Framework is widely adopted as a security baseline by organizations across the United States.

Introduces Singapore's Personal Data Protection Act and explains employee obligations for handling personal data responsibly.

What employees will learn

• Understand PDPA data protection obligations
• Follow consent and purpose limitation requirements
• Handle data access and correction requests
• Report data breaches within required timeframes

Why it matters

Singapore's PDPA regulates personal data protection across all sectors, with financial penalties for non-compliance.

Introduces China's Personal Information Protection Law, one of the most comprehensive data protection frameworks in the world.

What employees will learn

• Understand PIPL consent and data processing requirements
• Follow cross-border data transfer rules
• Handle data subject rights requests
• Recognize the consequences of non-compliance

Why it matters

China's PIPL is one of the strictest data protection laws globally, with extraterritorial reach and severe penalties.

Covers South Africa's Protection of Personal Information Act and the responsibilities it places on employees who process personal information.

What employees will learn

• Understand the eight conditions for lawful processing
• Follow data subject request procedures
• Handle personal information securely and minimally
• Report information breaches through the correct process

Why it matters

POPIA protects personal information and imposes compliance duties, with the Information Regulator actively enforcing penalties.

Provides practical guidance on the Australian Privacy Act and Australian Privacy Principles for employees who collect or handle personal information.

What employees will learn

• Understand the Australian Privacy Principles (APPs)
• Handle personal information collection and disclosure correctly
• Follow breach notification requirements
• Apply data minimization and security safeguards

Why it matters

Australia's Privacy Act governs how personal information is collected, used, and disclosed, with increasing enforcement activity.

Covers New Zealand's Privacy Act 2020 and the Information Privacy Principles that guide how organizations handle personal information.

What employees will learn

• Understand the Information Privacy Principles
• Follow lawful collection and use requirements
• Handle access requests and corrections correctly
• Report privacy breaches through the correct process

Why it matters

New Zealand's Privacy Act sets clear obligations for collecting, storing, and protecting personal information.

Introduces the Australian Government Protective Security Policy Framework and explains employee obligations for safeguarding government information.

What employees will learn

• Understand the PSPF governance and security classifications
• Follow information, personnel, and physical security requirements
• Handle classified and sensitive information correctly
• Report security incidents through the appropriate channels

Why it matters

The PSPF sets mandatory security standards for Australian Government entities, and non-compliance can have national security implications.

Teaches employees how to handle payment card data securely in line with PCI DSS requirements, reducing the risk of fraud and compliance violations.

Relevant Compliance Frameworks

What employees will learn

• Understand PCI DSS fundamentals and cardholder data requirements
• Handle credit card information securely in transactions
• Recognize and prevent card skimming and fraud attempts
• Follow secure storage, transmission, and disposal practices

Why it matters

Mishandling payment card data can lead to PCI DSS violations, financial fraud, and significant fines.

Explains the SOC 2 trust service criteria and how employee behavior directly impacts audit outcomes and customer trust.

Relevant Compliance Frameworks

What employees will learn

• Understand the five SOC 2 trust service criteria
• Follow access control and change management procedures
• Recognize how daily actions affect SOC 2 compliance
• Support data security and availability obligations

Why it matters

SOC 2 compliance is essential for SaaS and service organizations that handle customer data and need to demonstrate trustworthiness.

Tailored for senior leaders, this course covers the cyber risks that executives uniquely face and their role in driving security culture from the top.

Relevant Compliance Frameworks

What employees will learn

• Understand why executives are high-value targets
• Recognize CEO fraud, whaling, and board-level social engineering
• Lead by example in security culture and policy adherence
• Make informed decisions about cyber risk and investment

Why it matters

Executives set the tone for security culture and are prime targets for sophisticated, high-value attacks.

Designed for finance professionals, this course covers the specific cyber threats targeting financial processes like payments, invoicing, and banking.

Relevant Compliance Frameworks

What employees will learn

• Recognize invoice fraud and business email compromise targeting finance
• Verify payment requests through independent channels
• Protect financial systems and banking credentials
• Follow dual-authorisation and segregation of duties controls

Why it matters

Finance teams are prime targets for invoice fraud, BEC, and payment redirection scams that can cause immediate financial loss.

Built for HR professionals, this course covers the unique risks HR teams face when handling sensitive employee data and recruitment processes.

Relevant Compliance Frameworks

What employees will learn

• Protect employee PII and sensitive HR records
• Recognize social engineering targeting HR processes
• Secure recruitment, onboarding, and offboarding workflows
• Follow data retention and access control best practices

Why it matters

HR handles highly sensitive employee data and is a frequent target for social engineering, fake job applications, and data harvesting.

Designed for legal professionals, covering the specific cyber threats targeting law firms and legal departments, including client confidentiality risks.

Relevant Compliance Frameworks

What employees will learn

• Protect client privilege and confidential legal documents
• Recognize social engineering and phishing targeting legal teams
• Secure legal tech platforms and communication channels
• Follow data handling practices aligned to professional obligations

Why it matters

Legal professionals handle privileged and confidential information that requires the highest levels of protection.

Designed for healthcare workers, covering the unique security challenges of handling patient data in fast-paced, high-pressure clinical environments.

Relevant Compliance Frameworks

What employees will learn

• Protect patient data across electronic health records and devices
• Recognize phishing and social engineering in healthcare settings
• Follow secure practices for shared workstations and clinical systems
• Handle data breaches in line with healthcare regulations

Why it matters

Healthcare workers handle sensitive patient data in time-pressured environments where security shortcuts can have serious consequences.

Tailored for real estate professionals, covering the cyber threats targeting property transactions, client funds, and communication channels.

Relevant Compliance Frameworks

What employees will learn

• Recognize wire fraud and settlement scams targeting real estate
• Verify payment instructions through independent channels
• Protect client data in property management systems
• Secure email and communication with buyers, sellers, and agents

Why it matters

Real estate transactions involve large sums of money and are frequently targeted by wire fraud and business email compromise.

Tailored for sales and business development teams, covering the cyber risks associated with external communication, CRM data, and client interactions.

Relevant Compliance Frameworks

What employees will learn

• Protect customer data in CRM systems and sales tools
• Recognize impersonation attempts targeting sales teams
• Follow safe practices for external file sharing and communication
• Secure demo environments and client-facing assets

Why it matters

Sales teams share data externally and communicate widely, making them vulnerable to impersonation, data leakage, and CRM compromise.

An accessible course for students covering the fundamentals of staying safe online, protecting personal information, and recognizing common digital threats.

Relevant Compliance Frameworks

What employees will learn

• Recognize phishing, scams, and suspicious links
• Protect personal information and social media accounts
• Use strong passwords and enable multi-factor authentication
• Know when and how to report a cyber incident

Why it matters

Students are increasingly targeted by cyber criminals and need to develop safe digital habits early.

Built for educators and school administrators, covering the cyber security risks associated with student data, digital learning tools, and school systems.

Relevant Compliance Frameworks

What employees will learn

• Protect student data and educational records
• Secure digital learning environments and classroom technology
• Recognize phishing and social engineering in education settings
• Follow safe practices for online teaching and communication

Why it matters

Educators manage student data and rely on digital tools that introduce security risks in often under-resourced IT environments.

Introduces the layered security strategy known as defense in depth, explaining how multiple controls work together to protect organizations.

What employees will learn

• Understand the principles of layered security
• Identify how controls at different layers complement each other
• Recognize gaps in single-layer defenses
• Support a defense-in-depth posture through daily practices

Why it matters

Layered security ensures no single point of failure compromises the organization - understanding this strategy is essential for technical teams.

Designed for IT admins and users with elevated access, covering the responsibilities and risks that come with privileged accounts.

What employees will learn

• Follow least privilege and just-in-time access principles
• Secure administrative credentials and session management
• Recognize attacks specifically targeting privileged accounts
• Audit and monitor privileged access activity

Why it matters

Privileged accounts have elevated access and are high-value targets - a compromised admin account can lead to full organizational breach.

Covers secure coding principles and practices for developers, helping them build software that is resilient to common vulnerabilities and attack patterns.

What employees will learn

• Apply OWASP Top 10 awareness to daily development
• Follow secure coding standards for input validation, authentication, and error handling
• Integrate security into the software development lifecycle
• Recognize and remediate common code-level vulnerabilities

Why it matters

Insecure code introduces vulnerabilities that attackers actively exploit - secure development practices prevent them at the source.

Covers the security challenges unique to critical infrastructure sectors like energy, water, transport, and telecommunications.

What employees will learn

• Understand the threat landscape for critical infrastructure
• Follow OT and IT security best practices
• Recognize attacks targeting industrial control systems
• Support incident response in critical infrastructure environments

Why it matters

Attacks on critical infrastructure can have widespread real-world consequences, making security awareness in these sectors essential.

Addresses the growing cyber security challenges facing schools, universities, and training providers, including student data protection and digital platform security.

What employees will learn

• Protect student and staff data across education systems
• Secure learning management systems and digital platforms
• Recognize cyber threats specific to education environments
• Follow incident response procedures for education providers

Why it matters

Education providers hold sensitive data and face growing cyber threats, often with limited security resources.

Covers security practices tailored to the financial services sector, including fraud prevention, regulatory compliance, and customer data protection.

What employees will learn

• Follow financial-sector security policies and controls
• Protect customer financial data and transaction systems
• Understand regulatory obligations specific to finance
• Recognize fraud tactics targeting financial institutions

Why it matters

Financial services are heavily targeted due to the value of assets and data, requiring sector-specific security awareness.

Tailored for government employees and contractors, covering the specific security requirements and threat landscape facing public sector organizations.

What employees will learn

• Follow government security classifications and handling procedures
• Understand nation-state and insider threat risks
• Comply with government-specific security frameworks and policies
• Report security incidents through government channels

Why it matters

Government entities face nation-state threats and strict compliance requirements that demand specialized security awareness.

Covers industry-specific security practices for healthcare organizations, addressing regulatory requirements, patient data protection, and clinical system security.

What employees will learn

• Follow healthcare-specific security policies and procedures
• Protect patient data across clinical and administrative systems
• Understand regulatory obligations like HIPAA and local health data laws
• Respond to security incidents in healthcare environments

Why it matters

Healthcare faces unique regulatory and operational security challenges that require industry-specific awareness and training.

Designed for small business environments, this course covers practical, resource-appropriate security measures that protect against the most common threats.

What employees will learn

• Implement essential security controls with limited resources
• Protect business data, email, and payment systems
• Recognize the most common threats targeting small businesses
• Build a basic incident response plan

Why it matters

Small businesses are disproportionately affected by cyber attacks due to limited resources and often lack dedicated security teams.