Employees are part of an organization’s attack surface, and ensuring they have the know-how to defend themselves and the organization against threats is a critical part of a healthy security program. If an organization needs to comply with different government and industry regulations, it must provide security awareness training to employees to meet regulatory requirements.


Employees should be educated on how to spot and report phishing and the dangers of interacting with suspicious links or entering credentials on a spoofed page. Phishing extends beyond the traditional Nigerian prince email scam. Overviews should cover spear phishing, suspicious phone calls, contact from suspicious social media accounts, etc. Examples of phishing attempts that have affected other similar organizations will also be helpful here.

Physical security

Physical security requirements can vary on an organization’s nature. Since businesses should already have a physical security policy in place, this is a great opportunity to make sure employees understand the parts of the policy that apply to them, such as locking desk drawers and rules about allowing guests into the office. Training should also review how to report physical security risks, such as someone in the building who isn’t wearing a guest badge or sensitive data that is left exposed.

Desktop security

Outline the potential consequences of failing to lock or shut off computers at appropriate times and plugging unauthorized devices into workstations.

Wireless networks

Explain the nature of wireless networks and outline the risks of connecting to unfamiliar ones.

Password security

Complex password requirements and prompting employees to change their passwords on a regular basis should already be enforced, but password security training is still important to explain the risks involved in reusing passwords, using easy-to-guess passwords, and failing to change default passwords immediately. Authorized password management tools may also be covered.


A training session on malware should define the types of malware and explain what they are capable of. Users can learn how to spot malware and what to do if they suspect their device has been infected.

Let's do something amazing!

Contact Us