Security fundamentals and awareness
Security awareness Mindset or better security fundamentals is in the today’s business one of the most important things. The mechanism of social engineering and data phishing is very common.
Someone gives you a call or sent you an email with a request, information, a link or even a picture. That can leads to steal of your credentials, identity or route you to suspicious websites.
We all had that kind of situation and the chance to become a victim is higher than ever before. Imagine you have a busy day and after reading a lot of emails or have to get stuff done with a deadline you get an sms, WhatsApp or email with suspicious stuff. The chance that someone click the link or answer the sms is very high.
A lot of that spam are very good, they look like internal systems or famous websites. It will get more and more difficult to recognise the difference.
A lot of big companies use internal tests with fake spam to make employees aware what can happen but even to test their knowledge.
Target Audience
Technical and non-technical employees across all departments
Duration
- Compact version: 3–4 hours
- Standard version: 1 full day (recommended for better retention)
Learning Outcomes
- Identify spam and phishing attempts confidently
- Recognize and resist social engineering attacks
- Understand common cyberattack scenarios
- Assess risks related to AI and deepfakes
- Apply practical security behaviors in daily work
Module 1: Recognizing Spam & Phishing
Content
- What is spam vs. phishing
- How attackers disguise emails
- Dangerous links and attachments
Key Warning Signs
- Urgency (“Act now!”)
- Suspicious sender address
- Poor grammar or unusual tone
- Mismatched or shortened links
Practical Example
- 👉 “Your invoice is overdue – click here immediately”
- Leads to a fake login page
Exercise
- Participants analyze real vs. fake emails
Outcome
Employees avoid clicking malicious links and recognize phishing attempts
Module 2: Social Engineering
Content
- Understanding human manipulation tactics
- Common attack types:
- CEO fraud
- Fake IT support
- Phone scams
Practical Examples
- “This is IT support, I need your password”
- “The CEO needs an urgent transfer”
Attacker Techniques
- Authority pressure
- Urgency and stress
- Trust exploitation
Exercise
- Role-playing attack scenarios
Outcome
Employees protect sensitive information and verify requests
Module 3: Common Attack Scenarios
Content
- Typical attacks:
- Phishing → credential theft
- Ransomware → data encryption
- Malware → hidden infections
- Insider threats
Example Scenario
- Employee clicks phishing email
- Credentials are stolen
- Attacker accesses company systems
Impact
- Data loss
- Operational downtime
- Reputation damage
Outcome
Employees understand how their actions impact company security
Module 4: Security in the Age of Artificial Intelligence (AI)
Content
- Deepfake videos and voice cloning
- AI-generated phishing emails
- Fake identities and profiles
Examples
- Fake CEO voice call requesting urgent action
- Perfectly written phishing emails without errors
Safe Use of AI
- Do not input sensitive data into AI tools
- Verify AI-generated content
- Check sources critically
Outcome
Employees identify AI-driven threats and act cautiously
Module 5: Security Mechanisms & Best Practices
Content
- Strong passwords (passphrases)
- Multi-factor authentication (MFA)
- Software updates and patching
- Secure device usage
- Clean desk & screen policy
Best Practice Example
- Weak: “Summer2026!” ❌
- Strong: “MyDogLovesRunningInThePark!” ✔
Quick Wins
- Lock your screen
- Avoid unknown USB devices
- Report suspicious activity immediately
Outcome
Employees actively contribute to organizational security
Final Assessment
- Quiz or phishing simulation
- Optional refresher training every 6–12 months
Pricing
Option 1: Remote Training
- 3–4 hours
- Up to 20 participants
💰 € 1,500
Option 2: On-Site Training
- Full day
- Up to 15 participants
💰 € 2,200
Option 3: Scalable Program
- E-learning + live session
💰 € 90 per participant