Our more end-user adjustable and adaptive methodology consists of:
1. We use different forms for a specific audience,
2. We use many methods to deliver a message,
3. We use creativity and variety to current security concerns and other issues,
4. We use a scaffolding model to build end-user interest (greater independence in the learning process).
5. We use "one-on-one", "In person" and "Online" training. But also a "Blended" learning method.
How do we accomplish our end-user adjustable and adaptive methodology:
1. We will help you to create an internally relevant and timely newsletter to build awareness,
2. People love free stuff! (like coffee cups, pens, pencils, t-shirts),
3. Use your places where staff gathers and interacts with information (bulletin boards and mail stations),
4. Use posters and banners,
5. We offer memorable training and coursing,
6. Do you have developed a social media presence on internal social platforms?
Using the latest learning technologies and best practice that fits the organization.
Using short, task-oriented modules and sessions.
Limited class sizes, do not waste time waiting for a large group to need training.
Minimize the learner's job duties to allow them the time to engage with the training.
Using a program that uses poor methods hinder the transfer of knowledge, makes unnecessary expense and frustrated, poorly-trained employees.
Predrag Stipanovic - ISC2 CC Cyber security certified enthusiast - 7 steps to a strong SETA program
With human error playing a key part in 95% of cybersecurity breaches, managing employee cyber risk is essential for businesses around the world, to steer clear of a user-related data breach.
One core component of a strong human risk management (HRM) program is ongoing security awareness training that educates end-users on how to identify and combat modern threats, as well as best practices for staying security-savvy.
But deciding to launch this type of training comes with some common questions, first of all is “which topics should be included in the security awareness training?”.
In this article, we'll learn which topics should be included in the core security awareness training library for 2024/5.
Here is the list of most relevant cyber security awareness training topics for employees in 2025:
1. Phishing attacks
2. Removable media
3. Passwords and authentication
4. Physical security
5. Mobile device security
6. Working remotely
7. Public Wi-Fi
8. Internet and Email use
10. Security at home
As years before, phishing remains one of the most effective avenues of attack for cybercriminals. Having doubled in 2023, phishing attacks steadily increased throughout 2024, with remote work making it harder for businesses to ensure their users aren't falling victim.
But why is phishing still such a threat to businesses in 2025?
One of the major factors is how sophisticated these types of attacks have become. Attackers are now using smarter techniques to trick employees into compromising sensitive data or downloading malicious attachments.
For example, a business email compromise is a common form of phishing that uses prior research on a specific individual — such as a company's senior executive (email whaling) to create an attack that can be incredibly difficult to distinguish from a real email.
These more intelligent attacks in combine with the common misconception that phishing is 'easy to spot', in result gives businesses headache in 2025 to.
Another security awareness topic that is used daily by companies is removable media. Removable media is the portable storage medium that allows users to copy data to the device and then remove it from one device to another and vice versa. Universal serial bus (USB) devices containing malware can be left for end-users to find when they plug this into their device.
98% of USB drives were picked up, according to research! In addition, 45% of these drives were not only picked up, but individuals clicked on the files they found inside".
As well as understanding the risks your employees need to know how to use these devices safely and responsibly in your business. There are numerous reasons a company would decide to use removable media in their environment, (or move to the cloud). It is important that employees protect (personal or corporate) data on these devices.
A few common examples of removable media are:
This security awareness topic should be included in security awareness training and cover examples of removable media, why it's used in businesses, as well as how to prevent the risks such as lost or stolen removable devices, malware infections and other inconveniences coming with removable media.
A very simple but often overlooked element that can help a company's security is password security. Often commonly used passwords will be guessed by malicious actors in seconds in the hope of gaining access to your accounts/admin accounts.
Using simple passwords or having recognizable password patterns for employees can make it simple for cyber-criminals to access a large range of accounts. Once this information is stolen it can be made public or sold for profit on the dark web market.
Implementing randomized passwords can make it much more difficult for malicious actors to gain access to a range of accounts. Making passwords complex but not predictable can help on a big scale or even better use of passphrases instead of passwords.
Other steps, such as two-factor authentication, provide extra layers of security that protect the integrity of the account.
Companies should have policies about how to protect passwords. Do you have employees that keep their passwords on sticky notes under the keyboard? Though many attacks are likely to happen through digital mediums, keeping sensitive physical documents secured is vital to the integrity of your company's security system.
Simple awareness of the risks of leaving documents, unattended computers and passwords around the office space or home can reduce the security risk.
A clean desk policy (CDP) is a corporate directive that specifies how employees should leave their working space when they leave the office
By implementing a 'clean-desk' policy, the threat of unattended documents being stolen or copied can be significantly reduced.
Do not forget Win+L, when you leave your workspace.
The changing landscape of IT technologies has improved the ability for flexible working environments, and along with it more sophisticated security attacks.
With many people now having the option to work on the go using mobile devices, this increased connectivity has come with the risk of security breaches. For smaller companies this can be an effective way of saving budget, however, user-device accountability is an increasingly relevant aspect of training in 2022, especially for travelling or remote workers. The advent of malicious mobile apps has increased the risk of mobile phones containing malware which could potentially lead to a security breach.
Best practice online courses for mobile device workers can help educate employees to avoid risks, without high-cost security protocols. Mobile devices should always have sensitive information password-protected, encrypted or with biometric authentication in the event of the device being lost or stolen. The safe use of personal devices is necessary training for any employees who work on their own devices.
Make sure that the company have a mobile security policy signed by employees.
The obvious need for remote working in 2021, combined with the increasing uptake, led to many companies taking drastic steps towards full-time working from home policies. Remote working can be positive for companies. This trend does however pose an increased threat to security breaches when not safely educated on the risks of remote working. Personal devices that are used for work purposes should remain locked when unattended (not to play games by kids) and have anti-virus software installed. If a company wants to offer this incentive, it should focus on educating remote employees on safe working practices.
Going into 2022 it is likely that this trend will continue. Companies are hiring remote workers, and those who have adapted to the working from home (WFH) lifestyle may prefer to work this way. The need to train employees to understand and manage their own cybersecurity is apparent.
Some employees who need to work remotely, travel on trains and work on the move may need extra training in understanding how to safely use public Wi-Fi services. Fake public Wi-Fi networks, often posing in coffee shops as free Wi-Fi, can leave end-users vulnerable to entering information into non-secure public servers.
Educating users on the safe use of public Wi-Fi and the common signs to spot a potential scam will increase the company's awareness and minimize risk.
Some employees may have already been exposed to data breaches, by using simple or repeat emails for multiple accounts. This means that if one account is compromised, a hacker can use this password on work and social media accounts to access all the user's information on these accounts.
Often websites offer free software infected with malware, and downloaded applications from trusted sources only is the best way to protect the computer from installing any malicious software. Educating employees on safe internet habits should be a key part of any awareness training program, though some may see this training as obvious, it is a key part of the safety.
Many large websites have had large data breaches in recent years, if your information has been entered into these sites, it could have been made public and exposed your private information.
Social engineering is a common technique malicious actors use to gain employees' trust, offering valuable lures or using impersonation to gain access to valuable personal information. Employees need to be educated on security awareness topics that cover the most common social engineering techniques and the psychology of influence, in order to combat these threats.
Unfortunately, the threat of malicious actors does not stop when you leave the workplace. Many companies allow their employees to use their personal devices (Bring your own device - BYOD), which is a great cost-saving method and allows flexible working, however, there are risks associated with this. Unwittingly malware downloaded applications on personal devices can risk the integrity of the company's network if, for example, log-in details are compromised.
Additionally, the growing network of digital resources available to workers and companies has increased connectivity and productivity.
Increasing employee knowledge, sharing encrypted files and authenticating downloads will reduce the risk.
Predrag Stipanovic - ISC2 CC Cyber security certified enthusiast
If you are looking for cybersecurity training for your organization, then look no further.
cybersecnewbie.com. is the right place to be.
We run enterprise-level Courses in cybersecurity awareness training program and shapes secure habits that stick.
In the current threat landscape, strong security culture is absolute.
Businesses that would like to reduce security risk must invest in information security, raise cybersecurity awareness and reduces that risk by creating end-user awareness of critical security threats.
Cybersecnewbie.com help companies to comply with ISO, GDPR, and Cyber Essentials. We are focused on cyber security awareness training and human risk management with people in front of mind.
Most of the cybersecurity professionals know that the most efficient way to educate employees on how to fortify the human element of a company's security is through cybersecurity awareness training.
Remote and hybrid working places are especially sensitive. Phishing attacks, social engineering, compromised passwords and weak network security can expose businesses to attackers.
So why is it so important for businesses?
Increased security is the obvious reason why all businesses, big or small, should have employees of all levels learn the importance of protecting themselves and the company from human errors and cyber-attacks.
Finally, many compliance regulations such as ISO standards family, HIPAA, PCI, SOX, GDPR and CCPA, and many insurance requirements, require cybersecurity training for all employees.
All the courses are in English and Norwegian language.
Let`s learn and grow together
Cybersecnewbie.com