Internet & Security Awareness Training

Think secure.
Work protected.

Modern attacks target both technology and human behaviour. This training explains how to recognise common threats, protect company information, and respond quickly when something goes wrong.

$4.44M

Average global cost of a data breach in 2025

IBM Cost of a Data Breach 2025
44%

Breaches involving ransomware in 2025

Verizon DBIR 2025
$3B+

Reported Business Email Compromise losses in 2025

FBI IC3 2025
$16.2M

Average annual insider-risk cost per organisation

CISA Insider Threats 101
68%

Breaches involving the human element

Verizon DBIR
Why it matters

The business impact of cyber attacks

Security incidents can damage trust, interrupt operations, expose information, and create substantial financial and regulatory consequences.

Reputational damage

Clients, recruits, and partners may lose confidence in an organisation that cannot safeguard information.

Financial loss

Attackers may commit fraud, interrupt operations, or make important systems unavailable.

Regulatory fines

Data breaches can trigger serious regulatory action, including substantial GDPR penalties.

System compromise

Exposed credentials may allow attackers to extract, manipulate, destroy, or block access to data.

Module 1

Ransomware & Malware Protection

01

General information: Ransomware is malicious software that blocks access to files, systems, or networks and demands payment for restoration. Modern attacks often combine encryption with data theft, meaning the victim may face both operational shutdown and the threat of public data exposure. Infection can begin through a malicious attachment, unsafe download, compromised website, stolen account, or unpatched system.

PUBLIC DATA — REAL-WORLD IMPACTRansomware was present in 44% of breaches analysed in Verizon’s 2025 DBIR and increased 37% year over year.

FBI IC3 recorded more than 3,600 ransomware complaints and over $32 million in directly reported losses in 2025. Complaint totals do not fully capture business interruption, recovery specialists, replacement equipment, legal work, lost customers, or ransom payments handled outside IC3 reporting.

  • Ransomware can stop payroll, customer service, production, payments, and access to shared files.
  • Affected organisations may also face a second extortion demand when stolen information is threatened with publication.
Verizon 2025 DBIR · FBI IC3 2025

Typical attack lifecycle

1. Infection
2. Encryption
3. Ransom note
4. Payment demand

Corporate protection

  • Follow antivirus prompts immediately.
  • Do not open unexpected links or attachments.
  • Check full filenames and extensions.
  • Store company information in approved cloud storage.

Personal backup rules

  • Back up important files to external storage.
  • Disconnect the drive when the backup finishes.
  • An attached backup can also be encrypted during an attack.

Key takeaways

  • Act immediately on security alerts.
  • Watch for disguised files such as Document.pdf.scr.
  • Physically disconnect personal backup media after use.
Module 2

Social Engineering & Phishing Awareness

02

General information: Social engineering attacks exploit trust, authority, fear, urgency, curiosity, or routine business processes. Instead of breaking technical controls directly, the attacker persuades a legitimate user to click, disclose, approve, pay, or grant access. Phishing may arrive through email, SMS, voice calls, social media, collaboration platforms, or fake login pages.

PUBLIC DATA — REAL-WORLD IMPACTBusiness Email Compromise generated about $3 billion in reported losses during 2025.

The FBI has documented more than $55 billion in global exposed BEC losses from October 2013 through December 2023. IBM’s 2025 breach research also identified phishing as the most common initial vector, accounting for 16% of studied breaches and averaging about $4.8 million per incident.

  • A single fake supplier-bank-change email can redirect a genuine payment.
  • Attackers frequently wait inside a compromised mailbox until a high-value conversation appears.
FBI BEC advisory · IBM attack-vector research

Phishing & whaling

Messages impersonate trusted people or organisations. Whaling targets executives and senior decision-makers.

BEC & impersonation

Attackers imitate colleagues, managers, vendors, or finance contacts to redirect payments or obtain information.

Baiting & scareware

False rewards or alarming warnings pressure victims into downloading software, paying money, or sharing access.

The five-point email check

1. Sender

Check for unknown senders, unusual behaviour, and look-alike domains.

2. Date & recipients

Watch for strange sending times or unrelated recipient groups.

3. Subject & attachments

Treat unexpected files, irrelevant subjects, and fake reply threads as suspicious.

4. Hyperlinks

Hover over links and confirm the true destination before clicking.

5. Core content

Urgency, threats, rewards, generic greetings, and emotional pressure are red flags.

Remember: An alarming message that appears to come from your own address may simply use spoofed sender information. Do not panic—report it.

Key takeaways

  • Verify links rather than trusting visible text.
  • Look for urgency, spoofing, and subtle spelling changes.
  • Consult IT whenever you are uncertain.
Module 3

The Internal Threat Landscape

03

General information: An insider threat exists when a person with authorised access, trusted knowledge, or physical proximity creates harm. The person may be an employee, contractor, former worker, supplier, or partner. The event may be deliberate, accidental, or caused by someone knowingly bypassing policy for convenience.

PUBLIC DATA — REAL-WORLD IMPACTVerizon reported that 29% of EMEA breaches in its 2025 dataset involved internal actors or internal actions.

That included 19% attributed to mistakes and 8% to misuse. IBM’s 2025 global benchmark placed the average breach cost at $4.44 million, illustrating the potential financial scale when an internal error or misuse exposes sensitive information.

  • Common examples include sending data to the wrong recipient, excessive file sharing, lost equipment, and unauthorised copying.
  • Internal incidents can trigger investigation, notification, legal, regulatory, and customer-remediation costs.
Verizon 2025 EMEA findings · IBM 2025 breach cost

Malicious

Intentional theft, sabotage, fraud, espionage, or deliberate disclosure.

Accidental

Clicking a phishing link, sending information to the wrong person, or losing equipment.

Non-malicious

Knowingly bypassing policy for convenience without intending to cause harm.

Key takeaways

  • Intent is not required for an insider threat.
  • Breaking security rules to work faster can leave the company vulnerable.
Module 4

Credential Security, MFA & Identity Protection

04

General information: Identity attacks focus on passwords, authentication prompts, recovery details, browser sessions, and trusted devices. A stolen password may be reused automatically against many services, while an attacker with a stolen session cookie can sometimes continue as an already authenticated user without seeing another MFA prompt.

PUBLIC DATA — REAL-WORLD IMPACTIBM measured the 2025 global average data-breach cost at $4.44 million; the United States average reached $10.22 million.

Credential abuse, phishing, stolen browser sessions, and weak recovery settings can turn one compromised identity into access across email, cloud storage, finance systems, and customer platforms.

  • IBM reported that phishing initiated 16% of studied breaches and averaged approximately $4.8 million per breach.
  • Session theft is especially dangerous because the attacker may appear to be an already authenticated user.
IBM Cost of a Data Breach 2025 · IBM attack vectors

Password rules

  • Use strong, unique passwords.
  • Avoid dictionary words and predictable patterns.
  • Use a password manager.
  • Do not reuse corporate passwords elsewhere.
  • Do not save corporate passwords in browsers.

Two-step verification

  • MFA adds a second confirmation step.
  • Use trusted authentication applications.
  • Never approve an unexpected prompt.
  • MFA is powerful, but malware can still steal active sessions.

Session cookie hijacking

User logs in
Browser creates session
Malware steals cookie
Attacker imports session

A stolen session cookie may allow an attacker to bypass the normal username, password, and MFA prompts because the service sees an already authenticated session.

Key takeaways

  • Use a dedicated password manager.
  • Do not assume MFA protects an infected browser session.
Module 5

Man-in-the-Middle & Network Security

05

General information: A man-in-the-middle attack occurs when an attacker intercepts or alters communication between two parties that believe they are communicating directly. The attacker may use a rogue wireless network, compromised router, fake certificate warning, poisoned DNS response, cloned website, or a look-alike participant inserted into an email conversation.

PUBLIC DATA — REAL-WORLD IMPACTNetwork and communication attacks often become financially visible as payment fraud or credential-driven breaches.

FBI IC3 recorded about $3 billion in BEC losses in 2025, while IBM’s 2025 global average breach cost was $4.44 million. An attacker who intercepts a supplier conversation or captures credentials on a fake network may redirect a legitimate transfer or enter systems as the victim.

  • Rogue hotspots can imitate trusted Wi-Fi names.
  • Ignoring browser certificate warnings or entering credentials into a cloned page can expose an entire account.
FBI IC3 2025 · IBM 2025 breach cost

Public Wi-Fi

Treat public hotspots as unsafe. Avoid sensitive work or use the approved VPN when necessary.

Fake login pages

Check the browser address bar before entering credentials. A realistic design does not prove a page is legitimate.

Email thread insertion

Attackers may enter an active conversation using an address with a one-character domain change.

Key takeaways

  • Use a secure VPN on untrusted networks.
  • Inspect the destination URL before signing in.
  • Watch for changed addresses inside existing email threads.
Module 6

Comprehensive Protocols & Physical Security

06

General information: Cybersecurity depends on physical behaviour as much as software. An unlocked laptop, visible password, discarded document, unattended printout, or lost storage device can bypass strong technical controls. Physical access may also let an attacker connect unauthorised equipment, photograph confidential information, or use an already authenticated session.

PUBLIC DATA — REAL-WORLD IMPACTPhysical exposure can produce the same financial consequences as a remote cyberattack.

IBM’s 2025 benchmark placed the average global data-breach cost at $4.44 million. Verizon’s EMEA findings attributed 19% of breaches to mistakes, a category that can include misdelivery, accidental exposure, and failures to protect information or equipment.

  • An unlocked device may give immediate access to email and active browser sessions.
  • A lost laptop, exposed printout, photographed whiteboard, or discarded document can create notification and investigation obligations.
Verizon 2025 EMEA findings · IBM 2025 breach cost

Physical security

  • Prevent shoulder surfing when entering passwords or PINs.
  • Lock Windows with Windows + L when leaving.
  • Secure documents and erase whiteboards.
  • Shred sensitive paper rather than discarding it intact.

Proactive best practices

  • Install operating system and software updates.
  • Follow urgent IT restart instructions.
  • Verify alerts by manually opening the known service.
  • Use trusted examples to compare suspicious vendor messages.
If you fall for a scam: Stop, slow down, change exposed credentials immediately, and contact IT through an approved channel so the device and active sessions can be investigated.
Reference

Core security terminology

PII

Information that can identify, locate, or distinguish a person, such as names, addresses, passport numbers, and biometric data.

PHI

Identifiable health or medical information protected under applicable privacy rules.

FTI

Tax return, payment, and processing information subject to strict controls.

PCI

Payment-card information including card numbers, cardholder details, expiry dates, and security codes.

Generative systems: AI-generated content can be polished but inaccurate. Criminals also use these systems to create convincing phishing messages, audio, and video. Verify accuracy and copyright suitability before professional use.
Public references

Sources used for expanded statistics

Loss figures are based on reported incidents and research samples. Actual organisational impact may include downtime, legal costs, response services, lost customers, regulatory action, and reputational damage that are not fully captured in complaint totals.