Online Employee Cyber Security Awareness Training
Generic, click-through training sometimes won’t be enough to combat today’s evolving cyber threats. Our interactive, hands-on security awareness workshops via Zoom put your team in real-world scenarios where employees can experience how they’d respond to simulated attacks.
Customised to your organisation, these sessions tackle the specific risks you face, from AI-generated scams to multi-stage phishing attacks.
Participants must reflect on how they would react to real-life cyber threat scenarios. They don’t just watch; they actively learn, question, and apply. The result? Higher engagement, better retention, and stickier behaviours.
Our interactive security awareness training makes people think, act, and protect your organisation's information assets—not just pass a quiz.
Does any of this sound familiar?
“I wouldn’t be a target”
Some of your users don’t believe they would be a target for a cyberattack.
“IT security is not my department, sorry”
Your employees don’t believe that IT security is their responsibility.
“It’s only a password”
Your employees don’t realise the ramifications of using weak or recycled passwords.
“The anti-virus has scanned the attachment, so it’s safe”.
Your organisation might use a sophisticated email gateway like Proofpoint or Mimecast and endpoint AV/EDR, which has lulled some of your users into a false sense of confidence. Some users might be unaware that modern malware uses some very stealthy evasive techniques, leaving your organisation vulnerable.
“But I know the sender, so it must be safe…”
Some of your employees believe that an attachment or URL is safe to open just because they might know the sender (such as a supplier or even a colleague). Account Take Over (ATO) attacks and internal phishing are common precursors to cyberattacks and financial fraud.
“I thought links from (insert Big Cloud Service Provider here) were safe to open”
Some of your employees believe that just because a link or file is hosted from a well-known cloud service, such as Microsoft or Dropbox, that it must be safe…
“It's only spam email, so it’s safe to open”
Some of your users might believe that spam emails are harmless because “they’re trying to sell you something, not trying to hack you”. While some spam is harmless, some spammy-looking emails can actually be conduits for credential-stealing malware.
“Two-Factor what?”
Some of your users don’t use two-factor authentication to protect critical services such as email or VPN, leaving your organisation vulnerable to attacks such as BEC or ransomware.
“How was I supposed to know that updating the software was important?”
Some users might be unaware of the importance of updating software on their devices.
“It was so annoying, so I just turned it off…”
Some of your users might disable security controls like endpoint protection or MFA without realising the implications.
“I checked up the telephone number that came up on my phone’s caller ID screen and Google said it was genuine…”
Some users are unaware of how caller ID spoofing works. This can lead some users to believe that the urgent call purporting to be from Microsoft, another software vendor, an IT support provider or a bank is genuine.
“I really needed to meet a deadline, so I just downloaded a free copy of the software instead”
Some users are unaware of how cybercriminals SEO-poison search engine results or use PPC advertising (malvertising) to propagate data-stealing malware in the guise of “free applications”.
“My laptop is password-protected, so if it ever gets lost or stolen, nobody will be able to access the data”
Some users are unaware that an operating system login password does not protect their data should their device get lost or stolen. And a lost or stolen unencrypted laptop that holds Personally Identifiable Information must typically be reported to your local friendly data protection officer. This could result in a fine (such as GDPR fine) and a mention in the media.
“Phew….that was close”
Your organisation has experienced several near-miss email, SMS or WhatsApp phishing incidents, and you want to lower your risk as much as possible.
One-size-fits-all? Not on our watch.
Our live online cybersecurity awareness training is tailored specifically to your industry. SaaS? Sorted. Government? Got it. Finance, healthcare, manufacturing, professional association? Covered. Because generic training is like using duct tape on a data breach - lazy and ineffective. Customisation means your team actually pays attention (and yes, that matters).
Death by e-learning? Not here. Our workshops are interactive, engaging, and dare we say actually enjoyable. Forget clicking through endless slides in silence. Your people get to ask questions, chat with a real human, and walk away smarter and more alert. It's training that sticks.
Our up-to-date training covers evolving attacks, such as AI-generated emails, AI-assisted impersonation attacks and multi-stage phishing attacks.
We give actionable advice on information and cybersecurity, which your team can use straightaway.
We deliver our training in plain English. (But if you’re craving jargon, we’ve got a secret stash—we just don’t lead with it…)
-
Our training is delivered by a SANS-certified (SSAP) human risk management trainer.
Our training workshop includes the option for our CyberGame, in which participants are divided into teams and asked to put what they have learned into practice immediately. This hands-on learning exercise helps participants consolidate and apply their recent learning to real-world contexts.
Key Business Outcomes
Reduction in Cyber Security Incidents
Our
evidence-based Human DTECTR training system reduces phishing and
social engineering-related incidents by up to 70%.
Improved Regulatory Compliance
SecureClick’s training helps your organisation comply with GDPR, IS027001, NIS2, and DORA regulations, reducing your risk of legal penalties.
Empowered Employees for Enhanced Productivity.
By equipping your employees with the knowledge to identify and prevent cyber threats, organisations can minimise disruptions caused by security incidents. This allows your IT teams to focus on strategic initiatives rather than incident management.
Your IT Policies Reinforced and Amplified
Our highly customised approach allows us to echo and reinforce your existing IT security policies. We build on your current security framework, bringing it to life, amplifying it and making it stick with your team.
Enjoy a Competitive Advantage when tendering for New Contracts
In an era where multinational and government entities are more concerned than ever about the information security of their supply chains, proof of security–aware employees can be a real competitive advantage.
Key Takeaways of our Security Awareness Workshop
|
|
Just some of the insights your team will learn… |
Phishing & Social Engineering |
How to recognise phishing emails, smishing (SMS / WhatsApp scams), vishing (voice scams), business email compromise (BEC), and social engineering tactics like pretexting and impersonation. How to recognise internal and supply-chain phishing attacks. Understand the weaknesses of technical defences such as firewalls, email gateways and endpoint AV. Your team will also learn how sophisticated phishing attacks like email thread hijacking work. |
Password Security |
The importance of strong, unique passwords, avoiding reuse, and using password managers. Your employees will be able to see the connection between weak passwords, credential theft and attacks such as ransomware. |
Ransomware |
How to detect the early stages of ransomware (email attachments, infected links), warning signs, and what to do if an attack happens. |
| Cyber Hygiene | We show your team how data-stealing malware can inadvertently be downloaded onto devices. How innocuous downloads like browser extensions can be used to steal passwords while going undetected by your technical defences. |
Physical Security & Tailgating |
How attackers might gain physical access to offices, “piggybacking” through doors, and the importance of securing devices.
|
| Social Media Safety | How oversharing or engaging with suspicious accounts can lead to attacks or social engineering attempts. |
Data Handling & Privacy |
How to safely handle sensitive personal, financial, or client data — both physically and digitally. |
Mobile Device Security |
Securing phones and tablets with passcodes, avoiding public Wi-Fi, using encryption on laptops and recognising mobile malware. |
Email & Web Security |
How to safely browse, avoid malicious links, and recognise website spoofing or malicious popups. The importance of two-factor authentication and how to spot the signs that a hacker is trying to defeat your two-factor authentication.
|
Reporting |
Encouraging prompt reporting of suspicious activities or potential threats. |
Case Study: Irish Regulatory Agency Arms Its Employees Against Phishing Attacks with SecureClick’s Interactive Security Awareness Workshop
How an Irish government agency strengthened its security posture with one of SecureClick’s live interactive security awareness and anti-phishing workshops.
A national government regulatory agency, which in the course of its work is responsible for managing sensitive personal data, including passport numbers, driver’s licenses, and PPS (social security) numbers, faced growing concerns over its cybersecurity resilience. While they had been using a standard security awareness e-learning platform for several years, feedback from management revealed a recurring issue:
“The cybersecurity threat scenarios were too simplistic relative to the threats we saw. They were like something you would make up yourself. We needed security awareness training that was more realistic and more reflective of the threats we and other Irish government agencies were seeing”
The Challenge
Cyberattacks targeting public sector organisations are becoming increasingly sophisticated, with phishing attempts and social engineering attacks designed to bypass traditional security controls by exploiting human error. If they were to experience a cyber-breach incident, it would mean operational disruption. If sensitive data were exfiltrated, it would possibly result in legal challenges. In the worst-case scenario, a ransomware attack would result in severe operational disruption and reputational damage. The agency realised that many of these attacks started with social engineering and wanted to lower their risk as much as possible.
The agency’s existing generic e-learning platform was static and unable to address:
Some employees did’nt believe they would be targets.
Other employees believed IT security was not their responsibility.
The evolving threat landscape, such as AI-generated phishing or deepfakes.
Managers recognised that continuing with off-the-shelf IT security awareness training would leave their people vulnerable, especially in a workplace where employees handle sensitive data that could have privacy consequences if compromised.
What They Required in a Security Awareness Solution
The agency sought a live, interactive training experience that would:
Be customised to their specific risks, systems, and data to drive employee engagement
Include real-life case studies of peer government agencies that had suffered breaches
Challenge employees’ assumptions about the dangers of over-relying on technical controls such as firewalls, email gateways, DLP systems and endpoint AV (EDR).
Equip staff with actionable skills to detect sophisticated phishing, smishing (SMS, WhatsApp) and other impersonation threats
Equip their remote working staff with actionable skills to handle scenarios like suspicious IT support or supplier requests.
In short, they wanted training that would genuinely change employee attitudes towards cybersecurity beyond quizzes and overly contrived scenarios, as their existing learning platform depicted.
The Solution
They partnered with SecureClick to deliver a series of live, instructor-led security awareness workshops via Zoom. The sessions were designed with
Custom scenarios tailored to government processes
Examples of real-life phishing emails, SMS and WhatsApp messages in circulation and social engineering tactics used against public sector employees.
Case studies of real-world breaches affecting similar agencies — illustrating what can actually happen, what went wrong and how it could have been prevented
Open, interactive discussions and Q&A sessions to address employees’ specific IT security concerns
We used our CyberGame, in which we divided participants into groups and asked them to assume the role of hackers. They were all provided with “methods of attack” (easy-to-understand) prompt sheets, which highlighted common (and not-so-common) technical and social engineering attack vectors in plain English. After this exercise, we asked them to reverse roles again – this time as defenders. They had to tell us what security measures they would employ to detect and mitigate threats such as email phishing and other social engineering threats. This is where they could put into context, in a very real and context-rich way, what they learnt during the training session.
The Outcome of SecureClick’s Training
After completing the training, both employees and management reported a significant shift in cybersecurity awareness:
Staff got way better at detecting sneaky phishing attempts, BEC scams, impersonation attempts and data slip-ups before they became security incidents.
Security isn't "someone else’s job" anymore.
People finally get how their role affects the whole agency’s security posture. They now realise they play an important role in securing their agency.IT teams felt the love.
With a 23% spike in reported suspicious activity, your helpdesk isn’t flying blind anymore.No more yawns during security talks.
People actually care now—they’re speaking up, and staying switched on. IT security isn’t so abstract to them anymore.
One agency manager remarked:
“By engaging SecureClick’s training, our employees saw what can actually happen and how cyberattacks play out against organisations such as ours. Employees now notice information and cybersecurity risks that they probably would have ignored before.”
Our interactive scenario-based security awareness training is predicated on two very simple concepts – the user knowing themselves and knowing the enemy.
Knowing
yourself
is crucial in cyber security awareness because it helps you recognise
your own habits, vulnerabilities, and emotional triggers that
attackers often exploit. Self-awareness enables you to adopt safer
online behaviours, avoid common traps like phishing, and learn from
past mistakes. It also improves your ability to respond calmly and
rationally during security incidents. Ultimately, understanding
yourself makes you a stronger first line of defence against cyber
threats.
Knowing the enemy or thinking like a hacker in security awareness helps users anticipate how, why, and where cyber attackers might strike. Some of the most successful cyber attacks use social engineering. And some of these are “curveball” attacks – they often use elements that are not though in conventional security awareness training.
Why we use a scenario-based (storytelling) approach?
Real-World Context – Employees see how threats such as phishing, credential theft, invoice fraud, BEC and account takeover unfold in familiar workplace situations, making training more relevant and memorable.
Active
Participation – Interactive decision-making keeps learners
engaged and reveals user blind spots in judgment or behaviour.
Evolving
Threat Awareness
– Scenarios reflect current attack methods, such as multistage
and AI-assisted phishing, helping teams stay sharp against the latest
social engineering tactics.
Case Study: How SecureClick’s Scenario-Based Training Helped an NGO Tackle Multi-Stage Phishing
Background
A global NGO working in humanitarian aid based in Zurich, Switzerland, was increasingly targeted by multi-stage phishing attacks. These threats evolved over several emails, often mimicking internal communications.
Despite prior awareness training, some of their staff struggled to understand what security awareness advice meant in a real-life context.
Challenge
The NGO needed to:
Train employees to detect sophisticated phishing attempts that unfold over time.
Provide more engaging, realistic training.
Improve decision-making under pressure.
Solution
All their employees took our online Human Risk Susceptibility survey (HRS) two weeks before the training. This enabled us to gauge their security baseline and identify security gaps based on their existing attitudes and behaviours.
Using insights from our HRS survey, we custom-designed scenario-based security awareness training for the agency that mimicked real-world, multi-stage phishing campaigns. Along with real-life case studies, we used a fictitious NGO called “Atlantic Point” to demonstrate to them how information security threats would play out in real life. This training was conducted over Zoom and lasted approximately 3 hours (with breaks). Each scenario:
• Reflected
real-life
social engineering
attacks that their agency faced before.
• Demonstrated the
awkward truth about the slip-ups that can occur when handling
sensitive
data.
•
Showed what’s been hitting
peer organisations—because
if it happened to them, it could hit you next.
• Forced some
honest
reflection and
self-awareness:
Would I
fall for that?
• Featured the latest
tricks in the cybercriminal
playbook—thread hijacking, slick credential phishing, and yes,
AI-generated scams.
Results
29% increase in employee phishing detection.
65% improvement in correct responses during table-top exercises.
63% more resilient to threats included in our post-training Human Risk Susceptibility Survey
-
Our Human Risk Survey and training helped management and IT teams identify security blind spots and gaps in their current security posture.
Mistakes to Avoid: Conducting Effective Live Instructor-Led Cyber Security Awareness Training for Employees
Security awareness should be aligned with your organisation’s risk profile
A
government agency holding citizen data, a law firm managing
confidential cases, and a retail chain handling payment card details
don’t face the same risks. If
you train everyone on generic threats, you miss what really matters
to your organisation. Aligning
training with your risk profile ensures you focus on the most likely
and impactful attack scenarios.
No
generic training
Imagine
a doctor prescribing the same pill to every patient, regardless of
symptoms. That’s what generic cybersecurity training does. It
overlooks your unique risks, behaviours, and culture.
Effective
protection needs tailored awareness, not one-size-fits-all content.
When your content is customised
Not meeting participants where they're at.
Every team perceives information and cybersecurity through a different mental framework. For training to truly stick, it’s essential to first understand how your people currently think about security and then build from there. Without this, training risks becoming little more than a one-way information dump—quickly forgotten and rarely applied.
Not fostering the right learning atmosphere.
Fostering the right atmosphere in instructor-led training is essential because people learn best when they feel safe, supported, and encouraged to participate. Singling out participants for questions in front of their peers can make them feel exposed or self-conscious. This anxiety shuts down engagement and learning and makes the experience feel threatening rather than supportive. A positive (and fun) environment keeps participants engaged, turning passive listeners into active contributors. It helps learners connect the material to real-world situations, making the content more meaningful and relevant. An open, interactive atmosphere also boosts memory retention and drives lasting behaviour change.
Using technical jargon is not always appropriate…
Following the advice to meet your participants where they’re at, it is strongly recommended that you avoid using technical jargon if your audience is not technical. For example, using the word “domain” instead of “website” can confuse non-technical audiences. Likewise, talking about “DLL side-loading” or “registry-based” malware attacks will be inappropriate for most audiences. The job of the security awareness practitioner is to engage and make the content relevant to the target audience.
Not showing participants the relevance or context of your training.
Teaching security concepts in isolation is helpful, but those lessons often fail to stick without real-world context. Participants need to understand not just what a threat is, but when, where, and how it might appear in their daily work, making context essential for building meaningful awareness and effective response habits. For example, many users still don’t understand the relevance of “not reusing passwords”. These users don’t understand their credentials (i.e. their username and password) can get sold by “access brokers” on the Dark Web to cybercriminal groups that specialise in ransomware attacks. This makes a seemingly “harmless” security behaviour into one that is now very relevant.
Not giving participants actionable information.
While sharing real-life case studies and explaining how cyberattacks occur is valuable, participants really want practical, actionable guidance on how to identify and respond to threats.
How to prevent phishing and other threats
How to prevent phishing and other threats…
Exposed Internet-Facing Ports
Hackers often scan networks for open ports such as RDP, SSH, or FTP.
Segmentation
Make sure your network is segmented using VLANS and subnetting. This can prevent or make it more difficult for hackers to move laterally across your network.
Endpoint Security Software
(EDR/XDR/MDR) – Virus and malware detection software is unfortunately fallible. However, quality endpoint virus / malware detection software should be installed on every Windows device. This should be enabled. Users should be educated how to update it (automatic updates are not always perfect) and to recognise (and report) if it ever suddenly becomes disabled (which can be a sign of an existing malware infection).
Multi-Factor Authentication
This should be enabled on all internet-facing devices and applications. Many organisations forget that MFA is not just about protecting email or bank accounts. It should also be used to protect VPN connections, file sharing services, and SSO authentication services.
Use a Password Manager
Contrary to popular user sentiment, password managers are still safer than devising your own password or writing them down. Password managers can also help in detecting impersonated domains. However, users should be educated on “fake password managers” that are still prevalent on app stores or appear in SEO-poisoned internet search engine results. They should also be educated on the importance of a unique and strong master password and using 2FA to protect their password manager.
Patch Management
Operating systems, applications, and hardware devices should be patched as soon as possible. There is an “exposure window” between the discovery of a vulnerability and the application of a patch, and hackers really like exploiting vulnerability gaps.
Failed Login Attempt Logging
Use a tool like Entra ID or Microsoft Sentinel to record failed login attempts on your M365 platform. These attempts can be viewed by IP location and device ID. If using Google Workspace, native logs can be used, (or a tool like Splunk) to alert you to suspicious logins.
Dark Web Monitoring Service
It might be worth subscribing to a Dark Web monitoring service to see if your organisation's credentials have been leaked online.
Backups
Use up-to-date, air-gapped backups. Many organisations discover too late that the threat actor has also wiped or encrypted their backups. This is why having air-gapped (or offline) immutable backups is so important.
Device Encryption
Many users still believe that should their laptop get lost or stolen their Windows login password will protect the data. Users need to be educated on just how easily their data will be accessible should their mobile computing device get lost or stolen. Effective information security management is not always about “cyber” threats – sometimes the biggest threats come from the inside.
Monitor your ESXi Environment
Speaking of backups, it might be a good idea to deploy ESXi monitoring software if your IT environment is virtualised. A favourite ploy of cybercriminals is deleting VM snapshots before a ransomware attack.
Software Control
Use software control utilities like AppLocker (Windows environment) to block potentially malicious executables.
Centralised Logging
Use a SIEM (such as MS Sentinel, Rapid 7 or Blumira) for spotting anomalies on your network, such as excessive PowerShell use at unusual hours from unusual locations.
Protect Privileged Accounts with a PAM
A privileged Access Management solution can protect the accounts of system administrators and root users. This is important because if a threat actors does infiltrate your network, a PAM solution can often act as a roadblock to lateral movement and to domain controller access.
Robust Information Security Awareness Training
Of course, we would strongly recommend this one! Your users are not your weakest link but your greatest security asset. Imagine if every user in your organisation had a “hacker mindset”. Imagine that just for one moment that when a user comes across something suspicious, they suddenly start questioning it. Or imagine if every user had the mindset of “this is most likely a hacker and I have a fair idea what they’re trying to do here”. Most cybercriminal organisations would go bust overnight. Or, imagine a user saying to a contractor, “No, we were not going to share that customer (or employee/patient/donor) list on Dropbox. We don’t have control of it. We can’t audit it properly. We don’t know how well your employees are going to protect it”. This is the essence of good security awareness. It’s not a “habit” or a “checkbox exercise” but a state of mind where information security is second nature. Effective security awareness training instils that mindset in people. And if you can do that in an engaging, relevant and fun way where the participants do change their IT security behaviours – all the better!