Online cyber security awareness training for employees

• About HHS
• Programs & Services
• Grants & Contracts
• Laws & Regulations

• Text Resize A A A
• Print

Left Nav: /about/agencies/asa

• Assistant Secretary for Administration (ASA)
• HHS COVID-19 Workplace Safety Plan
• About ASA
• EEO, Diversity & Inclusion has sub items, about EEO, Diversity & Inclusion
  • About EEO
    • No Fear
    • Programs & Offices
    • Personal Assistant Services
  • EEO Policy Statement
• Office of Organizational Management (OOM) has sub items, about Office of Organizational Management (OOM)
  • About OOM
  • Consulting Services
  • Fair Act Inventory
  • Contact Us
• Office of Human Resources (OHR) has sub items, about Office of Human Resources (OHR)
  • About OHR
    • OHR Divisions
    • Mission and Vision
    • Leadership
    • Contact Us
  • Begin Your Career at HHS
  • New Employee Orientation
  • HR Policy Library
• Office of the Chief Information Officer (OCIO) has sub items, about Office of the Chief Information Officer (OCIO)
  • About OCIO
    • What We Do
    • Our Mission
    • Plans & Reports
    • Contact Us
  • Artificial Intelligence (AI)
    • About Us
    • AI Strategy and Goals
    • AI Statutes and Authorities
    • AI Use Cases
  • Cybersecurity
    • HC3 Home Page
    • HC3 About Us
    • HC3 FAQ
    • HC3 Products
    • HC3 Victim Notification
    • HC3 Contact Us
• Program Support Center (PSC) has sub items, about Program Support Center (PSC)
  • Accounting
  • Acquisition Management Services
  • Board for Correction
  • Building Operations
  • Debt Collection
  • Federal Real Property Assistance Program (FRPAP)
  • FedResponse Contact Center
  • Financial Reporting Services
  • Grants Management
  • Indirect Cost Negotiations
  • Intake, Suitability, and Badging
  • Mail and Publishing
  • Physical Security, Emergency Management, and Safety
  • Real Property Policy and Strategy
  • Space Design and Construction
  • Supply Chain Management
  • Transportation Services
• PSC Federal Occupational Health (FOH) has sub items, about PSC Federal Occupational Health (FOH)
  • Office of the Director
  • Behavioral Health Services
  • Clinical Health Services
  • Environmental Health and Safety Services
  • Wellness and Health Promotion Services

Content created by Office of the Chief Information Officer (OCIO)
Content last reviewed December 7, 2020

What is security awareness training?

Security awareness training is a proven educational approach for reducing risky employee IT behaviors that can lead to security compromises. Through the efficient delivery of relevant information and knowledge verification on subjects including information security, social engineering, malware, and industry-specific compliance topics, security awareness training increases employee resilience to cyber attacks at home, on the move, and at the office.

By participating in security awareness training, employees learn to avoid phishing and other types of social engineering cyberattacks, spot potential malware behaviors, report possible security threats, follow company IT policies and best practices, and adhere to any applicable data privacy and compliance regulations (GDPR, PCI DSS, HIPAA, etc.)

Designed for Continuous Engagement

Multiple Media Formats

Extend your reach with Infographics, Posters, Videos and more

4 Learning Categories:

Security, Business, Compliance + IT Skills

200+ Phishing Templates

Adapted from real-world attacks

85+ Micro Learning Modules

Can be completed in 10 minutes or less

120+ Courses Available

All at one inclusive rate

Updates Every Month

Keeps education fresh

Empowering your employees to recognize common cyber threats can be beneficial to your organization’s computer security. Security awareness training teaches employees to understand vulnerabilities and threats to business operations. Your employees need to be aware of their responsibilities and accountabilities when using a computer on a business network.

New hire training and regularly scheduled refresher training courses should be established in order to instill the data security culture of your organization. Employee training should include, but not be limited to:

Responsibility for Company Data

Continually emphasize the critical nature of data security and the responsibility of each employee to protect company data. You and your employees have legal and regulatory obligations to respect and protect the privacy of information and its integrity and confidentiality.

Document Management and Notification Procedures

Employees should be educated on your data incident reporting procedure in the event an employee's computer becomes infected by a virus or is operating outside its norm (e.g., unexplained errors, running slowly, changes in desktop configurations, etc.). They should be trained to recognize a legitimate warning message or alert. In such cases, employees should immediately report the incident so your IT team can be engaged to mitigate and investigate the threat.

Passwords

Train your employees on how to select strong passwords. Passwords should be cryptic so they cannot be easily guessed but also should be easily remembered so they do not need to be in writing. Your company systems should be set to send out periodic automatic reminders to employees to change their passwords.

Unauthorized Software

Make your employees aware that they are not allowed to install unlicensed software on any company computer. Unlicensed software downloads could make your company susceptible to malicious software downloads that can attack and corrupt your company data.

Internet Use

Train your employees to avoid emailed or online links that are suspicious or from unknown sources. Such links can release malicious software, infect computers and steal company data. Your company also should establish safe browsing rules and limits on employee Internet usage in the workplace.

Email

Responsible email usage is the best defense for preventing data theft. Employees should be aware of scams and not respond to email they do not recognize. Educate your employees to accept email that:

• Comes from someone they know.
• Comes from someone they have received mail from before.
• Is something they were expecting.
• Does not look odd with unusual spellings or characters.
• Passes your anti-virus program test.

Social Engineering and Phishing

Train your employees to recognize common cybercrime and information security risks, including social engineering, online fraud, phishing and web-browsing risks.

Social Media Policy

Educate your employees on social media and communicate, at a minimum, your policy and guidance on the use of a company email address to register, post or receive social media.

Mobile Devices

Communicate your mobile device policy to your employees for company-owned and personally owned devices used during the course of business.

Protecting Computer Resources

Train your employees on safeguarding their computers from theft by locking them or keeping them in a secure place. Critical information should be backed up routinely, with backup copies being kept in a secure location. All of your employees are responsible for accepting current virus protection software updates on company PCs.

More Prepare & Prevent

Top Stories

Find an Agent

Need an Agent?

Get the personal service and attention that an agent provides.

Find a local agent in your area:

How much does cybersecurity awareness training cost?

How do you raise awareness on cybersecurity?

How do I train my employees for cybersecurity?

How can you promote cybersecurity awareness in the workplace?