🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Security Free

Information Security Awareness

Employees learn to identify phishing, protect passwords, browse safely, secure devices, and handle data responsibly, ensuring compliance with security policies and rapid incident reporting across the organization.

Who Should Take This

All staff members, from front‑line associates to senior managers, benefit from this course. It targets employees with no technical background who need practical guidance to recognize threats, follow security policies, and report incidents promptly, supporting the organization’s overall risk reduction.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

67 learning goals
1 Phishing and Social Engineering
4 topics

Attack Types and Techniques

  • Describe the characteristics of email phishing, spear phishing, and whaling attacks and explain how attackers tailor messages to different target audiences.
  • Identify the characteristics of vishing (voice phishing) and smishing (SMS phishing) attacks and describe the psychological tactics attackers use in phone-based social engineering.
  • Describe physical social engineering techniques including tailgating, pretexting, baiting with USB drives, and impersonation of authorized personnel.
  • Identify how attackers use AI-generated deepfakes, voice cloning, and sophisticated language models to create more convincing social engineering attacks.

Recognition and Prevention

  • Apply phishing recognition techniques to identify suspicious emails by examining sender addresses, urgency cues, grammar anomalies, mismatched URLs, and unexpected attachments.
  • Apply verification procedures to validate suspicious requests by contacting senders through known channels before acting on urgent financial or data transfer requests.
  • Analyze realistic phishing scenarios to distinguish legitimate communications from social engineering attempts based on contextual clues, sender behavior patterns, and request appropriateness.

Reporting Social Engineering

  • Apply the correct reporting procedure when a phishing attempt is identified, including forwarding to the security team, not clicking links, and preserving the original message for analysis.

Business Email Compromise

  • Describe business email compromise (BEC) tactics including CEO fraud, invoice redirection, payroll diversion, and vendor impersonation schemes targeting financial transactions.
  • Apply BEC prevention measures including verbal verification of wire transfer requests, dual-authorization for payment changes, and scrutiny of domain name lookalikes.
  • Analyze email scenarios to distinguish legitimate executive requests from BEC attempts based on urgency cues, communication channel anomalies, and process deviations.
2 Password and Authentication Hygiene
3 topics

Password Best Practices

  • Describe the characteristics of strong passwords including length, complexity, uniqueness, and the use of passphrases as a memorable alternative to random character strings.
  • Identify common password mistakes including password reuse across accounts, dictionary words, personal information, predictable patterns, and sharing credentials via email or chat.
  • Explain how password managers generate, store, and autofill unique passwords for each account and describe the security benefits over manual password management.

Multi-Factor Authentication

  • Describe the three authentication factors (something you know, something you have, something you are) and identify examples of each including passwords, hardware tokens, and biometrics.
  • Compare MFA methods (SMS codes, authenticator apps, hardware security keys, push notifications) and analyze the security trade-offs of each approach.
  • Apply MFA enrollment procedures to enable multi-factor authentication on critical accounts including email, banking, and cloud storage services.

Credential Compromise

  • Identify indicators of credential compromise including unexpected login notifications, unfamiliar account activity, password reset emails not initiated by the user, and dark web exposure alerts.
  • Apply the correct response procedures when credential compromise is suspected, including immediate password changes, session revocation, security team notification, and account recovery steps.
3 Safe Browsing and Email Practices
5 topics

Web Browsing Safety

  • Explain how HTTPS protects data in transit and describe how to verify a website's security certificate before entering sensitive information.
  • Identify indicators of malicious websites including suspicious URLs, typosquatting domains, missing security certificates, excessive pop-ups, and unexpected download prompts.
  • Apply safe download practices by verifying file sources, checking file extensions, scanning downloads with antivirus software, and avoiding pirated or unofficial software sources.

Email Security

  • Apply safe email attachment handling by verifying sender identity, scanning attachments before opening, and recognizing dangerous file types (.exe, .scr, .js, .vbs, macro-enabled documents).
  • Apply URL inspection techniques to hover over links before clicking, verify domain names, identify URL shortener risks, and recognize disguised hyperlinks in emails.

Network Security Awareness

  • Describe the risks of using public Wi-Fi networks including man-in-the-middle attacks, evil twin access points, and packet sniffing and explain how VPNs mitigate these risks.
  • Apply safe practices for connecting to networks including verifying network names, using VPN connections for sensitive work, and disabling auto-connect on mobile devices.
  • Apply home network security practices including changing default router passwords, enabling WPA3 encryption, updating firmware, and segmenting IoT devices from personal computers.

Social Media Safety

  • Identify the security risks of social media oversharing including information harvesting for spear phishing, physical security risks from location sharing, and organizational data leakage.
  • Apply social media privacy settings and posting guidelines to minimize personal and organizational exposure while maintaining professional networking effectiveness.
  • Identify social media impersonation attempts including fake profiles, cloned accounts, and fraudulent brand pages and describe the appropriate reporting and verification steps.

Cloud Service Security Awareness

  • Apply secure cloud file sharing practices including verifying share permissions, using expiration dates on shared links, and avoiding public sharing of confidential documents.
  • Describe the risks of shadow IT including unauthorized cloud services, unapproved SaaS applications, and personal storage accounts used for work data.
  • Identify the security risks of using generative AI tools with confidential data including data leakage through prompts, model training on proprietary content, and compliance violations.
  • Analyze scenarios involving cloud service usage to determine whether data handling practices comply with organizational security policies and data classification requirements.
4 Device and Physical Security
4 topics

Endpoint Security

  • Apply screen locking practices to secure workstations and mobile devices when unattended and configure automatic lock timers appropriate to the work environment.
  • Explain why timely installation of operating system patches, application updates, and antivirus signature updates is critical for maintaining endpoint security.
  • Describe how full disk encryption protects data on lost or stolen devices and identify when encryption should be enabled on laptops, external drives, and mobile devices.

Mobile Device Security

  • Describe the security risks and organizational policies associated with bring-your-own-device (BYOD) programs including data separation, remote wipe capabilities, and acceptable use.
  • Apply safe mobile application practices including installing apps only from official stores, reviewing permission requests, and recognizing signs of malicious applications.

Physical Security

  • Apply clean desk policies to prevent unauthorized viewing of sensitive documents, lock away removable media, and secure printed materials containing confidential information.
  • Describe the security risks of unknown USB devices including malware delivery, data exfiltration, and rubber ducky attacks and explain why found USB drives should never be inserted into computers.
  • Describe proper media disposal procedures including secure wiping, degaussing, and physical destruction for hard drives, SSDs, USB drives, and printed documents containing sensitive data.
  • Apply visitor management and access control practices including badge verification, escort requirements, and challenge procedures for unrecognized individuals in secure areas.

Remote Work Security

  • Apply secure home office setup practices including using a dedicated work device, enabling VPN for corporate access, and physically securing devices from household members.
  • Apply travel security practices including avoiding sensitive work on public displays, using privacy screens, disabling Bluetooth and Wi-Fi when not needed, and securing devices in hotel rooms.
  • Analyze remote work scenarios to identify security gaps and recommend mitigations considering the physical environment, network security, and data handling requirements.
5 Data Classification and Handling
3 topics

Data Classification

  • Describe common data classification levels (public, internal, confidential, restricted) and identify the types of information that belong to each category.
  • Identify categories of personally identifiable information (PII) and sensitive personal data and explain why these require enhanced protection and handling procedures.
  • Apply data classification guidelines to categorize sample documents, emails, and datasets and determine the appropriate handling and storage requirements for each.

Data Handling Practices

  • Apply secure file sharing practices including using approved platforms, setting appropriate permissions, using expiring links, and avoiding sending sensitive data via personal email.
  • Apply data storage best practices including using encrypted storage for sensitive data, avoiding local storage of confidential files, and following retention schedules.
  • Analyze data handling scenarios to determine whether proposed actions comply with classification requirements and recommend corrective measures for policy violations.

Data Loss Prevention

  • Describe the purpose of data loss prevention (DLP) controls and explain how they monitor and prevent unauthorized transmission of sensitive data via email, web, and removable media.
  • Apply best practices to avoid triggering unnecessary DLP alerts while still sharing information effectively, including using approved channels and proper document classification labels.
6 Compliance and Reporting Obligations
4 topics

Incident Reporting

  • Describe the organization's incident reporting procedures including who to contact, what information to provide, escalation timelines, and the importance of timely reporting.
  • Identify security incidents that require reporting including suspected data breaches, unauthorized access attempts, lost or stolen devices, malware infections, and policy violations.
  • Apply evidence preservation practices when reporting a security incident including not deleting emails, capturing screenshots, noting timestamps, and avoiding system changes.

Regulatory Awareness

  • Describe the key principles of GDPR relevant to everyday work including lawful basis for processing, data subject rights, consent requirements, and breach notification obligations.
  • Describe HIPAA's core requirements for protecting health information including the Privacy Rule, Security Rule, and individual responsibilities for safeguarding PHI.
  • Analyze workplace data handling scenarios to determine which regulatory requirements apply and whether proposed actions comply with GDPR, HIPAA, or PCI-DSS obligations.

Organizational Policies

  • Describe the purpose and common provisions of an acceptable use policy covering internet use, email use, personal device use, and social media activity on corporate resources.
  • Identify insider threat indicators including unusual data access patterns, unauthorized copying of sensitive files, disgruntled behavior, and attempts to bypass security controls.
  • Analyze workplace scenarios to determine whether employee actions violate the acceptable use policy and recommend appropriate reporting and remediation steps.
  • Describe whistleblower protections and anonymous reporting channels available for reporting security concerns, ethical violations, or suspected illegal activity.

Security Culture and Training

  • Explain why information security is a shared responsibility across all employees, not solely the IT department, and describe how individual actions impact organizational security posture.
  • Describe the purpose of security awareness training programs, phishing simulations, and tabletop exercises in building organizational resilience against social engineering attacks.
  • Analyze organizational security scenarios to identify cultural weaknesses such as blame-oriented incident response, security fatigue, and inadequate management support for security initiatives.

Hands-On Labs

3 labs ~40 min total Console Simulator Code Sandbox

Practice in a simulated cloud console or Python code sandbox — no account needed. Each lab runs entirely in your browser.

Scope

Included Topics

  • Phishing and social engineering: email phishing, spear phishing, vishing, smishing, pretexting, baiting, tailgating, and whaling attacks with recognition and prevention strategies.
  • Password and authentication hygiene: password creation best practices, password managers, multi-factor authentication (MFA), biometric authentication, single sign-on concepts, and credential compromise indicators.
  • Safe browsing and email practices: HTTPS verification, suspicious link identification, attachment handling, browser security settings, ad blockers, safe download practices, and Wi-Fi security on public networks.
  • Device and physical security: screen locking, full disk encryption, mobile device management concepts, USB security risks, clean desk policies, visitor management, and secure disposal of media.
  • Data classification and handling: sensitivity levels (public, internal, confidential, restricted), data labeling, handling requirements per classification, data loss prevention awareness, and secure file sharing.
  • Compliance and reporting obligations: incident reporting procedures, regulatory awareness (GDPR basics, HIPAA basics, PCI-DSS basics), acceptable use policies, insider threat indicators, and whistleblower protections.

Not Covered

  • Technical security engineering: firewall configuration, intrusion detection systems, SIEM administration, or network security architecture.
  • Penetration testing methodologies, vulnerability scanning tools, or exploit development.
  • Cryptographic algorithm internals, key management infrastructure, or PKI administration.
  • Security certifications preparation (CISSP, Security+, CEH, etc.).
  • Specific vendor security product training or administration.
  • Incident response team operations, digital forensics, or malware reverse engineering.
  • Advanced threat hunting, red team operations, or security operations center (SOC) procedures.

Ready to master Information Security Awareness?

Adaptive learning that maps your knowledge and closes your gaps.

Subscribe to Access