The human factor in cybersecurity
Technical security measures alone are not enough. Studies consistently show that over 90% of successful cyberattacks begin with human error — a clicked phishing link, a password shared over the phone, or an attachment opened from an unknown sender. Awareness training directly addresses this risk.
Training content
- Phishing recognition: How to identify suspicious emails, fake login pages, and malicious attachments
- Social engineering tactics: Pretexting, CEO fraud, vishing (phone-based attacks), and smishing (SMS-based attacks)
- Ransomware awareness: How ransomware spreads and what to do (and not do) if infected
- Password security: Password managers, multi-factor authentication (MFA), and why weak passwords are dangerous
- Safe use of email and internet: Avoiding shadow IT, secure file sharing, and public Wi-Fi risks
- Incident reporting: How and when to report suspected attacks to IT and the DPO
The GDPR connection
IT security awareness is not just a cybersecurity topic — it is a direct GDPR requirement. Art. 32 GDPR requires appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which explicitly includes staff training. A successful phishing attack leading to unauthorized access to personal data is a reportable data breach under Art. 33 GDPR.
Training formats
- Live online sessions (60–90 min) with interactive Q&A
- In-house workshops with hands-on phishing examples
- Phishing simulation campaigns — realistic test emails sent to your team, with follow-up training for those who click