AGIDAT – Datenschutz | Informationssicherheit

Phishing & IT Awareness

Social engineering, ransomware, CEO fraud — training your team to recognize and respond to cyber threats.

The human factor in cybersecurity

Technical security measures alone are not enough. Studies consistently show that over 90% of successful cyberattacks begin with human error — a clicked phishing link, a password shared over the phone, or an attachment opened from an unknown sender. Awareness training directly addresses this risk.

Training content

  • Phishing recognition: How to identify suspicious emails, fake login pages, and malicious attachments
  • Social engineering tactics: Pretexting, CEO fraud, vishing (phone-based attacks), and smishing (SMS-based attacks)
  • Ransomware awareness: How ransomware spreads and what to do (and not do) if infected
  • Password security: Password managers, multi-factor authentication (MFA), and why weak passwords are dangerous
  • Safe use of email and internet: Avoiding shadow IT, secure file sharing, and public Wi-Fi risks
  • Incident reporting: How and when to report suspected attacks to IT and the DPO

The GDPR connection

IT security awareness is not just a cybersecurity topic — it is a direct GDPR requirement. Art. 32 GDPR requires appropriate technical and organizational measures to ensure a level of security appropriate to the risk, which explicitly includes staff training. A successful phishing attack leading to unauthorized access to personal data is a reportable data breach under Art. 33 GDPR.

Training formats

  • Live online sessions (60–90 min) with interactive Q&A
  • In-house workshops with hands-on phishing examples
  • Phishing simulation campaigns — realistic test emails sent to your team, with follow-up training for those who click