Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Security Awareness Training: Cybersecurity Basics for Staff
Rating: 4.2 out of 5(71 ratings)
138 students

Security Awareness Training: Cybersecurity Basics for Staff

Spot phishing, social engineering, and everyday threats. A practical, no-jargon foundation for employees, remote workers
Created byDavid McHale
Last updated 6/2026
English

What you'll learn

  • Recognize phishing emails and social engineering tactics before falling victim
  • Implement essential security habits for personal and professional devices
  • Understand why cybersecurity attacks succeed and how to spot the red flags
  • Know exactly what to do when you suspect a security incident
  • Build a confident security mindset with no prior technical knowledge

Course content

3 sections10 lectures40m total length
  • Welcome to the course!3:57
  • What is Cyber Security?3:27

    What is Cybersecurity?

    Defending yourself against cyberattacks starts with understanding the risks associated with cyber activity, what some of the basic cybersecurity terms mean, and what you can do to protect yourself.

    It seems that everything relies on computers and the internet now.

    Communication like email, and smartphones.

    Entertainment like digital cable, and mp3s.

    Transportation like car engine systems, and airplane navigation.

    Shopping like online shopping, and credit cards.

    Medicine like medical equipment, and medical records...

    And the list goes on.

    How much of your daily life relies on computers?

    How much of your personal information is stored either on your own computer or on someone else's system?

    Cybersecurity involves protecting that information by preventing, detecting, and responding to cyber attacks.

    What are the risks to having poor cybersecurity?

    There are many risks, some more serious than others.

    Among these dangers are malware erasing your entire system…

    an attacker breaking into your system and altering files,

    an attacker using your computer to attack others,

    or an attacker stealing your credit card information and making unauthorized purchases.

    Unfortunately, there's no 100 percent guarantee that even with the best precautions some of these things won't happen to you, but there are steps you can take to minimize the chances.

    What can you do to improve your cybersecurity?

    The first step in protecting yourself is to recognize the risks and become familiar with some of the terminology associated with them.

    Hacker, attacker, or intruder.

    These terms are applied to the people who seek to exploit weaknesses in software and computer systems for their own gain.

    Although their intentions are sometimes fairly benign and motivated solely by curiosity, their actions are typically in violation of the intended use of the systems they are exploiting.

    The results can range from mere mischief like creating a virus with no intentionally negative impact to malicious activity such as stealing or altering information.

    Malicious code.

    Malicious code, also called malware, is a broad category that includes any code that could be used to attack your computer.

    Malware can have the following characteristics:

    It might require you to actually do something before it infects your computer.

    This action could be opening an email attachment or going to a particular webpage.

    Some forms of malware propagate without user intervention and typically start by exploiting a software vulnerability.

    Once the victim computer has been infected, the malware will attempt to find and infect other computers.

    This malware can also propagate via email, websites, or network-based software.

    Some malware claims to be one thing, while in fact doing something different behind the scenes.

    For example, a program that claims it will speed up your computer may actually be sending confidential information to a remote intruder.

    Examples of malware include: viruses, worms, and ransomware.

    Vulnerabilities.

    Vulnerabilities can be caused by software programming errors.

    Attackers may try to take advantage of these errors to infect your computer, so it is important to apply updates or patches that address known vulnerabilities.

    I’ll cover this more in our “Understanding Patches” module.

    I’ll see you in the next video!


  • What are Good Security Habits?5:01

    Let’s go over a few Good Security Habits to help you stay safe.

    There are some simple habits you can adopt that, if performed consistently, will dramatically reduce the chances that the information on your computer will be lost or corrupted.

    How can you minimize the access others have to your information?

    It may be easy to identify people who could gain physical access to your devices.

    Family members, roommates, coworkers, people nearby, and others.

    Identifying the people who have the capability to gain remote access to your devices is not as simple.

    As long as your device is connected to the internet, you are at risk for someone accessing your information.

    However, you can significantly reduce your risk by developing habits that make it more difficult.

    Improve password security.

    Passwords continue to be one of the most vulnerable cyber defenses.

    Create a strong password.

    Use a strong password that is unique for each device or account.

    Longer passwords are more secure.

    An option to help you create a long password is using a passphrase.

    Four or more random words grouped together and used as a password.

    To create strong passwords, the National Institute of Standards and Technology (NIST) suggests using simple, long, and memorable passwords or passphrases.

    Consider using a password manager.

    Password manager applications manage different accounts and passwords while having added benefits, including identifying weak or repeated passwords.

    There are many different options, so start by looking for an application that has a large install base so 1 million users or more and an overall positive review, more than 4 stars.

    Properly using one of these password managers will help improve your overall password security.

    Use two-factor authentication, if available.

    Two-factor authentication is a more secure method of authorizing access.

    It requires two out of the following three types of credentials:

    something you know like a password or PIN, something you have like a token or ID card, and something you are like a biometric fingerprint.

    Because one of the two required credentials requires physical presence, this step makes it more difficult for a threat actor to compromise your device.

    Use security questions properly.

    For accounts that ask you to set up one or more password reset questions, use private information about yourself that only you would know.

    Answers that can be found on your social media or facts everyone knows about you can make it easier for someone to guess your password.

    Create unique accounts for each user per device.

    Set up individual accounts that allow only the access and permissions needed by each user.

    When you need to grant daily use accounts administrative permissions, do so only temporarily.

    This precaution reduces the impact of poor choices, such as clicking on phishing emails or visiting malicious websites.

    Choose secure networks.

    Use internet connections you trust, such as your home service or Long-Term Evolution or LTE connection through your wireless carrier.

    Public networks are not very secure, which makes it easy for others to intercept your data.

    If you choose to connect to open networks, consider using antivirus and firewall software on your device.

    Another way you can help secure your mobile data is by using a Virtual Private Network service,.

    This allows you to connect to the internet securely by keeping your exchanges private while you use Wi-Fi.

    When setting up your home wireless network, use WPA2 encryption.

    All other wireless encryption methods are outdated and more vulnerable to exploitation.

    In early 2018, the Wi-Fi Alliance announced WPA3 as a replacement to the longstanding WPA2 wireless encryption standard.

    As WPA3-certified devices become available, users should employ the new standard.

    Keep all of your personal electronic device software current.

    Manufacturers issue updates as they discover vulnerabilities in their products.

    Automatic updates make this easier for many devices.

    Including computers, phones, tablets, and other smart devices.

    But you may need to manually update other devices.

    Only apply updates from manufacturer websites and built-in application stores.

    Third-party sites and applications are unreliable and can result in an infected device.

    When shopping for new connected devices, consider the brand’s consistency in providing regular support updates.

    Be suspicious of unexpected emails.

    Phishing emails are currently one of the most prevalent risks to the average user.

    The goal of a phishing email is to gain information about you, steal money from you, or install malware on your device.

    Be suspicious of all unexpected emails.

    I’ll cover this in more depth in our “Avoiding Social Engineering and Phishing Attacks” module.

    I’ll see you in the next video!


  • Security Habits Checklist
  • What is Cyber Security for Electronic Devices?3:44

    Next we’ll talk about Cybersecurity for Electronic Devices

    When you think about cybersecurity, remember that electronics such as smartphones and other Internet-enabled devices may also be vulnerable to attack.

    Take appropriate precautions to limit your risk.

    Why does cybersecurity extend beyond computers?

    Actually, the issue is not that cybersecurity extends beyond computers.

    It's that computers extend beyond traditional laptops and desktops.

    Many electronic devices are computers.

    From cell phones and tablets to video games and car navigation systems.

    While computers provide increased features and functionality, they also introduce new risks.

    Attackers may be able to take advantage of these technological advancements to target devices previously considered "safe."

    For example, an attacker may be able to infect your cell phone with a virus, steal your phone or wireless service, or access the data on your device.

    Not only do these activities have implications for your personal information, but they could also have serious consequences if you store corporate information on the device.

    What types of electronics are vulnerable?

    Any piece of electronic equipment that uses some kind of computerized component is vulnerable to software imperfections and vulnerabilities.

    The risks increase if the device is connected to the internet or a network that an attacker may be able to access.

    Remember that a wireless connection also introduces these risks.

    The outside connection provides a way for an attacker to send information to or extract information from your device.

    Let’s talk about a few ways you can protect yourself:

    First, Remember physical security.

    Having physical access to a device makes it easier for an attacker to extract or corrupt information.

    Do not leave your device unattended in public or easily accessible areas.

    Second, Keep software up to date.

    If the vendor releases updates for the software operating your device, install them as soon as possible.

    Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities.

    Third, Use strong passwords.

    Choose devices that allow you to protect your information with passwords.

    Select passwords that will be difficult for thieves to guess, and use different passwords for different programs and devices.

    Do not choose options that allow your computer to remember your passwords.

    Fourth, Disable remote connectivity.

    Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers.

    You should disable these features when they are not in use.

    Fifth, Encrypt files.

    If you are storing personal or corporate information, see if your device offers the option to encrypt the files.

    By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it.

    When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.

    Finally, Be cautious of public Wi-Fi networks.

    Follow these recommendations when connecting to any public wireless hotspot like on an airplane or in an airport, hotel, train/bus station or café:

    Confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate.

    Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network.

    Only use sites that begin with “https://” when online shopping or banking.

    Using your mobile network connection is generally more secure than using a public wireless network.

    I’ll see you in the next video!


  • How can you Protect Your Privacy Online?4:31

    Let's talk about Protecting Your Privacy.

    Before submitting your email address or other personal information online, you need to be sure that the privacy of that information will be protected.

    To protect your identity and prevent an attacker from easily accessing additional information about you, be cautious about providing your birth date, Social Security number, or other personal information online.

    How do you know if your privacy is being protected?

    Read the Privacy policy

    Before submitting your name, email address, or other personal information on a website, look for the site's privacy policy.

    This policy should state how the information will be used and whether or not the information will be distributed to other organizations.

    Companies sometimes share information with partner vendors who offer related products or may offer options to subscribe to particular mailing lists.

    Look for indications that you are being added to mailing lists by default—failing to deselect those options may lead to unwanted spam.

    If you cannot find a privacy policy on a website, consider contacting the company to inquire about the policy before you submit personal information, or find an alternate site.

    Privacy policies sometimes change, so you may want to review them periodically.

    Look for Evidence that your information is being encrypted

    To prevent attackers from stealing your personal information, online submissions should be encrypted so that it can only be read by the appropriate recipient.

    Many sites use Secure Sockets Layer (SSL) or Hypertext Transport Protocol Secure (https).

    A lock icon in the bottom right corner of the window indicates that your information will be encrypted.

    Some sites also indicate whether the data is encrypted when it is stored.

    If data is encrypted in transit but stored insecurely, an attacker who is able to break into the vendor's system could access your personal information.

    What additional steps can you take to protect your privacy?

    Do business with credible companies

    Before supplying any information online, consider the answers to the following questions:

    Do you trust the business?

    Is it an established organization with a credible reputation?

    Does the information on the site suggest that there is a concern for the privacy of user information?

    Is legitimate contact information provided?

    If you answered “No” to any of these questions, avoid doing business online with these companies.

    Do not use your primary email address in online submissions

    Submitting your email address could result in spam.

    If you do not want your primary email account flooded with unwanted messages, consider opening an additional email account for use online.

    Make sure to log in to the account on a regular basis in case the vendor sends information about changes to policies.

    Avoid submitting credit card information online

    Some companies offer a phone number you can use to provide your credit card information.

    Although this does not guarantee that the information will not be compromised, it eliminates the possibility that attackers will be able to hijack it during the submission process.

    Devote one credit card to online purchases

    To minimize the potential damage of an attacker gaining access to your credit card information, consider opening a credit card account for use only online.

    Keep a minimum credit line on the account to limit the amount of charges an attacker can accumulate.

    Avoid using debit cards for online purchases

    Credit cards usually offer some protection against identity theft and may limit the monetary amount you will be responsible for paying.

    Debit cards, however, do not offer that protection.

    Because the charges are immediately deducted from your account, an attacker who obtains your account information may empty your bank account before you even realize it.

    Take advantage of options to limit exposure of private information

    Default options on certain websites may be chosen for convenience, not for security.

    For example, avoid allowing a website to remember your password.

    If your password is stored, your profile and any account information you have provided on that site is readily available if an attacker gains access to your computer.

    Also, evaluate your settings on websites used for social networking.

    The nature of those sites is to share information, but you can restrict access to limit who can see what.

    Now you understand the basics of protecting your privacy.

    I’ll see you in the next episode!

  • Foundation Security Practices

Requirements

  • Any device with internet access (computer, tablet, or smartphone)
  • No previous cybersecurity knowledge required
  • Willingness to change a few habits that may be putting you at risk

Description

Why security awareness?

According to the Verizon 2026 Data Breach Investigations Report, the human element was involved in 62% of all breaches. Attackers rarely need to break the technology when they can simply trick a person. And with generative AI now used to industrialize phishing and social engineering, the lures are more convincing than ever.


Here is the part most people miss: the 2025 DBIR found that 8% of employees account for 80% of security incidents. The risk is human and it is concentrated, which means a little awareness in the right hands goes a long way.


This course gives you that awareness in under an hour. No jargon, no fear-mongering, no victim-blaming. Just the practical knowledge to recognize the threats that target ordinary people every day, and the habits that stop them.


What you will learn:

- How to recognize phishing and social engineering before you click

- The security habits that protect your devices, accounts, and privacy

- Why these attacks succeed, so you can spot the red flags yourself

- What to do the moment you suspect something is wrong


Who it is for:

This course is built for people, not security teams. If you use email, browse the web, or store anything digitally, it is for you. Employees, remote workers, team leads building a security culture, and complete beginners will all leave more confident and harder to fool.


You do not need any technical background. Bring any device and an open mind, and you will finish with skills that protect both you and the organization you work for.

Who this course is for:

  • Employees who want to keep themselves and their company safe
  • Individuals protecting themselves and their family from cybercriminals
  • Remote workers who need stronger security for a home office
  • Team leaders building a security awareness culture
  • Anyone who uses email, browses the web, or stores data digitally