OVERVIEW

Cybersecurity threats continue to grow in frequency and sophistication, with many successful attacks targeting people rather than technology. Employees are often the first line of defence against phishing, social engineering, ransomware, data breaches and other cyber risks.

This two-day programme is designed to build a strong Human Firewall within the organisation by increasing cybersecurity awareness, promoting secure digital behaviour, and equipping participants with practical skills to identify, prevent and respond to cyber threats. Through interactive discussions, case studies, simulations and hands-on exercises, participants will gain the knowledge and confidence required to protect organisational information assets and contribute to a stronger cybersecurity culture.

LEARNING OUTCOMES

Upon completion of this programme, participants will be able to:

1. Understand fundamental cybersecurity concepts and current cyber threat trends.
2. Identify common cyber attacks, including phishing, malware, ransomware, and social engineering.
3. Recognise suspicious emails, websites, links, and online activities.
4. Apply cybersecurity best practices when handling organisational information and digital assets.
5. Strengthen password management and authentication practices.
6. Protect sensitive and confidential data from unauthorised access and disclosure.
7. Respond appropriately to cybersecurity incidents and security breaches.
8. Contribute to building a cyber-aware and security-conscious workplace culture.

COURSE OUTLINE

• DAY 1: Cybersecurity Awareness & Threat Identification Module 1: Introduction to Cybersecurity

1. a) Understanding cybersecurity fundamentals
2. b) The importance of human factors in security
3. c) Current cyber threat landscape
4. d) Cybersecurity trends and organisational risks
5. e) Consequences of cyber incidents and breaches Module 2: Understanding Common Cyber

Threats

1. a) Malware, viruses, worms and trojans
2. b) Ransomware attacks and business disruption
3. c) Business Email Compromise (BEC)
4. d) Insider threats and accidental exposure
5. e) Data breaches and information theft

Module 3: Social Engineering Attacks

1. a) What social engineering means in daily work
2. b) Psychological manipulation techniques used by attackers
3. c) Phishing, spear phishing and whaling
4. d) Vishing (voice phishing) and smishing (SMS phishing)
5. e) Real-world attack case studies and lessons learned

Module 4: Phishing Detection Workshop

1. a) Identifying phishing emails and suspicious attachments
2. b) Recognising fake websites and login pages
3. c) URL inspection and link verification techniques
4. d) Safe browsing practices for work and personal devices
5. e) Practical phishing simulation exercises

Module 5: Cybersecurity Best Practices

1. a) Safe internet usage and digital hygiene
2. b) Email security guidelines
3. c) Secure use of social media and messaging platforms
4. d) Mobile device security
5. e) Remote working security practices

DAY 2: Data Protection, Incident Response & Human Firewall Culture Module 6: Password Security & Access Control

1. a) Common password vulnerabilities and risky habits
2. b) Creating strong and memorable passwords
3. c) Using password managers securely
4. d) Multi-factor authentication (MFA)
5. e) Access control principles and least privilege

Module 7: Data Protection & Information Security

1. a) Understanding sensitive and confidential information
2. b) Data classification and proper handling
3. c) Personal Data Protection Act (PDPA) awareness
4. d) Secure file sharing, storage and disposal
5. e) Data loss prevention practices

Module 8: Incident Response for Employees

1. a) Recognising security incidents and warning signs
2. b) Reporting procedures and communication channels
3. c) Immediate response actions for employees
4. d) Escalation process and evidence preservation
5. e) Lessons learned from cyber incidents

Module 9: Building a Human Firewall Culture

1. a) Security awareness responsibilities
2. b) Creating a cyber-aware workplace
3. c) Security habits and behaviour at work
4. d) Managing cyber risks in daily operations
5. e) Leadership and employee roles in cybersecurity

Module 10: Cybersecurity Simulation & Action Planning

1. a) Cyber attack scenario exercise
2. b) Team-based threat response activities
3. c) Knowledge assessment and review
4. d) Personal cybersecurity action plan development
5. e) Course review, discussion and commitment to action

METHODOLOGY

• Interactive Lectures (30%): facilitator-led presentations, group discussions and knowledge sharing sessions
• Case Studies (20%): analysis of real cyber incidents, lessons learned and best practice discussions
• Practical Exercises (20%): phishing detection activities, password security exercises and cyber risk identification
• Simulations & Role Plays (20%): social engineering simulations, incident response scenarios and team-based challenges
• Assessment & Reflection (10%): knowledge quizzes, group presentations and individual action planning