History of cybercrime and landmark incidents
Current trends: volume of records leaked, cost to organizations
Why traditional defenses (e.g., firewalls) are not enough on their own

Basic security awareness: what it is and why it matters
How employees become targets and the losses associated with end-user hacks
Human error statistics: phishing success rates and spam volume.
Why policies only work when employees embrace them

Overview of major attack categories
Email-based threats: spam, phishing, spear phishing, whaling
Malicious QR codes and “lost” USB devices
Social engineering techniques (tailgating, baiting, pretexting)
Voice and text-based fraud: vishing and smishing
Malware types: worm, Trojan, botnet, viruses, spyware, ransomware, scareware

How attackers mine information from corporate and personal sources (websites, social media)
How seemingly harmless posts (vacation photos, job updates) can be used against you and your employer
End-User Best Practices

Typical social media scams: fake customer service accounts, account cancellation scams, fake prizes, fake trending videos
Additional scams: employment scams, catfishing, “photo of you” scams, “stuck abroad” scams, “see who viewed your profile”
Elements of an effective social media security policy (what can be posted, who can post, on which devices, pre-approval of content, limiting sensitive details)
Safe behaviors on social platforms: account hygiene, recognizing fake accounts, and avoiding suspicious links/attachments

Risks associated with hotspots, public Wi-Fi, and roaming
Device security: locking screens, tracking devices, encryption, and approved removable media
Keeping antivirus and other security tools up to date
Backups, secure connections (VPN, HTTPS), and physical security of workspaces

Personal vs business use of systems and data; proper data deletion and device disposal
Privacy framework (Part X – Personal Information): client rights, service provider obligations, and ministry responsibilities
Overview of organizational security measures: policies, mandatory training, simulations, awareness campaigns
Data classification: sensitive, internal, public – and why it matters for compliance and IP protection
Roles of IT help desk, Security Analyst, and Privacy Officer in breach handling and escalation

Hands-on “spot the clue” and phishing email activity
Common “giveaway” clues in phishing emails: generic greetings, poor grammar, low-quality logos, odd URLs, non-corporate sender addresses
Suspicious requests: urgent tone, requests for personal information, credential harvesting, risky attachments

Verifying URLs, safe browsing, avoiding indirect links, using HTTPS Password hygiene and multi-factor authentication Being cautious with attachments and unknown senders; “hover before you click.” When in doubt: contacting IT instead of guessing Supporting company efforts: aligning daily behavior with policy and defensive measures Guided exercise: drafting a simple personal cybersecurity plan (key habits, social media rules, device practices, response steps)