Learn 8 best practices to protect companies against cyber threats from certified professionals for free with Cybrary's CIS Critical Security Control 14 course.

The cybersecurity awareness trainer role aligns with the NICE Workforce Framework to Oversee and Govern, Protect and Defend, and Securely Provision.

Here are your responsibilities in this role:

  • Train employees and users on how to recognize and prevent email security threats. This includes phishing scams, spoofing, vishing, whaling, and others.

  • Promote organization-wide security awareness. This will apply to in-house and outsourced teams, including employees working from home.

  • Train employees on how to protect against malware attacks like ransomware, spyware, scareware, adware, and keylogger. This will also cover anti-virus measures.

  • Organize periodic security awareness training to ensure employees adopt security practices. This will also ensure that all personnel are conversant with the latest security threat.

  • Provide real-world threat simulations to reinforce the importance of security awareness in the organization.

  • Establish organization-wide password security and management measures. This includes how often passwords are changed, password format, and the use of multi-factor authentication.

  • Train employees on how to respond to and report incidents.

  • Provide training on acceptable practices for personal and corporate devices, including removable media. Part of this training will cover how to disable autorun on PCs and ensure the IT team scans all removable devices before use.

  • Establish guidelines on social media use. This includes instructions on clicking links and responding to people pretending to be C-Level executives or other fake customer representatives.

  • Train employees on safe internet habits, such as differentiating between secure and unsecured websites, recognizing watering hole attacks, downloading from suspicious sites, and identifying spoofed domains.

  • Provide data management guidelines. This includes the approved storage locations for company data and how to handle data in motion.

  • Developing the Bring Your Own Device Policy (BYOD).

  • Establishing physical security measures such as clean desks and office hygiene. This also includes security measures against shoulder surfing, dumpster diving, eavesdropping, tailgating, etc.