Unrivaled Cyber Security Awareness Training for Employees

High quality, interactive, engaging cyber awareness courses combined with easy-to-implement phishing training equips employees with the knowledge and security skills they need to be cyber secure.


Security Awareness Training Platform

Our comprehensive platform provides a full suite of services that ensures the success of your security awareness program.


Transformative Security Awareness Training

Drive real behavior and culture change using our powerful Brief, Frequent, Focused learning system combined with our compelling, relevant, and impactful security awareness training. Each security awareness training lesson includes serious games and innovative interactions that equip your employees with the knowledge and cyber skills they need to protect themselves and your organization from cyber threats, phishing attacks and ransomware — as well as their own cyber mistakes.


Image of Security Mentor Security Awareness Training on computer monitor
Campaign Report for PhishDefense Phishing Test

PhishDefense Phishing Training

Send phishing tests and identify vulnerable employees susceptible to phishing attacks using the PhishDefense phishing simulator; then provide real-time phishing training that turns employees' security mistakes into learning experiences. Effortlessly deploy phishing campaigns using our simple, intuitive interface and simulate phishing, spear phishing, ransomware and BEC attacks. Use our pre-built phishing templates, or create your own custom phishing templates. Easily track employee behavior, and analyze vulnerability and compliance with powerful dashboard reports.



Security Policy Tracking & Compliance

Quickly upload your organization's security policies to our Security Policy Tracking & Compliance Service, then track reading and acceptance of security policies by employees, then view compliance reports online or download for your records. Automatically notify employees by email as soon as a new security policy is available to ensure policies don't go unnoticed.


Security Mentor Policy Tracking & Compliance interface
Security Mentor posters

Engage with Security Awareness Materials

Incorporate our high quality, graphical security awareness materials into your employee education program to reinforce cybersecurity messages and enhance retention. Grab employee attention, focus your cybersecurity message, and spread the word with these fun outreach materials.


Graphic element 1

How Can You Get Your Employees to Be Cyber Secure?

Take a quick tour of Security Mentor’s unrivaled security awareness training lessons and learn about our pioneering Brief, Frequent, Focused™ training model. Discover how you can help your employees to become cyber secure. Now imagine that employees want to take training, even thank you for it.

Graphic element 3

Testimonials & Clients

You could take our word that our customers and their employees love Security Mentor Training, or that you’ll see a reduction in risky behaviors by employees, but we think you’d rather hear what our customers themselves have to say.

top graphic element
Woman taking Security Mentor security awareness training lesson on laptop

Security Awareness Training that Makes a Difference

Isn’t all security awareness training alike? If I do phishing simulation, isn’t that enough? Reasonable questions, for sure, but the answer to both is NO. The success of your cyber security awareness program will determine if your employees understand information security and their ability to prevent security incidents. If training is boring, hard to understand, or not interactive, you’ve lost the battle. Learn why training is most successful when frequently given in small bites of sticky, targeted information that are reinforced over time.


Bottom graphic element
Green background

Security Awareness Blog

Security Mentor CEO and Co-Founder Wins for Security Awareness Training Innovation in 10th Annual Global InfoSec Awards at RSA Conference 2022.
Security Mentor Security Awareness Training and PhishDefense Phishing Simulation products recognized as industry best for cybersecurity education.
Are you planning your first vacation since the pandemic started -- maybe for spring break or a summer vacation? In Part I of our vacation security blog, we cover 10 cyber security actions to take before you travel or go on vacation. Follow these cybersecurity travel tips to protect not only yourself, but for your spouse and children.
In this blog, we outline seven key actions that CISOs should take to protect their organizations from supply chain cybersecurity risks.
Significant, easy cybersecurity steps CISOs can take with their staff that will immediately improve overall cyber posture, create a positive business culture, and enhance employee attitudes.
The holiday cybercrime season is in full force. Our latest security awareness blog gives 6 tips to avoid holiday scams and prevent cyber criminals from spoiling your holidays.
Cyber Security Awareness Questions? We have Answers.
Why should you consider the human factor in your cybersecurity program?

The human factor in cybersecurity refers to the impact that an organization's employees, contractors, and third parties have on the cybersecurity of the organization, its information systems, and data. Although an organization's people are its greatest asset, they also can be one of the most significant vulnerabilities. Some common employee cyber errors include clicking on phishing links or opening malicious email attachments, sharing passwords, losing mobile devices, and putting sensitive information in the cloud. The best protection against human error is an effective cyber awareness program.

What is the greatest cause of data breaches?

The human factor, or people, are the greatest cause of data breaches. The human element was involved in 85% of all breaches, according to the 2021 Data Breach Investigations Report (DBIR) from Verizon.

How can you get employees to care about cybersecurity?

Before people can protect against cyber threats, or prevent their own cyber security mistakes, they must understand what the dangers are, why they matter, and what they can do to protect against cyberattacks and cyber security incidents. Cyber awareness training is the best way to teach employees about information security best practices, how cyber attacks happen, the consequences of human error, and to provide employees with the critical cyber security skills necessary to protect your organization and be cyber secure, both at work and at home.

What are 7 best practices for a security awareness program for employees?
  1. Get buy-in from executive management and their active participation in your cyber awareness program; it is key to the program's success
  2. Appoint a skilled, energetic, and effective training program manager
  3. Layout objectives and goals for your program
  4. Provide regular security awareness training that is both effective and focuses on the learner
  5. Create a culture of security so that employees can freely ask questions, as well as report incidents and mistakes
  6. Utilize multiple forms of awareness outreach in addition to training
  7. Ask employees for training feedback and incorporate their suggestions
What are the different types of cyber security training for employees?

There are five types of cyber security education given to employees:

  1. Security Awareness Training. Teaches general cyber security principles to all employees. You'll see this type of employee security training called by many other names, including cyber awareness training, cyber security awareness training, employee cybersecurity training and information security awareness training.
  2. Phishing Training. Focuses solely on teaching employees about phishing and how to avoid phishing attacks.
  3. Role-based Security Awareness Training. Targeted training that focuses on a specific job or role that an employee has; for example, system administration, management, or customer service.
  4. Information Security Training, also known as IT Security Training or Infosec Training. Designed to teach security staff, engineers and developers about technical aspects of cybersecurity, covering topics like secure coding practices, cyber attacks against infrastructure, and common vulnerabilities in technology.
  5. Information Assurance (IA) Training. IA Training is cyber security training provided to government and military staff and contractors. The primary focus of IA Training is the protection of information, software and hardware.
What are the top characteristics of effective security awareness training?
  • Robust, relevant material covering key cyber security topics
  • Use of games and other forms of interactive training
  • High quality, engaging content
  • Teaching of cyber skills, not just awareness
  • High employee satisfaction
  • High employee participation
What are 10 topics that should be covered in a security awareness program?
  1. Phishing and email security
  2. Social media / social networking
  3. Mobile security
  4. Information protection
  5. Incident reporting
  6. Password security and password management
  7. Social engineering
  8. Insider threat
  9. Cloud security
  10. Office security and clean desk policies

An extra 11th topic is remote work security, which is an essential training if employees work remotely or are in hybrid office environments.

How often should cyber awareness training be given to employees?

Training should be provided frequently so that it reinforces learning, and cybersecurity training is no exception. Employees should receive cyber awareness training on a regular basis. Brief training delivered monthly is an ideal balance between keeping cybersecurity top-of-mind, and having a minimal impact on employees' work productivity.

Where can I find information and resources for eLearning and employee training?

We've compiled a short list of some of the best web resources for eLearning and employee training. These websites provide information and resources on learning strategies and skills, eLearning theory, industry trends, workforce training, as well as new ideas for eLearning content and programs.

Learning Guild (formerly the eLearning Guild), eLearning Industry and eLearning Learning are all respected eLearning websites offering a wide array of resources, including thought leadership, white papers, eBooks, blogs, webinars, and podcasts. ATD (Association for Talent Development) is a professional organization for furthering skills in training and development. Training magazine and Chief Learning Officer are multimedia platforms providing resources aimed at training professionals and on the benefits of a properly trained workforce. Finally, the Harvard Business Review provides a wealth of information on business and management topics, including on eLearning, psychology, and marketing.

What are cyber security terms?

Cyber security terms, also referred to as cybersecurity terms, are words or phrases that specifically relate to the field cyber security, also referred to as cybersecurity.

What is phishing training?

There are two complimentary but different types of phishing training (also known as phishing awareness training.) The first and most common type of phishing training, called phishing testing, uses a phishing simulator to teach employees not to click on phishing links or open malicious attachments by running simulated phishing campaigns. Brief follow-up training is given to employees who fall for the attack. The second type of phishing training is a phishing awareness course, which provides much deeper training on what phishing is, the phishing tactics that phishers employ to manipulate their targets, and techniques on how to identify and avoid phishing scams. After completing a phishing awareness course, employees are better prepared to handle both current and evolving future phishing scams.

Why are phishing tests a crucial part of cyber security training?

Phishing has become the preferred type of cyber attack for hackers to compromise public and private sector organizations, as well as individuals. Even with the sophisticated phishing protection software and systems that organizations deploy, phishing attacks still get through. This trend has only accelerated as more employees work remotely or in hybrid office environments where organizations have even less control over employee behavior. Therefore, it is essential to teach employees to defend themselves and their organizations against phishing, by learning how to identify, and not fall victim to, phishing attacks. This is exactly what a phishing test is designed to do.

What is a phishing simulator?

A phishing simulator is an anti-phishing software or service that is used by organizations to measure the vulnerability of their staff to phishing scams by running simulated phishing campaigns. A phishing simulation mimics a real phishing attack by sending phishing tests to employees. The purpose of phishing simulations is to teach employees how to spot a phishing message and not fall victim to a real phishing attack. Most vendors offering phishing simulation services offer the following capabilities:

  • A pre-built catalog of phishing templates or the ability to create your own phishing templates
  • Ability to send phishing emails to the entire organization, or to target a specific group or individual
  • Track employees' interactions with phishing tests, including phishing email opens, clicks and replies, phishing attachment opens, and web form fills
  • Provide vulnerable employees, those that fall for phishing tests, with immediate, real-time training related to the specific attack
  • A dashboard with phishing reports that graphically represent current and historical phishing campaign statistics
Where can I find resources on cybersecurity?

Cybersecurity frameworks, standards and controls help organizations manage risk; some well-known and trusted sources include: ISO 27001, System and Organization Controls (SOC), NIST Cybersecurity Framework, and CIS controls, and COBIT. The OWASP Top Ten provides guidance to organizations and developers on web application security.

What is an information security policy?

An information security policy, or cybersecurity policy, is a policy that sets out the requirements for protecting information in an organization, including the types of information and systems that need to be protected and the ways in which they are protected. Information security policies may apply to people, processes, or systems; policies also may be organization-wide, or apply only to a specific subset. Various governmental regulations and industry standards require organizations to have information security policies, both in place and in practice, as part of compliance.

Where can I find statistics and trends for cybersecurity and cyber awareness?

Security Mentor aggregates current cybersecurity statistics and trends on the human factor, data breaches, cybercrime, phishing, remote work, ransomware, passwords, insider threats, the COVID-19 pandemic, and much more. We also aggregate statistics and trends by industry vertical including, Financial Services, Healthcare, and Energy & Utilities. To see our report, go to Security Awareness Training Statistics & Trends: 2020-2021 Edition.

What are security awareness materials?

Security awareness materials are designed to raise the awareness of and remind employees about common cyber threats and how to protect against them. Cyber security awareness materials often address topics like phishing, password security, office security, lost or stolen mobile devices, and the exposure of sensitive information. Awareness materials also provide a different media for training that may be effective at reaching employees who are visual learners. Finally, alternate forms of training are required for some regulatory compliance, for example PCI DSS, which requires multiple forms of security awareness and training.

What are common types of security awareness materials?

Common types of cyber awareness materials include posters, newsletters, cartoons, wallpapers for operating systems (also known as desktop wallpaper or desktop backgrounds), screen savers, even swag like clothing and mugs. Awareness materials can be recurring such as newsletters and posters, or a giveaway for a special event such as part of Cyber Security Awareness Month.