Cybersecurity Awareness Training
Welcome
3%
🎱
Ciel HR Cybersecurity Training
Please enter your details to begin
Your details are recorded for Ciel HR compliance tracking only.
🔊 AUDIO NARRATION
Audio plays automatically on each slide.
🛡 Mandatory Training Module
Cybersecurity
Awareness Training
Protect yourself, your colleagues, and Ciel HR from cyber threats. 7 modules + mandatory 15-question assessment.
39
Slides
7
Modules
15
Quiz Qs
~30min
Duration
Course Modules
  • 📧 Module 1 — Phishing & Email Safety
  • 🔒 Module 2 — Password Security
  • 🧠 Module 3 — Social Engineering
  • 💻 Module 4 — Safe Device Use & Trusted Networks
  • 🦠 Module 5 — Malware & Spyware
  • 🦜 Module 6 — PII Data Handling
  • Module 7 — Data Privacy & Cloud Storage
📧
Module 1 of 7
Phishing & Email Safety
Phishing is the #1 entry point for cyberattacks. One click on a malicious link can expose Ciel HR payroll and client data.
WHAT YOU WILL LEARN
✓ What phishing is and how it works
✓ Red flags to identify suspicious emails, SMS and calls
✓ How to respond to a phishing attempt
✓ Real-world scenario practice
Module 1 — Phishing & Email Safety
What is Phishing?
Phishing is a cyberattack where criminals impersonate a trusted person or organisation — such as your IT helpdesk, payroll team, or senior leadership — to trick you into revealing passwords, OTPs, or bank details. The attacker builds trust first, then exploits it.
Email Phishing
Fake emails from IT or HR asking you to click links or share credentials.
Smishing
SMS phishing — fake texts about salary holds or account locks with malicious links.
Vishing
Voice call phishing — caller impersonates IT and asks for OTPs or passwords.
Spear Phishing
Targeted attack using your name, role, or recent context to seem believable.
Golden rule: Legitimate IT and HR will NEVER ask you to verify your password via email or phone.
Module 1 — Email Phishing
Email Phishing — How it works
You receive an email from "it-helpdesk@cielhr-support.com" saying your account will be suspended in 24 hours. The link leads to a fake login page that steals your password.
  • 🔍 Sender domain slightly different from the real one — cielhr-support.com vs cielhr.com
  • Urgent or threatening language — "suspended in 24 hours"
  • 👓 Generic greeting — "Dear Employee" instead of your name
  • 📎 Unexpected attachments you didn't request
  • 🔗 Hover shows a different URL than what's displayed
⚠ Always hover over links before clicking. Legitimate IT/HR will NEVER ask you to verify your password via email.
Module 1 — Smishing (SMS Phishing)
Smishing — Phishing via SMS
Attackers impersonate banks, HR teams, delivery services, or government agencies via SMS to trick you into clicking a link or sharing details.
📱 SMS from unknown number:

"Ciel HR Payroll: Your salary disbursement is on hold. Update your bank details within 2 hours: http://cielhr-pay.net/update" — the link collects your account number.
  • Warning signs: Unknown or spoofed numbers, urgency about salary or OTPs, short links hiding the real URL
  • Requests for financial info via a link, poor grammar or unusual phrasing
⚠ Your HR/Payroll team will NEVER ask for bank details via SMS. Call the official number to confirm.
Module 1 — Vishing (Voice Phishing)
Vishing — Phishing by Phone
A caller pretends to be IT helpdesk, your manager, a bank, or a government official to extract confidential information like passwords, OTPs, or employee IDs over the phone.
📞 Example call:

"Hi, this is Ravi from IT. We detected a breach on your system. Can you confirm your employee ID and the OTP sent to your phone right now?" — sharing the OTP gives full account access.
  • Warning signs: Unexpected call claiming urgency, asks for OTP/password/PIN, pressures you to act immediately
  • Discourages calling back on official channels, background noise of call centres
⚠ Hang up and call back on the official IT/HR number listed on the intranet. Never share OTPs over the phone — to anyone.
Module 1 — Spear Phishing
Spear Phishing — Targeted Attacks
A highly targeted attack using your name, job title, team, or recent context to make the message seem personal and legitimate. Far harder to detect than generic phishing.
📧 Example email:

"Hi Priya, it's Ankit from Finance. Following up on Tuesday's Q3 discussion — please urgently transfer ₹1.2L to the new vendor account below. The MD approved verbally." — Ankit's email is spoofed; no such meeting took place.
  • Warning signs: Uses your real name or recent context, impersonates senior leadership, urgent financial request
  • Slightly altered email domain, discourages verification: "just do it quickly"
⚠ Always verify financial requests through a separate channel (phone/in-person) — even if the email looks exactly right.
Module 1 — Phishing & Email Safety
How to spot a phishing email
  • 🔍 Check the actual sender address — "IT Support <it@ciel-helpdesk.net>" is NOT Ciel HR.
  • 🔗 Hover over links before clicking to see the real destination URL.
  • Urgency is a red flag — "Account suspended in 2 hours!" bypasses your judgment.
  • 📎 Never open unexpected attachments, even from known contacts.
  • 📝 Look for spelling errors and generic greetings like "Dear User".
  • 📞 When in doubt, call the sender on a known number to verify.
💡 IT and HR will NEVER ask for your password via email or phone. Ever.
Module 1 — Scenario
What would you do?
From: it-support@ciel-hr-helpdesk.net
Subject: 🚨 Urgent: Verify your Ciel HR login NOW or access suspended
Dear Employee, unusual activity detected. Click below within 2 hours or your access will be locked.
https://ciel-hr-login-verify.xyz/confirm
What should you do?
◯ Click the link immediately — account security is urgent
◯ Forward to a colleague to check
◯ Do not click — report to IT via official channels and delete
◯ Reply asking for more information
🔒
Module 2 of 7
Password Security
Weak or reused passwords are among the most common causes of data breaches. Your credentials are the gateway to Ciel HR systems and payroll data.
WHAT YOU WILL LEARN
✓ What makes a password strong
✓ Best practices for managing passwords
✓ The importance of two-factor authentication
Module 2 — Password Security
Creating & Protecting Strong Passwords
DO ✓
  • Minimum 12 characters — uppercase, lowercase, numbers, and symbols
  • 📱 Use a password manager (Bitwarden, 1Password) — generate & store unique passwords
  • 📱 Enable 2FA on all Ciel HR accounts — a stolen password alone won't be enough
DON'T ✗
  • Never share your password — not with your manager, not IT support
  • Never reuse passwords across accounts
  • Never write passwords on sticky notes or plain text files
🔑 Strong example: Ciel@Secure#W0rk!  |  Passphrase: Mango$Blue!Rain9Tree
🔬 Live password strength checker:
Enter a password above
🧠
Module 3 of 7
Social Engineering
Social engineering exploits human psychology — not technology. Attackers manipulate using trust, authority, urgency, and fear.
WHAT YOU WILL LEARN
✓ Common social engineering tactics
✓ How to recognise manipulation attempts
✓ How to respond to suspicious calls
Module 3 — Social Engineering
Manipulation tactics attackers use
Social engineering targets human psychology rather than technical systems. Attackers exploit trust, curiosity, urgency, or fear to trick employees into revealing information or granting access.
Pretexting
Fabricating a false scenario — posing as an auditor to extract credentials.
Baiting
Leaving infected USB drives in the office hoping someone plugs them in.
Vishing
Phone call impersonating IT support, asking for passwords or OTPs.
Tailgating
Physically following authorised staff through secured doors.
🧠 Attackers create urgency to make you act before thinking. Slow down. Verify first.
Module 3 — Pretexting
Pretexting — False Scenarios
The attacker fabricates a convincing false scenario to establish trust and manipulate you into revealing confidential information or granting access.
📞 Example:

"I'm from the internal audit team conducting a compliance check. I'll need your login credentials to verify system access records." — No such audit is happening; they are harvesting credentials.
  • Always verify identity through official channels before sharing any information
  • Legitimate auditors use formal documented processes — not surprise phone calls
  • When in doubt, escalate to your manager
⚠ Attackers create urgency to make you act before thinking. Slow down. Verify first.
Module 3 — Baiting
Baiting — Curiosity as a Weapon
Attackers leave infected physical media (USB drives, CDs) or tempting online downloads in places where targets will find them — banking on natural curiosity to trigger the infection.
💾 Example:

A USB drive labelled "Salary Hike List Q3 2025" is found in the office car park. An employee plugs it in out of curiosity — it silently installs malware that gives attackers remote access to the company network.
  • Never plug in unknown USB drives or devices — report them to IT immediately
  • Avoid downloading files from unofficial or unknown sources
  • If you find a stray drive, hand it to IT — do not use it
⚠ Curiosity is the bait. If you didn't expect it, don't plug it in.
Module 3 — Tailgating
Tailgating — Physical Security
An unauthorised person closely follows an authorised employee through a secured door, exploiting politeness and social norms so people don't challenge them.
🚪 Example:

An unknown person in business attire approaches the server room carrying boxes: "Could you hold the door? My hands are full." The employee holds the door — the attacker gains access to a restricted area without a badge.
  • Always let the door close and require everyone to badge in separately
  • Politely challenge unrecognised people in restricted areas
  • Report suspicious individuals to security immediately
⚠ Being polite is not a reason to bypass security. Every person must badge in independently.
Module 3 — Scenario
Vishing call — what do you do?
📞 Incoming call from unknown number

"Hi, I am Rajesh from Ciel HR IT team. We detected a login from an unknown device. I need your current password and the OTP on your phone to secure it. We have 10 minutes."
What should you do?
◯ Share the password and OTP — IT needs it urgently
◯ Refuse, hang up, and report to your manager and IT
◯ Share only the OTP, not the password
◯ Ask them to send the request by email first
💻
Module 4 of 7
Safe Device Use & Trusted Networks
Your work device is a gateway into Ciel HR systems. Every action either strengthens or weakens the organisation security.
WHAT YOU WILL LEARN
✓ Safe habits when using work devices
✓ What makes a network trusted for work
✓ What to do if your device is lost or stolen
Module 4 — Safe Device Use & Trusted Networks
Safe device & network habits
  • 🔒 Lock your screen every time you step away — Win+L or Cmd+Ctrl+Q
  • 🚫 Only install IT-approved software — unauthorised apps can contain hidden malware
  • 🚫 Never plug in unknown USB drives — they can silently install malware
  • 📸 Use only trusted networks — Ciel HR office network, your home network, or personal hotspot
  • 🚫 Avoid public Wi-Fi — coffee shops, airports, and hotels are high-risk for work tasks
  • 🔄 Keep devices updated — run software updates when prompted; delayed updates leave doors open for attackers
  • 🚫 Do not forward work emails to personal accounts or use personal devices for work
⚠ Device lost or stolen? Report to IT immediately for remote wipe — every minute counts.
Module 4 — Device Lost or Stolen
Device Lost or Stolen — Act Fast
A lost or stolen work device is a live data breach. Every minute of delay increases the risk to Ciel HR employee records, payroll data, and client contracts.
1
Report to IT Immediately
Call the IT helpdesk the moment you realise the device is lost. Do not wait to search — time is critical.
2
Remote Wipe — Authorise It
IT will remotely erase all data. Agree immediately. Data stored only locally will be lost permanently — this is why cloud storage is mandatory.
3
Change All Passwords Now
Change your Ciel HR portal, email, and VPN passwords from another device immediately. Enable 2FA if not already active.
4
File a Police Report
For stolen devices, file a police report and share the reference number with IT. This creates an audit trail for insurance and regulatory purposes.
⚠ Silence is the real risk. Reporting quickly limits damage.
🦠
Module 5 of 7
Malware & Spyware
Malicious software can silently steal data, encrypt your files, or spy on everything you type — all without your knowledge.
WHAT YOU WILL LEARN
✓ What malware is and the main types
✓ What spyware does and how it gets installed
✓ Warning signs your device may be infected
Module 5 — Malware & Spyware
What is Malware?
Malware is any program secretly designed to damage, disrupt, or gain unauthorised access to your device or organisation's systems.
Virus
Attaches to files and spreads when opened. Can corrupt or delete data.
Ransomware
Encrypts all your files and demands payment. Ciel HR data could be held hostage.
Trojan
Disguised as legitimate software but secretly installs malware.
Worm
Spreads automatically across a network — one infected machine can compromise all.
⚠ Regular cloud backups to Google Drive are your strongest protection against ransomware.
Module 5 — Virus
Virus — Spreads Through Files
Malicious code that attaches itself to legitimate files and spreads when those files are opened or shared. A virus can corrupt, delete, or encrypt data and replicate across connected systems.
📄 Example:

A colleague emails you "Q3_Review_Final.docx". You open it — it prompts you to "Enable Macros." Doing so runs a virus that deletes local files and spreads itself to everyone in your contacts.
  • Never enable macros in unexpected files
  • Scan all downloads with approved antivirus before opening
  • Avoid opening email attachments from unknown senders
⚠ Regular cloud backups are the best defence against data loss. Back up to SharePoint daily.
Module 5 — Ransomware
Ransomware — Files Held Hostage
Ransomware encrypts all files on an infected device or network, making them completely inaccessible. Attackers demand payment — often in cryptocurrency — to provide the decryption key.
🔒 Example:

An employee opens a phishing email attachment. Within minutes, files across the office network are encrypted. A message appears: "Your files are locked. Pay ₹50,00,000 in Bitcoin within 48 hours."
  • Back up all critical data to Google Drive regularly
  • Never click unknown email attachments
  • Disconnect infected devices from the network immediately and alert IT
  • Do not pay the ransom — contact IT and management first
Module 5 — Trojan
Trojan — Hidden Backdoor
Malware disguised as legitimate, useful software. Unlike viruses, Trojans don't self-replicate — but once installed, they open a backdoor that attackers use to steal data or take remote control.
📄 Example:

You download a free PDF editor from a third-party site. It installs as expected but silently also installs a remote access tool. Attackers now have full access to your system and can view all open documents.
  • Only install IT-approved software from official sources
  • Never install software shared via email or messaging apps
  • Report any unexpected software or slow performance to IT
⚠ If IT didn't approve it, don't install it. Unverified software is the #1 entry point for Trojans.
Module 5 — Worm
Worm — Self-Spreading Malware
A self-replicating malware that spreads automatically across networks without any user action. Unlike viruses, worms don't need to attach to a file — one infected machine can rapidly compromise an entire network.
🔁 Example:

One employee's laptop gets infected via a phishing link. Within hours, the worm has silently copied itself to every computer on the same Wi-Fi network, exfiltrating employee data from all connected machines.
  • Keep all devices patched and updated — worms exploit known vulnerabilities
  • Isolate infected machines from the network immediately
  • Alert IT immediately if your device behaves unusually — do not wait
Module 5 — Malware & Spyware
What is Spyware?
Spyware secretly monitors everything you do on your device — recording every keystroke, capturing screenshots, harvesting saved passwords — and silently sends this data to attackers without any visible signs.
Keylogger
Records every key you press — capturing passwords and confidential messages.
Adware
Tracks browsing and redirects to fake login pages.
Stalkerware
Accesses camera and microphone — used in targeted corporate espionage.
Browser Hijacker
Changes browser settings and steals login session cookies.
  • Warning signs: device suddenly slow, unknown programs, browser redirects
  • Never install software from unverified sources — report unusual behaviour to IT immediately
Module 5 — Keylogger
Keylogger — Every Keystroke Recorded
Spyware that secretly records every keystroke you type — capturing passwords, OTPs, confidential messages, and banking details — and silently sends this data to the attacker.
⌨ Example:

An employee types their banking credentials on a work laptop infected with a keylogger. The attacker captures the username, password, and OTP in real time and drains the bank account before the employee realises.
  • Never install unverified software — keyloggers often come bundled with downloads
  • Use a password manager so you type passwords less often
  • Enable MFA so a captured password alone isn't enough
Module 5 — Adware
Adware — Browser Redirects & Credential Theft
Software that secretly tracks your browsing behaviour and displays unsolicited ads — or redirects you to fake login pages and phishing sites — to steal credentials.
🌐 Example:

After installing a "free" browser extension, your searches redirect to unfamiliar sites. One redirect leads to a convincing fake Microsoft 365 login — entering your credentials hands them directly to an attacker.
  • Only install IT-approved browser extensions
  • Be wary of any browser that starts redirecting searches unexpectedly
  • Report unusual pop-ups or redirects to IT immediately
Module 5 — Stalkerware
Stalkerware — Camera & Mic Espionage
A covert type of spyware that accesses your device's camera, microphone, and location without consent. In corporate settings, it is used for targeted espionage.
📸 Example:

An attacker gains access to a senior manager's laptop via a malicious email attachment. Stalkerware silently activates the laptop's microphone during a confidential board call — recording strategy discussions.
  • Cover your webcam when not in use
  • Watch for the camera indicator light turning on unexpectedly
  • Report to IT if your device behaves strangely during confidential meetings
Module 5 — Browser Hijacker
Browser Hijacker — Session Cookie Theft
Malware that takes control of your browser — changing your homepage, default search engine, and redirecting to malicious sites. It also steals login session cookies to access your accounts without needing your password.
🌐 Example:

After downloading a free tool, your browser homepage changes. In the background, the hijacker has stolen your Outlook session cookie — giving attackers access to your email without your password.
  • Only install browser extensions from the official IT-approved list
  • If your browser settings change unexpectedly, alert IT immediately
  • Clear browser cache and cookies regularly
⚠ Unexpected browser changes = possible hijack. Alert IT immediately and do not use the browser until cleared.
🦜
Module 6 of 7
PII Data Handling
Personally Identifiable Information is the most sensitive data Ciel HR manages. Every employee who handles it carries a legal and ethical responsibility.
WHAT YOU WILL LEARN
✓ What PII is and why it needs protection
✓ Rules for handling, sharing, and storing PII
✓ India DPDP Act 2023 obligations
Module 6 — PII Data Handling
What is PII & how to protect it
PII is any data that can identify a specific individual. At Ciel HR: Aadhaar, PAN, bank details, salaries, health records, and client contracts.
  • 🚫 Never share PII over WhatsApp, personal Gmail, or SMS — use only Ciel HR-approved channels
  • 👀 Least privilege — only access PII you are explicitly authorised to view
  • 🚫 Shred or securely delete printed documents containing personal data
  • 👀 Screen awareness — be mindful of who can see your screen in open areas
  • DPDP Act 2023 — violations can result in penalties up to ₹250 crore
  • Report suspected mishandling immediately to IT and your manager
⌛ Ciel HR must report breaches to the Data Protection Board within 72 hours under DPDP Act 2023.
Module 6 — PII Breach Scenarios
PII Breach — Real Scenarios & Consequences
PII breaches happen through careless sharing, weak access controls, and insecure storage — not just hacking.
📤 Scenario 1 — Wrong Recipient
What: Deepa emails a salary revision sheet to the entire department mailing list by mistake.
Rule: Always double-check recipients. Never email PII without encryption.
💬 Scenario 2 — WhatsApp PII Sharing
What: Rajan sends a new joiner's Aadhaar scan and bank details to the HR WhatsApp group for quick onboarding.
Rule: Never share Aadhaar, PAN, or bank details over WhatsApp, SMS, or personal email. Use the approved HR system.
📁 Scenario 3 — Unlocked Screen
What: Meena steps away without locking her screen. A visitor photographs her open payroll spreadsheet.
Rule: Lock your screen every time you step away (Win+L or Cmd+Ctrl+Q).
Module 7 of 7
Data Privacy & Cloud Storage
All Ciel HR work data must be saved to approved cloud storage — not on your local laptop. Local storage is unencrypted, unauditable, and permanently lost if the device is wiped.
WHAT YOU WILL LEARN
✓ Why local laptop storage is risky
✓ Approved cloud storage tools at Ciel HR
✓ Data retention and deletion policies
Module 7 — Data Privacy & Cloud Storage
Save to cloud — never just on your laptop
Never store here
Local C: drive, personal Google Drive, personal iCloud, WhatsApp, personal email
Always save here
Google Drive (GWS), Ciel HR Drive, approved Google Workspace
  • Save all work files to approved cloud immediately — not just at end of day
  • Do not keep the only copy on your laptop — devices can be lost, stolen, or wiped
  • 🔒 Cloud files are encrypted, backed up, and auditable — local files are none of these
  • 🗑 Follow data retention policy — delete files once no longer needed
  • 🚫 Do not share cloud links externally without explicit authorisation
⚠ If your laptop is remotely wiped, all data stored only locally is permanently lost.
Incident Response Protocol
What to do when something goes wrong
1
Stop Immediately
Stop all related activity at once if you suspect a breach.
2
Report to IT & Your Manager
Contact IT helpdesk and your direct manager immediately. Do not investigate yourself.
3
Preserve Evidence
Do not delete emails or logs. Screenshot what you saw.
4
Cooperate Fully
Reporting promptly is a sign of responsibility. You will not face negative consequences for honest timely reporting.
🛡 Silence is the real risk. Reporting quickly limits damage. You are always safe to report.
Summary — Your Cybersecurity Checklist
Everything you must do at Ciel HR
  • Report suspicious emails to IT — never click first
  • Use 12+ character passwords and enable 2FA on all work accounts
  • Never share your password with anyone, including IT staff
  • Verify callers before sharing any information
  • Lock your screen whenever you step away
  • Use only trusted networks for work tasks
  • Never install unauthorised software or plug in unknown USB drives
  • Only access PII you are authorised to view — least privilege always
  • Save all work files to approved cloud — never just on your laptop
  • Report all suspected incidents immediately to IT and your manager
🛡 Think before you click. Verify before you share. Save to cloud. Report before you regret.
📋
Mandatory Assessment
15 questions across all 7 modules. Score 80% or above (12/15) to pass.
15
Questions
80%
Pass mark
~10min
Duration
Loading question...
Loading results...
1 / 39