Annual Security Awareness Training

This quick training covers the essentials for keeping our systems, data, and users secure — including phishing awareness, password best practices, and safe device use. At the end, you’ll take a short ungraded quiz to help reinforce the material. It’s not about passing or failing — just making sure the key points stick. Let’s get started!
Name
MM slash DD slash YYYY

Why Security Matters

Security protects company and customer data, ensures operations run smoothly, and supports regulatory compliance.

  • Safeguards sensitive information
  • Maintains business continuity
  • Ensures compliance with legal and contractual obligations

Acceptable Use

  • Use work systems responsibly—only for job tasks and approved tools—while avoiding unauthorized or risky activities.
  • ✅ Allowed:
  •  Job tasks, approved communication tools, limited personal use
  • 🚫 Not allowed:
  •  Unauthorized software, illegal or offensive content, bypassing security
  •  Connecting unapproved devices

Passwords & MFA

  •  Always use strong, unique passwords and enable Multi-Factor Authentication to protect accounts from unauthorized access.
  •  Multi-Factor Authentication (MFA) is mandatory for Microsoft 365, LMS admin
  •  Never share passwords or use shared accounts

Phishing & Social Engineering

Phishing signs:

  • Stay alert for phishing attempts and social engineering—hover, verify, and report anything suspicious to keep systems safe.
  •  Suspicious sender address
  •  Urgent requests or threats
  •  Unexpected links or attachments
  • ✅ Hover, verify, report
  • 📧 Report to: info@integritysafety.com

BYOD & Endpoint Security

  •  A BYOD (Bring Your Own Device) policy is a set of rules that allow employees to use their personal devices—such as smartphones, laptops, and tablets—for work purposes.
  •  Personal devices must be secured (antivirus, screen lock)
  •  Connect only to trusted Wi-Fi networks
  •  Use VPN when accessing internal systems remotely

Incident Reporting

Examples of incidents:

  • If you see or suspect something wrong—like lost devices or suspicious emails—report it right away to minimize risk.
  •  Lost/stolen devices
  •  Suspicious emails or behavior
  •  Unauthorized data access
  •  Report immediately to: info@integritysafety.com

Change Awareness

  • Be aware of system changes and updates; contact IT if something seems off or stops working correctly.
  •  Systems may be updated or changed (e.g., firewall, LMS settings)
  •  Contact IT if systems behave unexpectedly after a change

Vendor & Data Handling

  • Only use approved vendors and tools that protect data—never store company info on unapproved apps or platforms.
  • Don’t store company data in personal tools or apps
  • Contracts must include data protection terms

Quiz

It is acceptable to use the same password for both your work email and personal social media accounts.

You should always hover over a link before clicking it to check where it really goes.

If you receive a suspicious email, it’s best to delete it and ignore it rather than report it.

Multi-Factor Authentication (MFA) is required for accessing Microsoft 365 and administrative systems.

It’s okay to let a coworker use your login if they forgot their credentials and need access quickly.

Company data may be stored on personal cloud storage (e.g., Dropbox, Google Drive) if it’s for convenience.

You must report lost or stolen devices, even if it’s your personal (BYOD) phone.

Acceptable Use policies allow limited personal use of company systems, as long as it doesn’t interfere with work.

Simulated phishing tests are conducted quarterly to help train employees in spotting threats.

If you notice unexpected behavior after a system change, you should contact IT or your manager.

If you have any questions, review the answers below.

✅ Security Awareness Training – Quiz with Answers

It is acceptable to use the same password for both your work email and personal social media accounts.
Answer: ❌ False
Explanation: Reusing passwords creates risk. If one site is compromised, attackers can access multiple accounts. Always use strong, unique passwords.

You should always hover over a link before clicking it to check where it really goes.
Answer: ✅ True
Explanation: Hovering your mouse over a link shows the actual destination URL. This helps you spot phishing links pretending to be trusted sites.

If you receive a suspicious email, it’s best to delete it and ignore it.
Answer: ❌ False
Explanation: Suspicious emails must be reported (not just deleted). This allows IT or Security to protect others and investigate the threat.

Multi-Factor Authentication (MFA) is required for accessing Microsoft 365 and administrative systems.
Answer: ✅ True
Explanation: MFA is enforced to protect critical systems from unauthorized access, even if passwords are compromised.

It’s okay to let a coworker use your login if they forgot their credentials and need access quickly.
Answer: ❌ False
Explanation: Login credentials must never be shared. Shared accounts break accountability and violate company policy.

Company data may be stored on personal cloud storage (e.g., Dropbox, Google Drive) if it’s for convenience.
Answer: ❌ False
Explanation: Company data must only be stored on approved platforms to ensure security and compliance. Personal tools lack necessary controls.

You must report lost or stolen devices, even if it’s your personal (BYOD) phone.
Answer: ✅ True
Explanation: Personal devices with company data or system access must be reported if lost to allow remote wiping or risk mitigation.

Acceptable Use policies allow limited personal use of company systems, as long as it doesn’t interfere with work.
Answer: ✅ True
Explanation: Responsible personal use is permitted if it doesn’t impact productivity or violate any rules (e.g., inappropriate content).

Simulated phishing tests are conducted quarterly to help train employees in spotting threats.
Answer: ✅ True
Explanation: Simulations help improve awareness and are followed by training if needed. They’re educational, not disciplinary.

If you notice unexpected behavior after a system change, you should contact IT or your manager.
Answer: ✅ True
Explanation: Changes to systems (like firewalls or updates) can cause issues. Reporting odd behavior helps ensure stability and security.

Clear Signature