Offer tailored cyber security training to your employees - ITSAP.10.093

One of the Cyber Centre’s top 10 IT security actions is to provide cyber security training that is tailored to your organization’s specific business needs and security requirements. By providing tailored training to all personnel (i.e. employees, contractors, managers, and executives), you can increase awareness of cyber security issues that your organization faces. When all personnel have a greater awareness of cyber security, your organization can reduce its risks. Training creates a positive cyber security culture for personnel to feel supported and equipped with the right tools to carry out their job functions.

Develop in-house training

If you have the resources and the expertise available, make in house training opportunities available to all personnel. You should coordinate training activities with your IT and security teams to ensure topics are covered appropriately.

Types of training to offer

  • Basic cyber security training for new and existing personnel to review policies, procedures, and current threats.
  • Computer-based training that personnel can take from their desks to refresh their understanding of key cyber security topics.
  • Role-based training for specific job functions (e.g. system administrators or developers).

For all types of training, consider incorporating practical exercises, such as learning to spot phishing emails or reviewing your incident response process.

Topics to cover

Proper training is one of your first lines of defence against cyber threats. Training ensures that employees know what their specific roles and responsibilities are and why they are being asked to follow best practices. So what topics should you cover? Some examples include:

  • Identifying and handling phishing attempts
  • Strengthening passwords
  • Updating and patching systems
  • Securing IT assets and sensitive information
  • Reporting incidents

Including case studies or examples of publicly known cyber security incidents can help demonstrate vulnerabilities, threat actor techniques, and mitigation measures.

Look for external training

If you don’t have the resources to provide in-house training, you can look outside of your organization for training.

The Cyber Centre Learning hub offers in‑class and online learning programs for various audiences, as well as customized programs. These activities and programs are offered primarily to the Government of Canada (GC) and our domestic partners; however, other government organizations and industry partners who work with GC departments may also participate.


Learn more

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: