10 free cybersecurity awareness training courses you can take today

As cyber threats become more and more sophisticated and harmful, there is a greater need than ever for companies of all sizes to focus on cybersecurity and strengthen their layers of protection. One effective way companies can do this is by encouraging their employees to become active security advocates. How? Through effective cybersecurity awareness training, of course.

It need not be expensive, either. A number of organizations offer free cybersecurity awareness training courses. Here are ten we’ve found that will help businesses and employees understand as well as report security threats and breaches.

Amazon’s fun cybersecurity awareness training for all

As part of Cybersecurity Awareness Month, Amazon today announced that it will make the same cybersecurity awareness training materials that the company uses for employees available free of charge to businesses and individuals around the world. The training was made accessible starting Oct. 26.

It helps users identify the most common social exploits for businesses and individuals, and covers secure communication, phishing, social engineering, physical security, and data privacy, among other topics. It will be available for businesses and organizations to integrate into their own learning management systems (LMS), and for individuals and small businesses without an LMS, the training is also hosted by Amazon on its microsite and can be completed there.

IBM’s IT Fundamentals for Cybersecurity Specialization course 

Offered by IBM and hosted by Coursera, this specialization includes four modules encompassing system administration, cybersecurity tools, operating system and database vulnerabilities, types of cyberattacks, and network security.

The instructors are architects, Security Operation Center (SOC) analysts, and distinguished engineers, all of whom work with cybersecurity in their day-to-day lives at IBM. They will share the skills that they use to secure IBM and its clients’ systems, the company noted.

Those who enroll in the paid version of the course get access to all of the modules in the Specialization, and also earn a certificate when they complete the work. Those who only want to read and view the course content can audit it for free. IBM also has financial assistance available for those who want to earn a certificate but can’t afford the fee.

Cybersecurity awareness with training from ESET security experts

ESET, a Slovak internet security company that offers anti-virus and firewall products, offers a free cybersecurity awareness training course that presents employees with a comprehensive approach covering some of the topics of greatest concern to businesses. The 60-minute, user-friendly training covers the following topics:

• A threat overview: ESET’s security experts give users an overview of some of the most common and severe security threats to businesses, including malware, phishing, and more.
• Email protection: employees get a sense of what they should look for in an email, and are shown things to avoid.
• Password policies: employees learn about password best practices, two-factor authentication and how to use it.
• Web protection: employees learn about online safety and how they can avoid scams.
• Social engineering: employees learn how they can recognize social engineering,  which is the art of manipulating people so they give up confidential information, and what they should do when faced with it. 

Those interested can sign up here to access training materials. 

CIRA’s course on cybersecurity practices for remote workers in Canada

The Canadian Internet Registration Authority (CIRA), which oversees the .ca domain, has developed a course on cybersecurity for remote workers. Available for free from its CIRA Cybersecurity Awareness Training platform, the course has been designed by the authority to protect Canadians working from home from an ever-increasing number of cyber risks. 

The online course includes some simple tips and best practices regarding VPNs, home Wi-Fi, personal devices, phishing emails, and more, followed by a quiz. It provides users with information on how they can protect their home Wi-Fi, how they can generate strong passwords, why multi-factor authentication is important, use of VPN as a way to protect the information they’re sending and receiving when on their home network, ways they can protect confidential information and personal devices, and a lot more. Anyone can access the course here.

Government of Canada’s cybersecurity course for SMBs

Intended for small and medium organizations (SMOs), this free e-learning, self-paced course has three modules containing knowledge and resources that will help businesses:

• identify cyber security threats and the risks they pose to their organization;
• identify the cyber security best practices to meet their business needs;
• identify opportunities to improve their organization’s overall cyber security; and
• determine how they can use the Cyber Maturity Model, a path for guiding decisions and actions in a way that takes an organization from responding ad hoc to using the best possible mature practices for their business.

Designed and built collaboratively by the Cyber Centre Learning Hub at the Canadian Centre for Cyber Security (Cyber Centre) and Innovation, Science and Economic Development Canada (ISED), this course takes approximately 60 minutes to complete. Performing the suggested activities will increase the time it takes to complete the course, but they will help organizations apply the course information specifically to their business, says the Government of Canada. There are also short quizzes that are intended to reinforce the modules.

Microsoft Security Best Practices guidance

Microsoft Security Best Practices, formerly known as the Azure Security Compass or Microsoft Security Compass, this guidance is now increasing in scope to encompass all Microsoft security guidance and capabilities, including Microsoft 365. It is a collection of best practices that provide actionable guidance for security-related decisions.

Presented in a series of videos, this guidance is designed to help users increase their security posture and reduce risk whether their environment is cloud-only, or a hybrid enterprise spanning cloud(s) and on-premises data centres. The PowerPoint slides associated with these videos can be downloaded for free here.

Fortinet’s cybersecurity training course

Cybersecurity professionals, IT professionals and teleworkers can take advantage of the free, self-paced curriculum of cybersecurity training courses offered by the cybersecurity firm Fortinet. Courses cover everything from basic cybersecurity awareness training to advanced training on security-driven networking, adaptive cloud security, AI-driven security operations and zero-trust network access.

Labs for these courses are pre-recorded and available for on-demand viewing. Recorded lab demos are supplemented with regularly scheduled live sessions with Fortinet Certified Trainers wherein demo labs and Q&A sessions conducted. For those interested in training options beyond self-paced, Fortinet has a network of Authorized Training Centers (ATCs) around the world providing Fortinet training in a variety of formats, including live virtual instructor-led.

Chief Information Security Officer (CISO) Workshop Training from Microsoft

Microsoft‘s free CISO workshop training contains a collection of security learnings, principles, and recommendations for modernizing security in organizations. It is a combination of experiences from Microsoft security teams and learnings from customers.

Aimed at helping organizations meet the dual security challenges of increasingly sophisticated attacks and protecting assets in a hybrid enterprise that now includes cloud platforms, CISO workshop videos can be downloaded here.

There are five modules in the workshop which cover diverse topics ranging from critical security hygiene, Microsoft cybersecurity reference architecture, cybersecurity resilience, Internet of Things (IoT), and operational tech to the evolution and trajectory of Security Operations Centers (SOC), including lessons from Microsoft’s SOC, powered by the trillions of signals in the Microsoft Intelligent Security Graph.

Web security training from PortSwigger

PortSwigger, provider of Burp Suite, an integrated platform for performing security testing of web applications, offers free web security training through its online training centre, Web Security Academy. The training offered includes content from PortSwigger’s in-house research team, academics, and the company’s founder Dafydd Stuttard – author of The Web Application Hacker’s Handbook, all for free.

Unlike a textbook, the Academy is constantly updated. While each topic in the Academy is fully explained in text, many also include video content to summarize key points. There are also interactive labs – realistic puzzles designed to test participant’s skills as a hacker. These transfer directly over into real-life cybersecurity situations. The company also rewards those who are the first ones to solve the lab each time a new one is launched.

IT World Canada’s Security Training Resource Kit

IT World Canada and its creative arm, Amazing! Agency have created training materials to make security training engaging and interesting. While it starts with a comedic approach – a fun video or an interactive game – there is very serious content including best practices that are aimed at helping users understand how they can reduce exposure to security incidents.

The kit contains set of tools for building user awareness about cybersecurity:

• A short group activity (game) that provides a way to introduce the importance of digital security.
• Two short videos that provide a humorous look at key issues – password security and “phishing” emails.
• Facilitator’s guides to guide discussion after each of the two videos.