All sample courses Tous les cours exemples Todos os cursos de exemplo

H5P ADDIE Interactive sample Exemple interactif Exemplo interativo

Cybersecurity Awareness for Staff

An interactive lesson with knowledge checks that turns everyday staff into a strong first line of defence.

Audience: General employees
Duration: 15 minutes

Sensibilisation a la cybersecurite pour le personnel

Une lecon interactive qui transforme les gestes quotidiens du personnel en premiere ligne de defense contre le phishing et le vol d'identifiants.

Public: Employes de tous profils
Duree: 15 minutes

Consciencializacao em ciberseguranca para colaboradores

Uma aula interativa que reforca habitos simples para reconhecer phishing, proteger contas e reportar incidentes sem demora.

Publico: Colaboradores em geral
Duracao: 15 minutos

Threat response lab

Spot, pause, verify, report

A staff-friendly walkthrough of the habits that stop phishing and credential theft before they spread.

30s

Pause rule

Core red flags

Phishing drill Incident habit FR/PT ready

Atelier de reaction aux menaces

Voir, stopper, verifier, signaler

Un parcours visuel sur les reflexes qui bloquent le phishing et le vol d'identifiants avant qu'ils ne se propagent.

30s

Regle de pause

Signaux d'alerte

Phishing Reflexe d'alerte Bilingue

Laboratorio de resposta a ameacas

Ver, parar, verificar, reportar

Um percurso visual sobre os habitos que travam phishing e roubo de credenciais antes de se espalharem.

30s

Regra de pausa

Sinais de alerta

Phishing Habito de reporte Bilingue

What you will be able to do

Recognise the hallmarks of a phishing message
Respond safely to a suspicious email or link
Create and manage strong, unique passwords
Enable and use multi-factor authentication
Report a suspected security incident quickly and correctly

Ce que vous saurez faire

Reconnaitre les signes d'un message d'hameconnage
Reagir correctement a un lien ou une piece jointe suspects
Utiliser des mots de passe forts et uniques
Comprendre l'interet de l'authentification multifacteur
Signaler rapidement un incident potentiel

O que sera capaz de fazer

Reconhecer sinais tipicos de phishing
Responder com seguranca a emails e links suspeitos
Criar e gerir palavras-passe fortes e unicas
Ativar e usar MFA
Reportar incidentes rapidamente

The safe-response pattern

Inspect the sender and URL

Small spelling changes and mismatched links are classic indicators.

Verify outside the message

Use the official site or a known phone number.

Report quickly

Speed matters more than being completely certain.

Schema de reaction sure

Verifier expediteur et lien

Les petites fautes et les URL incoherentes sont des signaux frequents.

Verifier hors du message

Passez par le site officiel ou un numero connu.

Signaler rapidement

La rapidite compte plus que la certitude complete.

Padrao de resposta segura

Inspecionar remetente e URL

Pequenas alteracoes na escrita e links incoerentes sao sinais frequentes.

Verificar fora da mensagem

Use o site oficial ou um numero conhecido.

Reportar rapidamente

A rapidez importa mais do que ter certeza absoluta.

Security habits with highest payoff

Simple routines prevent a disproportionate share of everyday attacks.

Visual data block

Phishing pause

Password manager

MFA enabled

Fast reporting

Habitudes de securite a plus fort impact

Quelques routines simples empechent une grande part des attaques quotidiennes.

Bloc visuel

Pause phishing

Gestionnaire MDP

MFA active

Signalement rapide

Habitos de seguranca com maior retorno

Rotinas simples evitam uma grande parte dos ataques do dia a dia.

Bloco visual

Pausa anti-phishing

Gestor de senhas

MFA ativo

Reporte rapido

Reflect and flip

Each card starts with a prompt. Flip it to reveal the coaching cue or model answer.

Reflechir et retourner

Chaque carte commence par une question. Retournez-la pour voir la piste de reponse ou le modele de reponse.

Refletir e virar

Cada cartao comeca com uma pergunta. Vire-o para ver a orientacao ou a resposta-modelo.

Course content

The Threat Landscape

Most successful cyberattacks do not start with sophisticated code — they start with a person clicking a link, opening an attachment, or sharing a password. Human error accounts for the majority of data breaches across every sector. The good news is that this is the most preventable category of risk, and every member of staff can close the gap.

Threats come in a few common forms. Phishing is the most common: a deceptive email or message that tricks someone into revealing credentials or installing malware. Pretexting involves an attacker constructing a convincing false identity — posing as IT support, a supplier, or a senior colleague — to request sensitive information. Malware arrives through attachments, infected USB drives, or compromised websites, and can give attackers persistent access to systems.

Before moving on, think of the last time you received an unexpected email asking you to do something — click, verify, download, or reply. What did you do? In this course you will build a reliable habit for moments exactly like that one.

Spotting a Phishing Message

Phishing messages are designed to bypass your critical thinking by triggering urgency, fear, or curiosity. The classic signals are: a sender address that looks almost right but has a small difference ([email protected]); language that creates pressure ('your account will be suspended in 10 minutes'); a link that does not match the text when you hover over it; and requests for credentials, payment details, or file downloads you were not expecting.

The safest habit is to verify independently. Do not use contact details in the message. Go directly to the official website by typing the address, or call a number you already know. If the message claims to be from a colleague, phone them. Attackers count on you acting before you think.

You receive an email from '[email protected]' telling you that your account has been compromised and you must reset your password within 30 minutes using the link provided. The email uses your organisation's logo. Consider: what are the phishing signals? What is the correct response? What would happen if you clicked the link?

Password Hygiene and Multi-Factor Authentication

A weak password is an unlocked door. Password reuse is a master key for attackers — when one service is breached, every account sharing that password is at risk. The practical solution is a password manager: a secure vault that generates and stores a long, unique password for every account. You remember one strong master password; the manager handles the rest.

A strong password is long and random. 'Summer2024!' is weak because it follows a predictable pattern. 'tr7#Kp!qW2mz' is strong because it is random. A passphrase — four or more unconnected words strung together — is both strong and memorable: 'correct-horse-battery-staple' is far harder to crack than a short password with special characters.

Multi-factor authentication (MFA) adds a second layer: even if an attacker has your password, they cannot access your account without the second factor — a code from an app, a text message, or a hardware token. Enable MFA on every account that offers it, especially email and any work systems.

Reporting an Incident

Speed matters more than certainty. If you suspect something is wrong — you clicked a link and then felt uneasy, you notice your account behaving oddly, a colleague asks for your credentials — report it immediately to your IT or security team. Do not wait until you are sure. Early reports allow the team to contain damage before it spreads.

Reporting is not the same as confessing. Organisations that punish staff for honest reporting create a culture where incidents are hidden until they become crises. The right culture is: report fast, report honestly, and let the experts assess the risk. Your job is to raise the flag; their job is to act on it.

Where would you go right now to report a suspected security incident in your organisation? If you do not know the answer immediately, finding out is the most important action you can take after completing this course.

Contenu du cours

Le risque le plus courant

La plupart des incidents commencent par une action humaine simple: cliquer, telecharger, ou partager une information. Cette realite rend la vigilance du personnel essentielle.

Repensez au dernier message inattendu que vous avez recu. Avez-vous verifie l'expediteur, le lien et la demande avant d'agir?

Reperer un phishing

Les signaux classiques sont l'urgence, une adresse presque correcte, un lien suspect et une demande inhabituelle de mot de passe ou de paiement. La bonne reponse consiste a verifier par un canal officiel et independant.

Un mail au nom du support informatique vous demande une reinitialisation immediate du mot de passe. Quels indices doivent vous alerter? Que faites-vous a la place de cliquer?

Mots de passe et MFA

Un mot de passe reutilise fragilise plusieurs comptes a la fois. Un gestionnaire de mots de passe et l'authentification multifacteur reduisent fortement ce risque.

Signaler vite

Si vous avez un doute apres un clic ou un appel suspect, signalez-le tout de suite. Mieux vaut un faux positif rapide qu'un incident cache trop longtemps.

Savez-vous immediatement comment joindre votre equipe informatique ou securite? Si non, c'est l'action prioritaire a prendre apres ce module.

Conteudo do curso

O panorama da ameaca

Muitos ataques bem-sucedidos comecam por um clique apressado, uma anexo aberto ou uma credencial partilhada. Por isso, o comportamento do colaborador e uma camada critica de defesa.

Pense na ultima mensagem inesperada que pediu para clicar, confirmar ou descarregar algo. Qual foi a sua reacao imediata?

Como identificar phishing

Urgencia artificial, remetente parecido com o oficial, links que nao coincidem e pedidos de credenciais sao sinais recorrentes. A melhor resposta e verificar por um canal oficial conhecido.

Recebe um email a dizer que a conta sera bloqueada em 30 minutos. O que verifica primeiro? Qual e o risco de seguir o link da mensagem?

Senhas e MFA

Reutilizar senhas amplia o dano de qualquer violacao. Um gestor de senhas e MFA reduzem drasticamente o impacto do roubo de credenciais.

Reportar sem esperar

Se clicou e depois desconfiou, reporte logo. A equipa tecnica precisa de tempo para conter o problema antes que ele se espalhe.

Se um incidente acontecesse agora, saberia exatamente para onde reportar? Essa resposta deve ser imediata.

Knowledge check

Answer each question.

1. An email urges you to 'verify your account in 10 minutes or lose access' with a link. What is the safest first step?

2. The deceptive message that impersonates a trustworthy source to trick someone into revealing credentials or installing malware is called ______.

Type your answer

3. 'Summer2024!' is a strong password because it contains an uppercase letter, a number, and a symbol.

4. The extra login security layer that requires a second proof of identity beyond your password — such as a code from an app — is called ______.

Type your answer

5. A caller claims to be from IT support and asks for your password to fix an urgent access issue. What do you do?

You scored /

This is the kind of immediate, low stakes feedback that keeps learners moving. Every sample course is built the same way: outcomes first, then practice, then feedback.

Request a course like this

Verification des acquis

Repondez a chaque question. La correction est faite cote serveur et la bonne reponse n'est pas envoyee au navigateur a l'avance.

1. Un email vous dit de verifier votre compte en 10 minutes sinon vous perdrez l'acces, avec un lien. Quelle est la premiere action la plus sure ?

2. Le message trompeur qui imite une source de confiance pour inciter quelqu'un a reveler ses identifiants ou installer un logiciel malveillant s'appelle le ______.

Type your answer

3. « Ete2024! » est un mot de passe fort car il contient une majuscule, un chiffre et un symbole.

4. La couche de securite supplementaire qui exige une seconde preuve d'identite en plus du mot de passe — comme un code genere par une application — s'appelle l'______.

Type your answer

5. Un appelant dit appartenir au support IT et vous demande votre mot de passe pour regler un probleme d'acces urgent. Que faites-vous ?

Votre score est de /

Ce type de retour immediat et sans enjeu excessif aide les apprenants a poursuivre. Chaque cours exemple suit la meme logique : objectifs, pratique, puis feedback.

Demander un cours similaire

Verificacao de conhecimentos

Responda a cada pergunta. A avaliacao acontece no servidor e a resposta correta nao e enviada antecipadamente ao navegador.

1. Um email pede para verificar a conta em 10 minutos ou perdera o acesso, com um link. Qual e a primeira acao mais segura?

2. A mensagem enganosa que imita uma fonte de confianca para levar alguem a revelar credenciais ou instalar software malicioso chama-se ______.

Type your answer

3. «Verao2024!» e uma senha forte porque contem uma letra maiuscula, um numero e um simbolo.

4. A camada extra de seguranca de login que exige uma segunda prova de identidade alem da senha — como um codigo gerado por uma aplicacao — chama-se ______.

Type your answer

5. Um interlocutor afirma ser do suporte de TI e pede a sua senha para resolver um problema urgente de acesso. O que faz?

A sua pontuacao foi /

Este tipo de feedback imediato e de baixo risco ajuda o formando a continuar. Cada curso de exemplo segue a mesma estrutura: objetivos, pratica e depois feedback.

Pedir um curso como este