Cybersecurity for Non-IT Staff

This programme is built for employees who are not in technology roles but handle data, communicate digitally, and are the most common entry point for cyberattacks on organisations. HR executives, finance teams, operations staff, customer service, and administrative personnel will learn to recognise threats, respond correctly, and protect the organisation from the inside out.

Programme Modules

Why Non-IT Staff Are the Biggest Target
How attackers exploit human behaviour rather than technical systems. Real Malaysian case studies of breaches caused by staff error, not technical failure.

Email and Phishing Threats
Recognising phishing, spear-phishing, and business email compromise (BEC). What to do when you receive a suspicious email and how to report it.

Password and Account Security
Why weak passwords cost organisations millions. Creating strong passwords, using password managers, enabling two-factor authentication, and spotting credential theft attempts.

Safe Use of Devices and Networks
Secure use of company laptops, personal devices, and public Wi-Fi. Understanding BYOD risks and remote work security basics.

Data Handling and PDPA Compliance
What counts as personal data, how to handle it correctly under Malaysia's PDPA, and the consequences of mishandling customer or employee data.

Responding to a Security Incident
What to do and what not to do if you suspect a breach, receive a suspicious message, or accidentally click something you should not have. Internal reporting procedures.

Final Activity: Threat Simulation Exercise
Participants receive a set of simulated email and messaging scenarios and must identify which are genuine and which are attacks. Group debrief covers decision-making and correct response procedures.

Key Outcomes:
Recognise common cyber threats targeting non-technical employees
Apply safe practices for email, passwords, devices, and data handling
Understand obligations under PDPA Malaysia in daily work tasks
Respond correctly and promptly when a security incident is suspected
Reduce human error as an organisational cybersecurity risk

Fee: RM 1,750 per participant (minimum 5 participants)
Duration: 1 Day
Training Hours: 9:00 AM to 5:00 PM
Level: Beginner (no technical knowledge required)
Training Mode: Physical, Online, or Hybrid
HRD Corp Claimable
Certificate of Completion included

Frequently Asked Questions

Any employee who is not in an IT or technical role. HR, finance, operations, customer service, legal, and administrative staff.

Yes.

Yes. Case studies and scenarios can be adapted for banking, healthcare, manufacturing, government, or retail contexts.

Yes.

Up to 30 participants. Larger groups can be accommodated across multiple sessions.