All free tools

Awareness · Certificate included

Security Awareness Training

Four short modules cover the security basics every team member needs. Pass the quiz (80% to pass) and download a certificate of completion issued by Alianza Advisory Solutions.

1

Phishing & Social Engineering

Phishing is the most common way attackers break in. A phishing message pretends to be someone you trust — a coworker, your bank, a vendor, or even your boss — to trick you into clicking a link, opening an attachment, or sharing credentials.

Attackers create urgency ("your account will be closed"), curiosity ("see who viewed your profile"), or fear ("unpaid invoice attached") to make you act before you think. Social engineering can also happen by phone or text ("smishing" and "vishing").

Before you click, slow down and verify. Hover over links to see the real destination, check the sender's full email address, and confirm unusual requests through a separate, known channel — never by replying to the suspicious message.

Key points

  • Urgency and fear are red flags — slow down and verify.
  • Hover to preview links; check the full sender address.
  • Confirm money or credential requests through a known channel.
2

Passwords & Multi-Factor Authentication

Weak and reused passwords are a leading cause of breaches. If one site is compromised, attackers try the same password everywhere else. Use long, unique passwords or passphrases for every account.

A password manager makes this practical — it generates and stores strong passwords so you only remember one master password. Never store passwords in plain text or share them over email or chat.

Multi-factor authentication (MFA) adds a second step (like a code or app approval) so a stolen password alone isn't enough. Turn on MFA everywhere it is offered, especially for email, which can reset all your other accounts.

Key points

  • Use long, unique passwords for every account.
  • A password manager beats memory and sticky notes.
  • Enable MFA everywhere — it stops most account takeovers.
3

Handling Sensitive Data

Sensitive data includes personal information, financial and health records, payment details, and confidential business information. Mishandling it can cause real harm and legal consequences.

Follow the principle of least privilege: only access what you need for your job, and only share data with people who are authorized to see it. Be careful with email, shared drives, and removable media.

Encrypt sensitive files in transit and at rest where possible, lock your screen when you step away, and securely dispose of documents and devices. When in doubt, ask before you send.

Key points

  • Access and share only what your job requires.
  • Lock your screen and encrypt sensitive files.
  • Dispose of data and devices securely.
4

Safe Computing & Incident Reporting

Keep your devices updated — software updates fix security holes attackers exploit. Avoid public Wi-Fi for sensitive work, or use a VPN. Don't install unapproved software or plug in unknown USB drives.

Working remotely raises the stakes: secure your home network, keep work data on approved systems, and be mindful of who can see your screen in public spaces.

If something seems wrong — a suspicious email, a lost laptop, a possible click on a bad link — report it immediately. Fast reporting limits damage. You will never be punished for reporting in good faith; staying silent is the real risk.

Key points

  • Keep devices patched; avoid unknown USBs and apps.
  • Use approved systems and secure networks for work data.
  • Report incidents immediately — speed limits the damage.

Looking for more? Browse all free tools.