Restricted to authorized KAB Executive Search team members only. Each access code is single use and can only be used once. Enter your full name and access code to begin.
// INVALID OR ALREADY USED CODE. CONTACT YOUR MANAGER.
No access code? Contact your manager or IT Support at Ext. 2200
PRE-TRAINING ASSESSMENT
Before We Begin
Answer these 10 questions based on your current knowledge. There are no wrong answers here. This helps us measure how much you learn during the training. Your answers will not be judged.
NOTE: No feedback will be shown yet. Complete this honestly so your improvement can be measured after the training.
01 OF 10 — MFA SECURITY
You receive an unexpected MFA approval request on your phone but you did not try to log in. What do you do?
A
Approve it as it might be an automatic IT system update
B
Deny it and immediately report to IT as your password may be compromised
C
Ignore it and wait to see if it happens again before taking action
02 OF 10 — EMAIL SECURITY
An email from IT Support asks you to reply with your password to verify your account. What do you do?
A
Reply with your password as it came from IT Support
B
Do not reply. Report the email and call IT on their known number to verify
C
Delete the email and do nothing further
03 OF 10 — INCIDENT RESPONSE
You accidentally clicked a suspicious link and entered your password on the page. What is your first action?
A
Wait and monitor your account for anything unusual before reporting
B
Run an antivirus scan and consider the matter resolved
C
Change your password immediately and report to IT right away without delay
04 OF 10 — TRAINING COMPLIANCE
When must KAB Executive Search team members complete their annual cybersecurity refresher training?
A
Every January regardless of when they joined the company
B
On their work anniversary each year
C
Training is only required during the first week and is not repeated annually
05 OF 10 — PHISHING AWARENESS
You receive an email with urgent language warning that your account will be suspended in 24 hours. What is the most important first step?
A
Click the link immediately to prevent your account from being suspended
B
Check the actual sender email address and hover over any links before taking any action
C
Forward the email to a colleague to ask if it looks real
06 OF 10 — PASSWORD POLICY
A colleague asks for your login password because they urgently need to access a shared file while you are out of the office. What do you do?
A
Share your password as it is only temporary and for a legitimate business reason
B
Refuse and offer an alternative such as sharing the file directly or asking IT to grant access
C
Share the password but ask them to change it afterward
07 OF 10 — SOCIAL ENGINEERING
Someone calls claiming to be from Microsoft and says your computer has a virus. They ask you to install remote access software so they can fix it. What do you do?
A
Install the software as Microsoft has the authority to fix your computer remotely
B
Hang up immediately and report the call to IT. This is a known phone scam called vishing
C
Ask them to call back tomorrow when you have more time to deal with it
08 OF 10 — DATA SECURITY
You need to send a candidate resume and personal details to a client from your personal email while working from home. Is this acceptable?
A
Yes as long as you delete the email from your personal account afterward
B
No. Confidential candidate data must only be sent from your company email account
C
Yes as long as the client is a trusted contact
09 OF 10 — INCIDENT REPORTING
You receive a suspicious email but you did not click any links. Should you report it to IT even though you did not engage with it?
A
No. Since you did not click anything there is no risk and no need to report
B
Yes. Report it to IT so they can investigate and warn other colleagues who may receive the same email
C
Only report it if you receive the same email a second time
10 OF 10 — DEVICE SECURITY
You are working remotely at a coffee shop and need to access the company system. There is no VPN available right now. What should you do?
A
Connect using the public Wi-Fi as the work is urgent and cannot wait
B
Use your mobile phone as a personal hotspot instead of the public Wi-Fi and connect VPN once available
C
Ask a colleague to log in on your behalf and share their screen with you
TRAINING OVERVIEW
Your Training Modules
Complete all 6 modules then pass the final 10-question quiz to receive your certificate of completion.
MODULE 01
Password Security
NOT STARTED
MODULE 02
MFA and Account Protection
NOT STARTED
MODULE 03
Phishing and Email Threats
NOT STARTED
MODULE 04
Incident Reporting
NOT STARTED
MODULE 05
Data and Device Security
NOT STARTED
MODULE 06
Social Engineering
NOT STARTED
ESTIMATED TIME: 15 to 20 minutes. Complete all modules in one session. Your certificate is issued automatically upon passing the final quiz.
MODULE 01 OF 06
Password Security
Your password is the first line of defense against unauthorized access. A weak or reused password is the most common way attackers gain entry to company systems and client data.
KAB POLICY: Passwords must be at least 10 characters and changed every year. Never share your password with anyone including IT staff.
Use at least 12 characters including uppercase, lowercase, numbers and symbols such as !, @, #, $
Never reuse passwords. A breach on one site gives attackers access to all your accounts
Never share your password with anyone. IT staff will never ask for it under any circumstances
Use a password manager such as Bitwarden or 1Password to generate and store strong unique passwords securely
Change your password immediately if you suspect it may have been seen or compromised
Do not use personal information in passwords such as your name, birthday, or company name
CRITICAL: If anyone asks for your password by email, phone, or in person then refuse the request and report it to IT immediately.
MODULE 02 OF 06
MFA and Account Protection
Multi-factor authentication adds a critical second layer of security beyond your password. Even if an attacker steals your password they cannot access your account without the second factor.
MANDATORY: MFA must be activated on all company accounts within your first week of employment. Accounts without MFA will be suspended until the requirement is met.
Use the Microsoft Authenticator app as your primary MFA method. It is more secure than SMS text codes
Never approve an MFA prompt you did not personally initiate. An unexpected prompt means someone has your password
If you receive unexpected MFA prompts then deny them immediately and report the incident to IT Support
Never share MFA codes with anyone including IT staff. No legitimate IT request will ever ask for your code
If you lose access to your MFA device then contact IT immediately to initiate a secure account recovery process
Enable MFA on personal accounts too such as email, banking, and social media to protect your personal information
MODULE 03 OF 06
Phishing and Email Threats
90 percent of all cyberattacks begin with a phishing email. Attackers craft convincing messages designed to steal credentials, install malware, or trick employees into taking harmful actions.
KAB SIMULATION FINDING: A 2026 authorized phishing simulation found that 30 percent of KAB Executive Search team members responded to a fake IT email. This module exists to prevent real incidents.
Always check the actual sender email address and not just the display name. Hover over the sender name to reveal the real address
Be suspicious of urgency. Phrases like act now, account suspended, or respond within 24 hours are classic pressure tactics
Hover over any link before clicking to see the real destination URL at the bottom of your browser
IT Support and Microsoft will never ask for your password by email under any circumstances
If you clicked a suspicious link then report it to IT immediately and do not wait to see what happens
Watch for reply-based attacks. An example is receiving a message saying your account was compromised and asking you to reply immediately
MODULE 04 OF 06
Incident Reporting
Early reporting is the single most important action you can take after a security incident. Every minute counts. The sooner IT knows about a problem the less damage can occur to the organization.
NO BLAME POLICY: You will not be disciplined for honest mistakes that are reported promptly. Failure to report a known incident however is a direct policy violation.
STOP. Do not try to fix the problem yourself. Attempting a self-fix can make things worse and destroy evidence
DISCONNECT. Turn off Wi-Fi or unplug the ethernet cable if you believe your device has been compromised
REPORT IMMEDIATELY. Contact your manager and IT Support at Ext. 2200 right away without delay
DOCUMENT. Write down what you saw, what you clicked, and what information you may have entered before the details fade
Report suspicious emails even if you did not click anything. Your report protects your colleagues from the same attack
Report lost or stolen devices immediately including personal devices that contain company email or data
MODULE 05 OF 06
Data and Device Security
KAB Executive Search handles highly sensitive candidate and client information every day. Protecting this data is both a legal obligation and a core professional responsibility for every team member.
Lock your screen every time you step away from your computer. Use Win+L on Windows or Cmd+Ctrl+Q on Mac
Never use public Wi-Fi networks for company work without first connecting to the company VPN
Never send client or candidate data to a personal email account or personal cloud storage service
Do not discuss active candidate searches or client mandates on any social media platform
Always shred printed confidential documents. Never place them in regular recycling or trash bins
Do not install unauthorized software on company devices. Contact IT for approval before installing any application
Before emailing sensitive data externally always verify the recipient name and email address carefully to avoid misdirected emails
MODULE 06 OF 06
Social Engineering and Pretexting
Social engineering is the art of manipulating people into performing actions or giving up confidential information. It bypasses technical security controls entirely by targeting human behavior and trust.
KEY INSIGHT: Technical security can block most automated attacks. However no firewall can block a well-crafted phone call or a convincing impersonation.
Pretexting is when an attacker invents a fake scenario to gain your trust. For example calling you pretending to be IT and asking you to reset your password urgently
Vishing is voice phishing over the phone. Attackers may claim to be from Microsoft, your bank, or IT Support. Always verify by calling the organization back on a known number
Tailgating is when an unauthorized person follows an employee through a secure door. Never hold secure doors open for people you do not recognize
Quid pro quo attacks offer something in exchange for information or access. Be suspicious of unexpected offers of help from unknown contacts
Spear phishing targets specific individuals using personal details gathered from social media to make the attack appear more credible and trustworthy
If something feels wrong then trust your instincts. Stop, verify the person identity through a separate channel, and report any suspicious contact to IT
GOLDEN RULE: Legitimate organizations will never pressure you to act immediately, bypass security procedures, or share confidential information without proper verification.
FINAL ASSESSMENT
Knowledge Check
Answer all 10 questions to receive your certificate. Take your time and review your modules if needed.
01 OF 10 — MFA SECURITY
You receive an unexpected MFA approval request on your phone but you did not try to log in. What do you do?
A
Approve it as it might be an automatic IT system update
B
Deny it and immediately report to IT as your password may be compromised
C
Ignore it and wait to see if it happens again before taking action
02 OF 10 — EMAIL SECURITY
An email from IT Support asks you to reply with your password to verify your account. What do you do?
A
Reply with your password as it came from IT Support
B
Do not reply. Report the email and call IT on their known number to verify
C
Delete the email and do nothing further
03 OF 10 — INCIDENT RESPONSE
You accidentally clicked a suspicious link and entered your password on the page. What is your first action?
A
Wait and monitor your account for anything unusual before reporting
B
Run an antivirus scan and consider the matter resolved
C
Change your password immediately and report to IT right away without delay
04 OF 10 — TRAINING COMPLIANCE
When must KAB Executive Search team members complete their annual cybersecurity refresher training?
A
Every January regardless of when they joined
B
On their work anniversary each year
C
Training is only required during the first week and is not repeated
05 OF 10 — PHISHING AWARENESS
You receive an email with urgent language warning that your account will be suspended in 24 hours. What is the most important first step?
A
Click the link immediately to prevent your account from being suspended
B
Check the actual sender email address and hover over any links before taking any action
C
Forward the email to a colleague to ask if it looks real
06 OF 10 — PASSWORD POLICY
A colleague asks for your login password because they urgently need to access a shared file while you are out of the office. What do you do?
A
Share your password as it is only temporary and for a legitimate business reason
B
Refuse and offer an alternative such as sharing the file directly or contacting IT for access
C
Share the password but ask them to change it afterward
07 OF 10 — SOCIAL ENGINEERING
Someone calls claiming to be from Microsoft and says your computer has a virus. They ask you to install remote access software so they can fix it. What do you do?
A
Install the software as Microsoft has the authority to fix your computer remotely
B
Hang up immediately and report the call to IT. This is a known phone scam called vishing
C
Ask them to call back tomorrow when you have more time to deal with it
08 OF 10 — DATA SECURITY
You need to send a candidate resume and personal details to a client from your personal email while working from home. Is this acceptable?
A
Yes as long as you delete the email from your personal account afterward
B
No. Confidential candidate data must only be sent from your company email account
C
Yes as long as the client is a trusted contact
09 OF 10 — INCIDENT REPORTING
You receive a suspicious email but you did not click any links. Should you report it to IT even though you did not engage with it?
A
No. Since you did not click anything there is no risk and no need to report
B
Yes. Report it to IT so they can investigate and warn other colleagues who may receive the same email
C
Only report it if you receive the same email a second time
10 OF 10 — DEVICE SECURITY
You are working remotely at a coffee shop and need to access the company system. There is no VPN available right now. What should you do?
A
Connect using the public Wi-Fi as the work is urgent and cannot wait
B
Use your mobile phone as a personal hotspot instead of the public Wi-Fi and connect the VPN once available
C
Ask a colleague to log in on your behalf and share their screen with you
TRAINING COMPLETE
Mission Accomplished
You have successfully completed the KAB Executive Search Cybersecurity Awareness Training. Your certificate is ready below.
0/10
BEFORE
0/10
AFTER
+0
IMPROVEMENT
NOW
COMPLETED
KAB EXECUTIVE SEARCH
Cybersecurity Awareness Training
THIS CERTIFIES THAT
YOUR NAME
has successfully completed the KAB Executive Search Cybersecurity Awareness Program
Date and score will appear here
CERTIFICATE ID: PENDING
POWERED BY NOBLECYBER.AI
ACTION REQUIRED: Screenshot or print this certificate and submit it to your manager as proof of completion.
REVIEW COMPLETE
Review Complete
You have finished reviewing the training modules. Your original certificate remains valid.
REMINDER: Your annual refresher training is due on your work anniversary. A new access code will be issued at that time so you can retake the full training and quiz.