Training & Awareness Program
The Enterprise Security and Risk Management Office's training and awareness program serves a wide range of needs. It raises general staff awareness and addresses specific topics, such as web application security and business continuity management.
The ongoing training gives all staff appropriate levels of cybersecurity training focused on developing skills in relevant technologies and techniques to improve agencies’ security posture. The variety of materials, from hands-on training to online interactive modules, are reusable for continued training.
North Carolina makes national training and awareness resources available at little or no cost to state agencies.
Cybersecurity Training Modules
Social Engineering Foundations - Social engineers use manipulation to instigate and influence human error. This course explores the psychology behind why scammers target human emotions and how individuals can avoid common scams, both at work and at home
2026 Social Engineering Red Flags - This latest edition of Social Engineering Red Flags equips learners with critical skills to identify and respond to social engineering threats. This module uses case studies based on user stories of actual phishing emails, professional social media networking site scams (like LinkedIn), and in all examples illustrates experience using zero trust concepts, where users trust nothing by default and verify everything, even within the network. Participants will learn to recognize social engineering, spot its red flags, and take appropriate protective actions. This concise module helps organizations strengthen their security culture against social engineering attacks, reducing security incidents and data breach risks. Some of the videos are created using AI technology to show users just how tricky this technology can be in making things look realistic. Users will be warned of this and asked to guess which videos were created using AI. This latest edition of Social Engineering Red Flags equips learners with critical skills to identify and respond to social engineering threats. This module uses case studies based on user stories of actual phishing emails, professional social media networking site scams (like LinkedIn), and in all examples illustrates experience using zero trust concepts, where users trust nothing by default and verify everything, even within the network. Participants will learn to recognize social engineering, spot its red flags, and take appropriate protective actions. This concise module helps organizations strengthen their security culture against social engineering attacks, reducing security incidents and data breach risks. Some of the videos are created using AI technology to show users just how tricky this technology can be in making things look realistic. Users will be warned of this and asked to guess which videos were created using AI
2026 Your Role: Internet Security and You - From targeted phishing attempts to artificial intelligence (AI) powered attacks, social engineering attacks are constantly evolving. This training module teaches employees about common security threats, helping them to respond effectively to prevent security breaches and other cyber incidents. Employees will learn practical steps they can take to protect information online and safeguard sensitive data when working from the office or remotely.
Deepfakes, Scams, and Disinformation - With the rapid development of artificial intelligence (AI), a phenomenon is spreading that poses an ever-increasing threat to organizations, individuals, and society as a whole. Deepfakes, i.e., fake videos or voices, are now also being used by cybercriminals with little technical knowledge to attempt fraud and spread false information. The underlying technology is constantly improving and with it, the dangers are increasing. This training module explains the basics of deepfakes, uses examples to raise awareness of the associated dangers, and shows how you can protect yourself against them. The module ends with a quiz.
2026 KnowBe4 Security Awareness Training - Cybercriminals are using artificial intelligence (AI) to create more convincing and personalized attacks at scale. In this module, you will learn how quickly cybercriminals can create phishing emails that target individuals to gain access to sensitive information. You will witness two security experts from KnowBe4 demonstrate a simulated phishing attack that results in the attacker gaining access to the target’s organization’s systems. You will also learn to recognize red flags in emails and understand the critical role they play in keeping your organization safe.
Staying Safe from Seasonal Scams - The holiday season is a prime time for cybercriminals to target busy professionals, especially during gift-giving celebrations (like Christmas, Hanukkah, and Lunar New Year) and major shopping events (such as Black Friday, Cyber Monday, Boxing Day, and Singles' Day). In this module, you will identify common types of holiday social engineering tactics and the key warning signs of seasonal scams. Learn effective verification strategies to protect yourself from gift card fraud, package delivery scams, and too-good-to-be-true online offers. This training provides essential knowledge for maintaining online safety during these heightened risk periods of festive celebrations worldwide.
Privacy Training Modules
Data Privacy Basics, Personally Identifiable Information (PII) and How to Protect It - The training explains how data privacy impacts everyone. The video covers the basics of what data privacy is, why it is important to protect it, and how it differs from security. Personally identifiable information (PII) is explored as well as the need to protect it, and the laws and obligations that relate to the access, use, maintenance, and destruction of PII.
Introduction to Data Protection - In this module, employees will learn what personal information is, about general privacy principles, the types of data that need protection, how to identify threats to data, and what happens when we fail to protect data. This module includes best practices that apply to most privacy regulations (such as GDPR, PIPEDA, CCPA, LGPD, POPIA, and others) and policies, and it uses definitions for privacy and personal information that are broadly applicable.
Putting Data Protection into Practice - In this module, employees will learn the best practices for protecting personal information and confidential organizational information, how to safeguard digital and physical data, and the importance of reporting incidents that compromise the security of the data they hold.
Privacy Series: Personal Information at Work - When we collect, manage, and maintain customers’ personal data, there are certain rules we must follow to ensure it is properly protected. Learn more about the seven principles for the lawful processing of personal data to ensure you are considered compliant.
The Basics of AI Regulations: Privacy & Security - In this course, learn how to make more conscious, ethical decisions when using generative AI. This course covers some of the important legal considerations, how to recognize ethical choices, and how to make more ethical decisions as an employee. You’ll discover ways to use these tools in specific cases, while staying mindful of issues regarding copyright, privacy, cybersecurity risks, and AI etiquette. By the end of this course, you’ll also be prepared to avoid common generative AI missteps and mitigate risks for you and your organization.
PCI DSS 4.0: Getting to Know the Payment Card Industry Data Security Standard - This training module teaches employees the importance of account data, about the Payment Card Industry Data Security Standard 4.0 (PCI DSS), PCI DSS requirements, and how to protect account data at the point of sale and when the card is absent.
Artificial Intelligence Foundations: Understanding Machine Learning - As artificial intelligence (AI) becomes a larger part of our lives, it’s important to understand the threat it poses to security. This module provides an overview of what AI is, how social engineers use it to launch attacks, and what people can do to protect themselves and their organizations.
Handling Sensitive Information with Care in the U.S. - Did you know that there are estimated to be more individual pieces of data floating around than stars in the observable universe? That's a lot of data! Much of that data could be used to cause harm if it gets into the wrong hands. This module is designed to give you an understanding of what information is sensitive and the best practices for handling and sharing that information.
New Privacy Regulations on the Horizon - This module educates us on developing privacy regulations. Staying abreast on these developments can assist us in our preparation for upcoming changes; while granting us ample time to pivot, if necessary.