Educating Users to Improve Awareness, Change Behaviors, and Reduce Risk

Our portfolio of more than 20 interactive training modules is designed to change behaviors within your organization and help your employees make the right decisions when they are face-to-face with security threats. Training is a foundational component of our Assess, Educate, Reinforce, Measure Continuous Training Methodology, and our unique approach allows you deliver effective cyber security education in a flexible, on-demand format that minimizes disruption to daily work routines.

Wombat vs Annual Training

Using Proven Principles to Improve Knowledge Retention

Our development and design processes are based on research-based Learning Science Principles and employ methods that have been proven to be more effective than once-a-year training presentations and videos. We use gamification techniques and interactive elements to engage users through hands-on decision-making, an approach that improves knowledge retention and facilitates longer-term behavior change.

We also make a clear distinction between “awareness” and “training” — as should you. Simply telling your employees that social engineering attacks exist is not going to reduce data breaches and malware infections. As well, focusing on only phishing-related threats ignores other issues — like mobile device security, WiFi safety, data protection, and physical security — that also have a significant impact on overall security postures.

To truly bring about change, your employees must understand how all security threats present themselves in day-to-day situations. Our interactive modules help end users recognize the role they play in protecting your network, data, and assets.


Key Features and Benefits

  • Focused, “bite-sized” training – Each of our standard modules provides an average of 10 to 15 minutes of interactive training about a specific security topic. End users participate in three to four lessons and end-of-lesson “challenges” to test their understanding of the materials. Our mini-modules are even more targeted, delivering 5 to 7 minutes of education about a topic in one to two lessons and challenges. Our approach is a stark contrast to monolithic training methods, which bombard users with multiple topics in a much lengthier presentation, with quizzes that are not integrated within the training.
  • Employee-driven interactivity – End users must interact with our modules; they set the pace and drive progress, and they are required exhibit a baseline level of proficiency on each lesson’s challenge before progressing. Modules can easily be completed in a single session, but users can use our Resume feature to bookmark their progress and restart a lesson or challenge at a later time if needed.
  • Immediate feedback – End users receive feedback on each challenge question, whether it’s right or wrong. This helps them learn at every step; they will understand why their selection was correct or incorrect rather than seeing a basic “right/wrong” indicator.
  • Mobile-responsive modules – Several of our modules are now available in a mobile-responsive format that gives your users the flexibility to take training anytime, anywhere, on any type of connected device. In the near future, all of our modules will be mobile responsive.
  • 508 and WCAG compliance – Our mobile-responsive modules conform to the U.S. Section 508 standard and the Web Content Accessibility Guidelines (WCAG) 2.0 AA standard, which ensures that these modules can be accessed and completed by end users with disabilities.
  • Customizable content – In addition to our purpose-written, research-based educational content, our Training Jackets allow you to add custom and personalized content to the beginning and end of each module. You can remind users about specific organization policies, attach a training completion certificate, include a policy acknowledgement screen, and more.
  • Multinational support – Multinational organizations can deliver training in more than 25 languages, which can be selected from a drop-down menu. Our high-quality translations ensure that global employees receive effective, consistent training in all office locations.
  • Intuitive user interface – You can access and assign all licensed training modules via our feature-rich, SaaS-based Security Education Platform. You can also customize and schedule assignment reminders and other program communications.
  • Comprehensive reporting and analysis – We go well beyond “training completed” tallies to give you insightful reporting about your training assignments. Dynamic filtering, bar charts, and statistical comparisons give you both high-level and granular looks at your employees’ results and help you gather the intelligence you need to effectively manage and tailor your efforts.  
  • SCORM compliant for LMS integration – Our modules are SCORM compliant and can be seamlessly integrated into an existing learning management system (LMS) if desired.  
  • Seamless integration with other Wombat products – Though our training modules can be used alone and serve as the centerpiece of your security awareness and training program, we recommend integrating your educational activities with our assessment and reinforcement tools. Both our CyberStrength® and ThreatSim® products support Auto-Enrollment, a value-add features that allows you to automatically assign training based on assessment results.



Protecting Against Ransomware Module
Protecting Against Ransomware

This mobile-responsive mini-module allows you to deliver brief but comprehensive training about ransomware, a significant and rising threat across all markets, including healthcare. End users will learn how to recognize and prevent ransomware attacks, and the best practices they learn will be applicable in fighting other types of phishing and malware-based threats.

Travel Security Module

Travel Security

This mobile-responsive mini-module is a must for employees who take corporate devices and data on the road. Whether they travel frequently or infrequently, it's beneficial for your end users to learn about cybersecurity safeguards that can protect them during domestic and international trips.

USB Device Safety Module

USB Device Safety

Infected USB devices are an often-overlooked threat, and end users need to be aware of the risks associated with flash drives and other IoT items that are powered via USB ports. This mobile-responsive mini-module quickly and effectively teaches your employees the dangers associated with unknown USB drives and explains how users can protect their personal and corporate data and systems when using USB-based devices.


Standard Modules

Email Security or Anti-Phishing Phil

Email Security or Anti-Phishing Phyllis™

We teach your employees to recognize bait and traps commonly found in phishing emails and spear phishing attacks. Users will learn to identify and avoid manipulative content, malicious and disguised links, dangerous attachments, inappropriate data requests, and other threats. We offer two styles of education on this subject, an interactive training module and a character-driven training game. Both present examples of phishing emails and ask users to identify potential traps.


URL Training or Anti-Phishing Phil

URL Training or Anti-Phishing Phil™

Your employees will learn how URLs are constructed, URL warning signs, and how to identify and avoid malicious links. The training covers manipulated domains, shortened URLs, and other common tricks. We offer two styles of education on this subject, an interactive training module and a character-driven training game. Both options ask users to determine malicious links from legitimate links.


Data Protection and Destruction Training Module

Data Protection and Destruction

Employees will learn how to apply best practices related to secure handling and storage of sensitive data throughout its life cycle. This mobile-responsive module explains how to manage physical files, documents, and portable storage media, as well as technical safeguards for electronic devices and files. We also teach users about techniques for properly disposing of and destroying confidential data.


Mobile App Security

Mobile App Security

A sister module to Mobile Device Security, this training focuses on mobile applications. We teach users how to research app components and the implications of dangerous permissions, which can help them judge the reliability and safety of mobile applications prior to downloading.


Mobile Devices Security Module

Mobile Device Security

Whether you issue mobile devices to your employees or you are a Bring Your Own Device (BYOD) organization, your employees can benefit from our interactive training and suggested best practices for safe use of mobile devices. Using this mobile-responsive module, users will learn the importance of physical and technical safeguards, as well as ways to improve the security of their mobile communications and connections.


Password Security

Password Security

We teach your employees the difference between strong and weak passwords, show and test two methods for creating strong passwords, and explain best practices for keeping passwords safe. Employees will also learn about password families and get hands-on practice creating them.


Physical Security

Physical Security

This module introduces key components of physical security and helps your employees understand their role in maintaining a safe and secure work environment. They will also learn how they can prevent and correct physical security breaches and best practices that will help them keep your people, areas, and assets secure.


Safe Social Networking Training Module

Safe Social Networking

Your employees will learn how to safely share and interact with others on social networking sites. We explain common traps and scams to avoid on these very public platforms. This interactive training will help employees understand what they should and should not share on social media, helping to keep your company information more secure.


Safer Web Browsing

Safer Web Browsing

This training teaches your employees how to avoid many of the common pitfalls and dangers associated with web browsing. They will learn how to identify potentially dangerous URLs, avoid malware and virus downloads, and spot Internet scams.

Security Beyond the Office

Security Beyond the Office

Employees will learn best practices for keeping your data, network, and equipment safe when working outside the office. Topics include safe use of WiFi networks, the dangers of public computers, and practical physical security measures.


Security Essentials Training Module

Security Essentials

This scenario-driven, mobile-responsive module introduces users to security issues that are commonly encountered in day-to-day business and personal activities. This is an excellent option for introducing new hires to simple, effective best practices they can use to improve security in the workplace and beyond. We also recommend it for use at the close of your initial training cycle and as an occasional refresher for employees who previously completed training.


Security Essentials for Executives Module

Security Essentials for Executives

This scenario-based, mobile-responsive training focuses on cyber security threats and concerns that are unique to senior managers, executives, and members of the C-Suite. The education highlights best practices related to mobile devices, use of non-corporate networks, physical security, internal and external meetings, social media, and other topics. This comprehensive module helps executives recognize potential threats, improve security behaviors in their business and personal lives, and drive a top-down culture of cyber awareness.


Safe Social Networking Training Module

Social Engineering

Social engineers build relationships and take advantage of the human tendency to be open and helpful, all in an effort to steal data, access confidential networks, and run other scams. This mobile-responsive module goes beyond the phishing threat and explains the dangers associated with smishing, vishing, social media, and in-person attacks. Your employees will learn how to recognize and avoid common social engineering techniques and keep your people, areas, and assets secure.


Compliance Training

Governance, risk management, and compliance (GRC) officers are always looking to ramp up their employees’ understanding of compliance and security requirements. We have several modules that introduce the primary concepts of industry standards and explain your employees’ roles in maintaining these standards:




This module helps your staff better manage credit card data; understand PCI DSS requirements; securely manage records and accounts; and recognize and act upon security breaches.


Personally Identifiable Information (PII)

Personally Identifiable Information (PII)

Employees will learn how to identify PII; best practices for handling, storing, and sharing PII; and the fundamental actions to take in the event of a PII breach.


Protected Health Information (PHI)

Protected Health Information (PHI)

We teach your employees how they should safeguard PHI to meet the HIPAA Omnibus rules, which includes new regulations in addition to former HIPAA and HITECH standards. Employees will learn about PHI identifiers and receive practical guidance for using, disclosing, transmitting, and storing PHI.

Try the Training Modules