Cyber Awareness · Half day

Q: How quickly can you deliver?

Typical lead time from a first call to delivery is 2–4 weeks . We can move faster if you need to — the limiting factor is usually your calendar, not ours.

About this workshop

Why your team is the front line.

91% of UK cyber breaches start with a person, not a system. Your firewall, your endpoint protection and your SIEM are doing their job. The breach happens when someone in marketing clicks the link, when someone in finance pays the scam invoice, or when someone in HR responds to the LinkedIn message from a fake recruiter. The training that prevents it isn't an annual e-learning module.

This workshop is aligned to Cyber Essentials user-side requirements and the NCSC (National Cyber Security Centre) guidance for non-technical staff — the framework that underpins virtually every credible UK workplace cyber training. We can also map it to ISO 27001 awareness training requirements if you're working towards certification.

The day is built around recognising real attacks. Delegates work through real recent UK phishing examples, drill the 60-second check on actual emails, practise the suspicious-call script, and leave with a personal cyber hygiene checklist for the role — not a generic deck.

Aligned to Cyber Essentials + NCSC guidance

Outcomes · what your team will leave with

Six behavioural shifts for the front line.

Every TESS workshop is designed backwards from the change you want to see in your team's behaviour. Here's what coaching graduates do differently on the Monday after.

01 · Phishing

Spot a phishing email in 60 seconds.

The 5 red flags — domain, urgency, payload, voice, ask — drilled on real recent UK phishing examples.

02 · Passwords

Use a password manager + MFA, properly.

Why Password1! still happens. The 3 settings that turn MFA from theatre into protection.

03 · Social

Recognise social engineering on phone and LinkedIn.

The pattern of a vishing call. The fake recruiter LinkedIn message. The 'helpful' favour.

04 · Invoices

Spot the scam supplier invoice before it gets paid.

CEO fraud, fake supplier emails, payment redirection scams — the 3 checks that catch most of them.

05 · Recovery

Know what to do when you've clicked the bad link.

The 5 minutes after a click are critical. The exact sequence — what to do, what to say, who to call.

06 · Reporting

Report it without fear of blame.

Why blame culture is the biggest cyber weakness. The reporting workflow that actually surfaces incidents.

Programme · the day in detail

What the day looks like.

Half-day format. A focused three-and-a-half hour block — the structure compresses to fit the time without losing the live practice.

Half day · 09:00 – 12:30

Diagnosis · framework · drilling

Why this mattersRecent UK breaches. The 91% human factor. What your insurer wants to see.
Phishing in detailThe 5 red flags. The 60-second check. Drilled on real recent examples.
Password hygiene + MFAWhy Password1! still happens. Setting MFA up properly.
Safe remote workPublic Wi-Fi, home network, BYOD devices, screen lock discipline.
Scam invoices & clicked-linksSpotting CEO fraud and supplier-payment scams. What to do in the 5 minutes after a click.

Audience · who it's for

Is this the right workshop for your team?

Right fit if

Your team is non-technical and has had only annual e-learning so far
Your insurer has asked for evidence of cyber training as a policy condition
You've had a near-miss (or worse) and want behaviour change, not awareness
You're working towards Cyber Essentials or ISO 27001 certification
You want a training that drills the habits, not just delivers the slides

Not the right fit if

You're looking for technical cyber training (pentesting, SOC, incident response) — different audience entirely
You want a CISSP/CompTIA prep course — see specialist certifications
You expect a workshop to fix a culture where reporting is punished — needs a culture change first
You're hoping for a one-off compliance tick-box — most useful with quarterly refreshes

Try AI Policy Drafting instead →

What's included.

TESS practitioner-led delivery
Live online or in-person, your call
Custom-tailored to your sector
Digital workbook for every delegate
Question repertoire library
30-day cadence template
CPD-certified digital certificate
Optional 30-day follow-up session

Sensible questions

Frequently asked.

What does it cost?

Pricing depends on group size, delivery mode (live online vs in-person) and whether we tailor the curriculum to your sector. Closed cohorts start from a few hundred pounds per delegate for half-day workshops and scale from there. Book a 15-minute discovery call and we'll give you a concrete figure within 24 hours.

Half day or full day — which should we pick?

Cyber Awareness is a focused half-day by design — long enough to drill the phishing and password discipline, short enough that your team don't lose half a day. A full-day option exists when you want to combine it with AI Policy Drafting for an integrated digital governance day.

What's the minimum group size?

We're flexible. Most cohorts run with 10–20 delegates, but we regularly deliver for smaller groups of 2–4, particularly for senior teams or specialised sectors. The live coaching rounds work better with even numbers, but we'll make any group work.

Live online or in-person?

Live online is our default and works well for coaching — breakout rooms make the practice rounds work cleanly. We also deliver in-person at your site or a venue you choose, particularly when the cohort already work in the same room.

How quickly can you deliver?

Typical lead time from a first call to delivery is 2–4 weeks. We can move faster if you need to — the limiting factor is usually your calendar, not ours.

Can we tailor the content to our sector?

Yes. The frameworks (GROW, TGROW, observable behaviours) stay the same; the examples, exercises and case studies are tailored to your sector, tools and your team's real work. We discuss this on the discovery call and rebrief the practitioner before delivery.

Is CPD certification included?

Yes. Every delegate receives a CPD-certified digital certificate on completion. The certificate references the hours of learning and the frameworks covered, so it can be added directly to a CPD record for any chartered or professional body.

Who is the practitioner?

We allocate a TESS coaching practitioner based on your sector. All practitioners are independently qualified coaches (ILM Level 5 or equivalent) with active corporate coaching practices. We'll send the named practitioner's bio after the discovery call.

Cyber hygiene
that sticks.