MyRepsoft Security Awareness

Internal Training Portal

Security Awareness Training Portal

This portal provides practical security awareness guidance for protecting company accounts, systems, customer information, and business operations from common cyber risks.

Start Training Report Suspicious Email

Purpose of this Training

Security awareness training helps employees understand common security risks such as phishing emails, online scams, weak passwords, unsafe file sharing, suspicious attachments, and improper handling of company or customer data.

Every employee plays an important role in protecting MyRepsoft systems, company information, customer data, and business reputation. Security is not only an IT responsibility. It is a shared responsibility across the company.

Key Training Topics

πŸ”

Password & MFA Safety

Protect company accounts using strong passwords and proper MFA behavior.

πŸ“§

Phishing Awareness

Identify suspicious emails, fake links, urgent requests, and malicious attachments.

⚠️

Scam & Spam Emails

Recognize fake invoices, impersonation attempts, and payment-related scams.

πŸ’Ό

Safe System Use

Use approved company systems and handle business data responsibly.

🚨

Incident Reporting

Report suspicious emails, mistakes, near misses, and security concerns quickly.

Employee Security Responsibilities

What Employees Must Do

  • Protect company usernames, passwords, MFA codes, and login sessions.
  • Use company-approved systems, tools, and storage locations for work-related activities.
  • Verify unusual requests before sending files, credentials, customer data, or payment information.
  • Keep company and customer information confidential.
  • Report suspicious emails, security concerns, mistakes, or unusual system behavior as soon as possible.
⚠️

Important Reminder

Reporting early is better than hiding a mistake. Fast reporting helps reduce possible damage.

βœ… Do

  • Report early
  • Keep the email or evidence
  • Ask IT/security if unsure

❌ Don’t

  • Do not hide mistakes
  • Do not forward suspicious links
  • Do not keep clicking or retrying

How to Identify Phishing Emails

Phishing Red Flags

  • The sender email address does not match the company or person it claims to represent.
  • The message creates urgency, fear, pressure, or threatens account closure.
  • The request involves passwords, MFA codes, payment changes, invoices, confidential data, or bank details.
  • The link looks unusual, shortened, misspelled, or different from the official website.
  • The attachment is unexpected, especially ZIP, EXE, HTML, macro-enabled Office files, or suspicious PDFs.
  • The message asks you to bypass normal approval, finance, or verification processes.

Before You Click

  1. Check the sender address carefully.
  2. Hover over links before clicking and verify the destination.
  3. Confirm if the email was expected.
  4. Verify unusual requests using a trusted communication channel.
  5. Do not open suspicious attachments.
  6. Report suspicious emails to the security mailbox.

Examples of Suspicious Emails

Fake Password Expiry

An email says your Microsoft 365 or company account password will expire today and asks you to click a link. Always verify the link and do not enter your password unless you are sure the site is legitimate.

Supplier Bank Change

A supplier suddenly requests a change of bank account details. This must be verified using the normal finance approval process and a trusted contact method.

CEO or Manager Impersonation

A message pretends to be from management and asks for urgent payment, gift cards, credentials, or confidential files. Do not act based only on email urgency.

Unexpected Attachment

A delivery notice, invoice, or legal document arrives unexpectedly with an attachment. Treat unexpected files as suspicious until verified.

Password and MFA Safety

Password Rules

  • Use strong and unique passwords for company accounts.
  • Do not reuse company passwords on personal websites or apps.
  • Do not share passwords through chat, email, notes, screenshots, or calls.
  • Use an approved password manager if provided by the company.
  • Change your password immediately if compromise is suspected.

MFA Rules

  • Never share MFA codes with anyone.
  • Do not approve MFA prompts you did not initiate.
  • Report repeated or unexpected MFA prompts immediately.
  • Be careful of fake login pages asking for both password and MFA code.

Safe Handling of Company and Customer Data

Company and customer information must be handled carefully. Employees should only access, use, download, share, or store information that is necessary for their assigned work.

  • Do not send company or customer data through personal email accounts.
  • Do not upload company data to unknown websites, public tools, or unapproved AI platforms.
  • Do not copy sensitive information to personal devices or personal cloud storage.
  • Share files only through approved systems and with authorized recipients.
  • Double-check recipients before sending emails or attachments.
  • Report accidental sharing, wrong recipient mistakes, or suspected data exposure immediately.

Device and Remote Work Security

Device Safety

  • Lock your screen when away from your computer.
  • Keep work devices updated and protected.
  • Do not allow family members or other people to use company devices.
  • Report lost, stolen, or damaged devices immediately.

Remote Work Safety

  • Avoid using public Wi-Fi for sensitive work unless protected by approved security controls.
  • Be aware of shoulder surfing when working in public places.
  • Store files only in approved company locations.
  • Do not print or leave sensitive documents unattended.

What To Do If Something Goes Wrong

Report Immediately If You:

  • Clicked a suspicious link.
  • Entered your password on a suspicious website.
  • Opened an unexpected or suspicious attachment.
  • Approved an MFA prompt you did not request.
  • Sent company or customer data to the wrong person.
  • Notice unusual account activity or system behavior.

Do not delete evidence such as emails, attachments, screenshots, or error messages. These may help IT or the security contact investigate the issue.

Security Awareness Training Video

Security Awareness Training Video

Employees should watch the video together with this written guide before completing the acknowledgment.

Training Completion Steps

  1. Read the full Security Awareness Training content on this page.
  2. Watch the official Security Awareness Training video.
  3. Understand how to identify and report suspicious emails.
  4. Complete the Employee Acknowledgment form provided by management.

Employee Acknowledgment

Acknowledgment Statement

By completing this training, the employee confirms that they have read and understood the security awareness guidelines, know how to identify suspicious emails, understand their responsibility in protecting company and customer information, and know how to report security concerns.

Report Suspicious Email

If you receive a suspicious, scam, spam, or phishing email, do not click links, open attachments, reply, or approve unexpected login prompts.

Report it immediately to:

security@myrepsoft.com