Vairogs Skola

Individual Cybersecurity Instruction

Read the modules and complete the test yourself. The result stays only in this browser session; use the manager view for company records.

10 modulesTest: 10 questionsPass mark 80%
Module 1 · 6 min

Why this instruction is required

NKDL, Regulation No. 397, and practical proof for management.

The employee understands that cybersecurity is part of their work responsibility, not a private IT department topic.

Threat

After an incident, companies lose time and evidence if they cannot show what employees learned and when.

What to know

  • Regulation No. 397 requires initial instruction within one month after a user account is granted and refresher instruction at least once per calendar year.
  • The company must keep materials current, keep training records, and assess knowledge.
  • A Vairogs report is evidence of record keeping and knowledge assessment, not a state certificate.
  • This is a cybersecurity course. It does not replace occupational safety instruction under Regulation No. 749.

Actions

  • Complete the course and test through your private work-email link.
  • After training, keep the reporting channel and responsible manager contact available.
  • If the responsibility is unclear, ask who is responsible for cybersecurity management in the company.
Module 2 · 8 min

Phishing: email, SMS, QR codes, and sign-in links

How to recognise a message that looks like a bank, delivery service, Microsoft, or a manager.

The employee checks sender, domain, urgency, and requested action before clicking.

Threat

In CERT.LV 2026 data, fraud is one of the largest Latvian threat groups.

What to know

  • Phishing does not always ask for a password immediately. It may ask you to open an attachment, enter a code, approve Smart-ID, or connect a device.
  • Attackers use short deadlines, fear of account blocking, and similar-looking domains.
  • QR codes and short links should be treated as hidden links: check the final domain before entering data.
  • A link from a familiar person does not prove that their account has not been taken over.

Actions

  • Do not enter a password, code, or card details through a link that arrived in a message.
  • Open the service manually by typing the address or using a bookmark.
  • Forward suspicious messages to the responsible person or IT, not to a group chat with the active link.
  • If you already entered data, report immediately instead of waiting until the end of the day.
Module 3 · 7 min

Passwords, MFA, Smart-ID, and secret codes

What must never be shared, even when the other person sounds convincing.

The employee distinguishes secure authentication from a situation where they are being used as an access gateway.

Threat

Stolen credentials and social engineering remain frequent paths to initial access.

What to know

  • Passwords must be unique. If one password is reused, one leak can compromise several accounts.
  • MFA is not a magic shield if you approve someone else’s sign-in or read out a code.
  • In Smart-ID and mobile authentication prompts, check the action, amount, recipient, and timing.
  • Signal, WhatsApp, email, and backup recovery keys should be treated like passwords.

Actions

  • Use a password manager, or at least unique passwords for critical accounts.
  • Never tell anyone a one-time code, PIN, Smart-ID code, or recovery key.
  • If you receive an unexpected MFA request, deny it and report it.
  • If in doubt, call a previously known number, not the number included in the message.
Module 4 · 8 min

Phone calls, executive fraud, and deepfakes

How to stop a convincing person who rushes a payment or data transfer.

The employee stops risky conversations and verifies requests through an independent channel.

Threat

AI and automation make fraudulent conversations more believable, personal, and cheap to produce.

What to know

  • An attacker may know real names, projects, job titles, and suppliers.
  • CEO or finance fraud usually relies on urgency, secrecy, and bypassing the normal process.
  • Voice or video is no longer enough proof when the request is unusual.
  • A safe process protects the employee too: nobody has to prove courage by breaking procedure.

Actions

  • Confirm payments, data exports, or access grants through a second, previously known channel.
  • Use the phrase: "I will check this according to the procedure and call back."
  • Do not accept isolation tactics such as "do not tell anyone".
  • If a mistake has already happened, report immediately. The first minutes decide whether a payment can be stopped.
Module 5 · 8 min

Malware and ransomware

Attachments, downloads, macros, remote access, and data leakage.

The employee does not run unknown files and knows what to do when suspicious activity appears on screen.

Threat

The June 2026 Latvijas Valsts meži incident showed that ransomware also affects large Latvian companies.

What to know

  • Ransomware is not only data encryption. Data is often stolen first and then used for extortion.
  • An attachment may be an Office file, archive, PDF with a link, installer, or "security update".
  • Attackers also exploit vulnerabilities in public systems, not only email.
  • If a system behaves strangely, the important thing is not to hide it or quietly try to fix it alone.

Actions

  • Do not open unexpected attachments when the context and sender are unclear.
  • Do not install remote-access tools because a stranger tells you to.
  • If you ran a suspicious file, follow company procedure and report immediately.
  • Do not delete evidence: keep the email, screenshot, time, and sequence of actions.
Module 6 · 7 min

Updates, devices, and backups

Simple cyber hygiene that reduces most technical risk.

The employee keeps work devices updated and does not bypass security settings.

Threat

CERT.LV reports many compromised devices; ENISA highlights fast exploitation of vulnerabilities.

What to know

  • Updates close known vulnerabilities. Delays give attackers time.
  • A work device is not a shared family computer and is not a place for pirated software.
  • A backup matters only if it can be restored and is not available to the same attacker.
  • Public Wi-Fi is not automatically dangerous, but sensitive work should use the company’s approved secure connection.

Actions

  • Allow operating system and browser updates. Do not postpone them without a reason.
  • Do not turn off antivirus, firewall, or disk encryption just to work faster.
  • Do not connect unknown USB storage to a work device.
  • Report a lost or stolen device even if it is locked.
Module 7 · 8 min

Data, clients, and documents

How to avoid leaking personal data, trade secrets, and client information.

The employee checks recipient, attachment, access rights, and data minimisation before sending.

Threat

A data leak can start with one wrong recipient, public link, or shared file.

What to know

  • Not all data is equal. Personal data, financial data, contracts, access lists, and incident information require extra care.
  • A sharing link set to "anyone with the link" can become a public data leak.
  • Attachments may contain metadata, comments, version history, or hidden sheets.
  • Less data means less harm if a mistake still happens.

Actions

  • Before sending, check the recipient, attachment, and whether the data is actually needed.
  • Share files only with specific people or groups, not publicly.
  • Remove unnecessary data and comments before sending a document outside the company.
  • If you sent something incorrectly, report immediately so access can be revoked and risk assessed.
Module 8 · 7 min

Remote work, SaaS, and cloud services

Safe work outside the office and inside third-party tools.

The employee understands that company data in the cloud is still company data.

Threat

Supply-chain and third-party risks grow as companies rely on many SaaS tools.

What to know

  • Work documents in personal email, personal drives, or unapproved chats become hard to control.
  • Access rights should be granted by need, not by convenience.
  • A supplier incident can affect your company too.
  • In remote work, protect not only the computer, but also the screen, conversations, and printed documents.

Actions

  • Use company-approved tools and accounts.
  • Regularly review sharing links that you created.
  • Do not leave a work screen visible in public places.
  • Before using a new tool for work data, ask the responsible person.
Module 9 · 7 min

AI tools and shadow AI

What can be placed in a chatbot, what cannot, and how to verify output.

The employee does not enter company secrets, personal data, or client documents into AI tools without permission.

Threat

AI helps defenders and attackers: scams become more believable, while employees can accidentally leak data.

What to know

  • A public AI chat is not automatically a safe place for client lists, contracts, code, passwords, or incident information.
  • AI can be confidently wrong, so legal, financial, and security conclusions must be checked.
  • Attackers use AI to create well-written scam messages and adapt them to a specific person.
  • A safe AI policy defines which tools may be used and which data may be entered.

Actions

  • Do not enter passwords, access keys, client data, or unpublished contracts into an AI tool.
  • Anonymise examples when AI is needed to improve text.
  • Check AI suggestions against an official source or company procedure.
  • If an AI tool asks to connect a work account or grant broad permissions, stop and ask.
Module 10 · 9 min

Incident reporting: the first 15 minutes

What to do if you clicked, entered a code, sent data, or see strange activity.

The employee reports quickly, preserves evidence, and does not hide mistakes.

Threat

Damage grows when a person is afraid, deletes traces, or quietly tries to fix the situation alone.

What to know

  • An incident can be caused by a mistake, inattention, or lack of knowledge. The goal is to limit harm, not find blame in the first minute.
  • Time, sequence of actions, message content, sender, links, and screenshots matter.
  • If money is at risk, the first action may be contacting the bank or stopping the payment.
  • If a work account is at risk, the account must be secured and IT or the responsible person informed.

Actions

  • Stop the risky action and do not enter more data.
  • Keep evidence: email, SMS, link, screenshot, time, and what you did.
  • Report through the company’s defined channel, even when you are not sure.
  • Do not trade guilt for silence. A fast report can save the company.
Self-test

Knowledge check

Answer all questions. The result is not stored in the Vairogs database.

1. What does management need as evidence after cybersecurity instruction under Regulation No. 397?
2. You receive an SMS: "Your account will be blocked in 10 minutes, confirm through this link." What do you do?
3. A colleague asks in chat for your MFA code because "work is urgent".
4. A call sounds like your manager and asks for a confidential payment outside the normal process.
5. You opened an unexpected attachment and the computer started behaving strangely. First step?
6. Why is postponing updates a risk?
7. What is the safest way to share a client document with one partner?
8. What is correct if you want to use a new AI or SaaS tool for work data?
9. What must not be entered into a public AI chat without company permission?
10. What best reduces damage after a mistake?
Answered 0/10