NFIR Security Awareness Program is a structured, multi-year service offering designed to improve employee awareness of information security risks and promote behavior change within organizations. The program is offered as a 3-year Awareness Program or as individual stand-alone services. It targets employees at all levels, including management and board members, as well as specialized groups such as IT staff, education sector personnel, and municipal workers. Core service components include: - E-learning modules focused on cyber risks and safe online behavior - Phishing simulations using realistic, customized phishing attacks to test employee alertness - Awareness training for management and executive teams, including crisis simulation and incident readiness presentations - Social engineering activities such as voice phishing (vishing) and mystery guest physical penetration tests - Program management support covering implementation and ongoing optimization - Awareness consulting (up to four hours annually) as supplementary advisory support The program is guided by certified cybersecurity trainers and follows a process-based approach aimed at sustained behavior change. NFIR frames its methodology around three pillars: people, process, and technology — positioning human behavior as a critical and addressable element of an organization's security posture.