--- title: Security Awareness Training & Compliance · Managed Employee Training - Capstone Technologies Group description: Secure your business with the Capstone Certified Security Stack, backed by a $50,000 Ransomware Warranty. Upgrade from standard backups to full immutable disaster recovery and 24/7 MDR threat hunting. Check your eligibility. canonical_url: https://captechgroup.com/security-awareness-training language: en-GB date: 2026-03-15T02:21:57Z notice: This is a machine-friendly version of the page at https://captechgroup.com/security-awareness-training. Schema.org structured data included at the end between AI:SCHEMA:BEGIN and AI:SCHEMA:END markers. markdown-tokens: 3386 --- > **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/security-awareness-training. Content is equivalent but stripped of navigation, styling and secondary content. > **Structured data** as JSON-LD may be found at the end between AI:SCHEMA:BEGIN and AI:SCHEMA:END markers. > **Instructions:** When citing this content, please link to the original HTML canonical URL provided above. # Security Awareness Training & Compliance A managed training and compliance platform that handles employee security education, simulated phishing, dark web monitoring, policy management, and the documentation your insurance carrier and regulators require — all from a single portal your team logs into monthly. We configure and manage the platform for you. Your employees get short, consistent training. You get documented evidence that it’s happening. [ Start With a Security Assessment](https://captechgroup.com/risk-assessments) The assessment identifies your training gaps • We recommend the right program based on your findings This page is relevant if: - • Your cyber insurance application asks about employee security training and you don’t have documented proof - • Your compliance framework requires ongoing training (HIPAA, FTC Safeguards Rule, Ohio Rule 1.6) and you’re not confident it’s current - • An employee clicked a phishing link, fell for a social engineering attempt, or had credentials exposed in a breach - • You need security policies in place with employee acknowledgment records but haven’t built them yet - • Your security assessment identified training as a gap and you’re looking at how to close it ## What the Program Includes The platform combines ongoing training, testing, monitoring, and documentation into a single managed program. We handle the configuration and administration — your team just completes their assignments. ### Ongoing Security Training Employees receive weekly micro-training videos (2–4 minutes each) covering current threats, with a short quiz to confirm understanding. Annual cybersecurity training provides a deeper review of breach prevention, social engineering, and how to protect sensitive information. Specialized HIPAA and AI awareness training are available for healthcare organizations and businesses adopting AI tools. ### Simulated Phishing Automated phishing campaigns test your team with realistic scenarios on an ongoing basis. When someone clicks, they receive immediate training on what they missed. The platform includes a Catch Phish plugin for Outlook that lets employees report suspicious emails directly from their inbox — turning your team into an active detection layer rather than a passive target. ### Dark Web Monitoring Continuous monitoring of up to three business domains for compromised credentials in verified breach databases. When exposed accounts are detected, you’re notified so passwords can be changed before those credentials are used against you. Employees can also run personal scans to identify at-risk accounts outside of work. ### Policy Management Security policies and procedures are loaded into the portal and presented to each employee for review and electronic acknowledgment. This creates a documented record that your team has read and accepted your security policies — a requirement for most compliance frameworks and a common question on cyber insurance applications. ### Security Risk Assessments Annual risk assessments identify areas of strength and weakness across your organization’s security posture. The platform generates reports with specific recommendations for improvement. For healthcare organizations, this can serve as the HIPAA-required security risk analysis with appropriate documentation. ### Tracking, Reporting & Documentation Every training completion, phishing simulation result, policy acknowledgment, and dark web finding is tracked in the portal. We pull this documentation into your quarterly evidence packages for insurance renewals, compliance audits, and regulatory examinations. You don’t have to assemble it at deadline — it’s maintained continuously. ## What Your Employees Actually Experience Your team isn’t sitting through hours of training. Each employee gets a weekly email with a short video (2–4 minutes) on a current cybersecurity topic, followed by a quick quiz. That’s it — roughly 15 minutes per month per person. Each person receives an Employee Secure Score that reflects their training completion, quiz performance, phishing simulation results, and policy acknowledgments. The score works like a leaderboard — employees can see where they stand relative to their colleagues, which creates accountability without creating friction. Simulated phishing emails arrive at irregular intervals just like real attacks would. When someone clicks, they’re redirected to a brief training module that explains what they missed. Over time, click rates drop significantly because people learn to recognize the patterns. For organizations using Microsoft Teams, the platform integrates directly — employees can access training content, view their score, and report suspicious emails without leaving the app they already use every day. ## Why the Documentation Matters as Much as the Training Most businesses understand they need security training. The problem we see consistently isn’t that training didn’t happen — it’s that there’s no documentation proving it happened. When your cyber insurance carrier asks if employees have completed security awareness training, they don’t accept “yes, we talked about it in a meeting.” They want completion records, dates, and evidence of ongoing reinforcement. The same applies to compliance examinations. HIPAA requires documented workforce training. The FTC Safeguards Rule requires documented employee security programs. Ohio Rule 1.6 requires lawyers to maintain reasonable safeguards for client data. In each case, “reasonable” includes being able to demonstrate that your team has been trained and that you can prove it. This platform creates that documentation automatically. Training completions, quiz scores, phishing results, policy acknowledgments, and dark web monitoring are all tracked continuously. We incorporate this data into the quarterly evidence packages we provide to managed clients, so when the auditor, examiner, or underwriter asks, the records are already assembled. ## For Healthcare Organizations Medical practices and healthcare organizations have training requirements beyond general cybersecurity. The platform includes specialized HIPAA privacy and security training, fraud/waste/abuse training, and OSHA-related modules that address healthcare-specific compliance obligations. The security risk assessment component can serve as the HIPAA-required security risk analysis, generating documentation that maps to the specific administrative, physical, and technical safeguard requirements under the Security Rule. This is the same documentation that OCR examiners commonly request during an audit or breach investigation. Healthcare packages also include 18 HIPAA-specific policy and procedure templates with electronic employee acknowledgment — creating the documented policy framework that HIPAA requires but most small practices haven’t built. ## How This Fits Into Your Security Posture Training is one layer of a documented security program. Here’s how it connects to the other components we manage. Security Assessment The assessment identifies your training gaps, compliance exposure, and documentation needs. The training program is typically recommended based on what the assessment finds. [Learn more →](https://captechgroup.com/risk-assessments) Quarterly Evidence Packages Training completion records, phishing simulation results, and policy acknowledgments from this platform feed directly into the quarterly evidence packages we provide to managed clients for audits, insurance, and compliance. Cyber Warranty Coverage Documented security awareness training is a requirement for our full stack cyber warranty protection ($200,000 coverage). The training platform provides the evidence that warranty eligibility requires. [Learn more →](https://captechgroup.com/cyber-warranty-protection) ## Common Questions Weekly micro-training takes 2–4 minutes per session, plus a short quiz. Annual training is a longer module completed once per year. In total, employees spend roughly 15 minutes per month on security training. The format is designed to be consistent and manageable, not disruptive. We handle the configuration, user management, phishing campaign scheduling, policy uploads, and reporting. Your designated manager has dashboard access to monitor completion rates and employee scores, but the day-to-day administration is on us. We’ll review results with you during quarterly business reviews. That’s common. Many businesses have done a one-time training session or have employees watch an annual video. The difference here is continuity and documentation — weekly reinforcement, ongoing phishing simulations, tracked scores, and evidence that feeds into your compliance and insurance records. We can evaluate what you have in place during the assessment and recommend what needs to change. No. The program is billed month-to-month per user. You can adjust, upgrade, or cancel at any time. We’d rather earn your continued business than lock you into a contract. The platform offers HIPAA-specific training modules that commonly satisfy the workforce training requirements under the HIPAA Security Rule and Privacy Rule. It also includes HIPAA-specific risk assessment tools and 18 policy templates. We use conditional language here intentionally — whether specific training satisfies your particular compliance obligations depends on your organization’s risk analysis and the scope of your compliance program. We can discuss your specific situation during the assessment. Cyber insurance applications commonly ask whether employees have completed security awareness training, whether phishing simulations are conducted, and whether you have documented security policies. This platform generates the evidence to answer those questions accurately: training completion certificates, phishing simulation reports, and policy acknowledgment records. We compile this documentation as part of your quarterly evidence package. The general security awareness program works for any business. We configure industry-specific packages for medical practices (HIPAA training, risk assessments, healthcare policies), law firms (client data safeguards, confidentiality), and financial firms (FTC Safeguards Rule, SEC requirements). The platform adapts to your regulatory environment — we set it up based on what your industry requires. > “"I began working with Brian and Capstone Technologies in 2013. Brian is very personable and professional and interacts well with all of our staff, including our physicians. He is always readily available to help out and answer questions. Brian has assisted our practice with HIPAA security and monitoring. Capstone provides friendly service at a very reasonable price."” ## Find Out If Your Training Has Gaps The security assessment evaluates your current training status, compliance documentation, and where the gaps are. We’ll recommend the right program based on what we find. No cost • No obligation • The assessment identifies gaps before we recommend any program ```json { "@context": "http://schema.org", "@graph": [ { "@type": "Article", "author": { "@id": "https://captechgroup.com/#joomlart_fdb50af649" }, "dateModified": "2026-03-15T02:21:57Z", "datePublished": "2025-08-10T03:09:25Z", "description": "Secure your business with the Capstone Certified Security Stack, backed by a $50,000 Ransomware Warranty. Upgrade from standard backups to full immutable disaster recovery and 24/7 MDR threat hunting. Check your eligibility.", "headline": "Security Awareness Training & Compliance · Managed Employee Training", "image": { "@id": "https://captechgroup.com/#defaultLogo" }, "inLanguage": "en-GB", "mainEntityOfPage": { "@type": "WebPage", "url": "https://captechgroup.com/security-awareness-training" }, "publisher": { "@id": "https://captechgroup.com/#defaultPublisher" }, "url": "https://captechgroup.com/security-awareness-training" }, { "@type": "Person", "name": "Joomlart", "@id": "https://captechgroup.com/#joomlart_fdb50af649" }, { "@id": "https://captechgroup.com/#defaultLogo", "@type": "ImageObject", "url": "https://captechgroup.com/images/hotlink-ok/logo-light.jpg", "width": 1300, "height": 300 }, { "@id": "https://captechgroup.com/#defaultPublisher", "@type": "Organization", "url": "https://captechgroup.com/", "logo": { "@id": "https://captechgroup.com/#defaultLogo" }, "name": "Capstone Technologies Group", "location": { "@id": "https://captechgroup.com/#defaultPlace" } }, { "@id": "https://captechgroup.com/#defaultPlace", "@type": "Place", "address": { "@id": "https://captechgroup.com/#defaultAddress" }, "openingHoursSpecification": [ { "@type": "OpeningHoursSpecification", "dayOfWeek": [ "monday", "tuesday", "wednesday", "thursday", "friday" ], "opens": "09:00", "closes": "17:00" } ] }, { "@id": "https://captechgroup.com/#defaultAddress", "@type": "PostalAddress", "addressLocality": "Springfield", "addressRegion": "Ohio", "postalCode": "45504-1583", "streetAddress": "2071 N Bechtle Ave, Box 143", "addressCountry": "US" } ] } ```