The best defence against cyberattacks is not the most expensive software. It is people who know what to look for. Our practical, plain-English training sessions teach individuals, employees, and small business teams across Canada how to stay safe — and what to do when something goes wrong.
Technology alone cannot protect you. Here is why human knowledge is your most powerful security tool.
Every year, Canadian organizations spend billions of dollars on firewalls, antivirus software, intrusion detection systems, and security consultants. And every year, attackers continue to succeed — not by breaking through these defences, but by walking around them. They send a convincing email. They make a phone call pretending to be IT support. They set up a login page that looks exactly like Microsoft 365. The employee clicks, enters their credentials, and the attacker is inside — past every security tool the organization paid for.
This is not a failure of technology. It is a failure of training. The Canadian Centre for Cyber Security has consistently found that over 80% of successful cyber incidents in Canada begin with a human action — clicking a link, opening an attachment, using a weak or reused password, or complying with a fraudulent request. No firewall intercepts these. No antivirus blocks them. Only an informed human being does.
The research on training effectiveness is unambiguous. Organizations that implement regular security awareness training reduce their rate of successful phishing attacks by 60% to 85% within six months. Employees who understand how ransomware spreads make better decisions in real time — they pause before clicking, they verify before transferring, they report instead of hoping the problem goes away. These are not complicated behaviours. They just need to be taught and reinforced.
At ISF Tech (Informatique Ste-Foy), we have been on the front lines of cybersecurity in Canada since 2014. We see the aftermath of attacks that training could have prevented. We help the victims recover. And we deliver the training that makes the next attack significantly less likely to succeed. Our approach is practical, scenario-based, and calibrated to the real threats that Canadians face — not generic corporate content that could have been written for any audience on any continent.
Almost everyone who works with a computer, uses email, or manages any kind of digital information. Here is how to know if training applies to you.
You receive emails. You bank online. You store photos in the cloud. You have social media accounts. Each of these is a potential target. Individuals are increasingly targeted specifically because attackers know they are less likely to have received formal training. Identity theft, account takeover, romance scams, and CRA impersonation fraud devastate individuals across Canada every single day. Training gives you the pattern recognition to stop these attacks before they succeed.
Every employee with an email address is a potential entry point into your organization. Your most technical employee is rarely the weakest link — it is often the administrative assistant, the sales coordinator, or the bookkeeper who processes payment requests. Business Email Compromise (BEC) fraud, which tricks employees into transferring money or sensitive information, cost Canadian businesses hundreds of millions of dollars last year. Training your entire team — not just IT — is the only defence that scales.
Cybercriminals deliberately target seniors in Canada because they have often accumulated more savings and may be less familiar with common online manipulation techniques. CRA scams, tech support fraud, and the "grandparent scam" target this demographic specifically. Training for seniors focuses on recognition — teaching the emotional manipulation tactics attackers use, how government agencies actually communicate, and what to do when something feels wrong. Confidence and scepticism are learnable skills at any age.
Professionals who handle sensitive client data — doctors, lawyers, accountants, therapists, notaries — face a uniquely severe version of the cyber threat. A breach does not just damage their business; it potentially exposes confidential information subject to professional privilege or healthcare privacy regulations (PIPEDA, Law 25 in Quebec). Ransomware attacks on medical clinics and law firms have become routine. Training for this group covers not only how to avoid attacks but also the regulatory obligations that kick in when a breach occurs.
Plumbers, electricians, contractors, landscapers — small trade businesses rarely think of themselves as cybersecurity targets. But they have valuable things attackers want: bank account access through online banking credentials, client data, and often lax security that makes them easy entry points. Invoice fraud — where an attacker intercepts or spoofs payment communications — is particularly common in trades. Training for this group is deliberately non-technical and focuses on the two or three practices that eliminate the highest-risk scenarios.
Schools, community organizations, and non-profits are frequent targets because they handle personal data on vulnerable populations while often running on minimal IT budgets. Ransomware attacks on school boards have made headlines across Canada. Non-profits that process donor information face both reputational and regulatory exposure from a breach. We work with these organizations at pricing that reflects their budget realities, without reducing the quality or depth of the training.
Six programs, built for six different situations. All available remotely across Canada.
The most common entry point for cyberattacks in Canada — and the most preventable with the right training. We teach participants how to read email headers, identify lookalike domains, recognize urgency and authority manipulation, verify suspicious requests through a second channel, and report incidents properly. We use real examples from phishing campaigns that targeted Canadian organizations and individuals in the past 12 months. After this session, participants consistently describe how they see emails differently — with healthy, productive scepticism rather than anxiety.
Weak and reused passwords remain the leading cause of account compromises in Canada. This session covers why long, unique passwords matter more than complex short ones, how password managers work in practice (we do a live demo of 1Password and Bitwarden), how to enable two-factor authentication on email, banking, Microsoft 365, and social media accounts, and what to do if you discover your credentials appear in a known breach. By the end, every participant leaves with a concrete action plan and the confidence to implement it themselves.
A comprehensive training program for small and medium-sized business teams covering every threat they are likely to encounter in their work. Topics include: phishing and spear-phishing, ransomware mechanics and prevention, Business Email Compromise fraud, social engineering by phone and social media, safe use of cloud collaboration tools (Microsoft 365, Google Workspace, Slack, Zoom), remote work security, incident reporting procedures, and the organization's specific security policies. Interactive, scenario-based, with Q&A throughout. Available as a single half-day session or distributed across shorter weekly modules.
For individuals who want to understand how to protect themselves online without needing a technical background. This session covers: how identity theft happens and how to detect it early, securing your email and social media accounts, safe online banking habits, how to recognize and respond to scam calls, texts, and emails, setting up a password manager from scratch, and activating two-factor authentication on your most important accounts. Taught in plain language, illustrated with examples drawn from real incidents affecting Canadians. Available one-on-one or in small groups of friends or family.
Designed specifically for Canadians 60 and older, this session uses accessible language and real examples to build the recognition skills that stop fraud before it starts. We cover: how to verify the identity of anyone who contacts you claiming to be from the CRA, RCMP, Microsoft, or a bank; the emotional manipulation tactics scammers use and how to interrupt them; what a real tech support call from a legitimate company looks and sounds like; the grandparent scam and romantic fraud; and a simple five-step checklist for evaluating any digital request before responding to it. Delivered with patience, respect, and humour — technology is approachable, not intimidating.
Training is most effective when you can measure its impact. Phishing simulations send carefully crafted fake phishing emails to your team and measure who clicks, who enters credentials, and who reports the attempt — providing a baseline assessment of your team's real-world vulnerability. We design simulations relevant to your industry (the attacks a healthcare clinic faces differ from those targeting a construction company), run them ethically with full management consent, and present results in aggregate (never naming individual employees). Post-simulation, we deliver targeted follow-up training for those who clicked. The improvement between the first and second simulation is consistently dramatic.
Regardless of the specific program, every ISF Tech training session is built around practical, immediately applicable knowledge.
We start with what is actually happening in Canada right now — not generic statistics, but specific attack patterns targeting Canadian businesses and individuals in your sector and province. Participants understand that cyber threats are not abstract; they are concrete, common, and frequently successful against organizations that look exactly like theirs. This section answers the question that the rest of the training depends on: "Why should I care?"
Knowledge without action is worthless. Every training session is built around concrete behaviours participants can implement immediately — not complicated technical procedures, but simple habits with a large impact on security posture.
Despite all precautions, incidents happen. Training that only teaches avoidance without teaching response is incomplete. We walk through exactly what to do in the most common scenarios — step by step, in plain language, with the appropriate Canadian resources and contacts.
For business training, we include a module on the regulatory landscape that applies to Canadian organizations — particularly important given that non-compliance can result in significant fines and reputational damage.
Same-day or next-day availability for most individual sessions. Team sessions booked 3–5 days ahead.
📞 (418) 255-8998 💬 Text This Number 💻 Remote Session PortalFor those looking to formalize their knowledge — from getting started to advancing professionally.
While our training programs are designed for practical protection rather than formal certification, many participants ask us about recognized certifications in cybersecurity — either to advance their career or to demonstrate competence to clients and employers. Here is an honest guide to the landscape, from beginner to advanced.
Call, text, or book a remote session. Available across all Canadian provinces. English and French. Same-day availability for individual sessions.
🇨🇦 All provinces served · 📍 Workshop: 979 av. de Bourgogne, Sainte-Foy QC
