Luna HR Docs

Security Awareness

The Security Awareness module provides interactive cyber security training for your workforce. Employees complete guided courses with real-world scenarios and knowledge checks, helping your organisation meet compliance requirements and build a security-conscious culture.

Key features

  • Interactive courses — step-by-step training with content, scenarios, and quizzes
  • Built-in course library — pre-built courses covering phishing, AI threats, password security, social engineering, and more
  • Knowledge checks — quiz questions with instant feedback and explanations
  • Compliance dashboard — see completion rates across your organisation at a glance
  • Due dates and reminders — assign courses with deadlines and track overdue completions
  • Certificates — employees earn certificates on passing, recorded in their profile
  • Mandatory courses — auto-assign courses to all employees

How it works

For employees

  1. Go to Security Awareness from the sidebar
  2. You'll see your assigned courses with their status (to complete, in progress, passed, or failed)
  3. Click Start on a course to begin the training journey
  4. Work through the steps — each course includes:
    • Content — educational material about the threat
    • Scenarios — real-world examples to consider
    • Quiz questions — test your understanding with multiple-choice questions
  5. At the end, your answers are scored. You'll need to reach the passing score (typically 80%) to earn your certificate
  6. If you don't pass, you can retry the course

Course topics

Luna HR comes with built-in courses covering key cyber security topics:

| Course | Duration | Topics covered | |--------|----------|---------------| | Phishing Recognition | 12 min | Identifying phishing emails, URL inspection, red flags | | AI-Powered Threats | 15 min | Voice cloning, deepfake video calls, AI-generated phishing | | Password & MFA | 10 min | Strong passwords, password managers, MFA bypass attacks | | Social Engineering | 12 min | Pretexting, tailgating, phone-based attacks | | Data Protection | 10 min | Handling sensitive data, GDPR basics, data classification | | Physical Security | 8 min | Clean desk policy, visitor management, device security | | Remote Working | 10 min | Home network security, VPN usage, public Wi-Fi risks | | CEO Fraud | 10 min | Business email compromise, wire transfer scams, verification |

Admin setup

Course library

Manage your course library from Admin > Security Training. You can:

  • View all available courses with their completion statistics
  • Toggle courses active/inactive — inactive courses aren't assigned to new employees
  • Mark courses as mandatory — mandatory courses are automatically assigned to all employees
  • Assign to specific employees — select individuals and set a due date
  • Import built-in courses — load the pre-built course library with one click

Compliance dashboard

The compliance dashboard (second tab in the admin page) shows:

  • Overall compliance rate — percentage of assigned courses that have been completed
  • Completion heatmap — employee-by-course matrix showing who has completed what
  • Overdue tracking — identify employees who haven't completed their assigned training
  • CSV export — download compliance data for auditing

Setting due dates

When assigning a course, you can set a due date (7, 14, 30, 60, or 90 days from assignment). Overdue courses are flagged on the employee's dashboard and in the admin compliance view.

Course validity

Each course has a validity period (default 12 months). After this period, the employee will need to retake the course to maintain compliance. Some courses, like AI threats, have shorter validity periods (6 months) to keep knowledge current.