Cofense CBFree


These look great! The presentation and audio are exactly what we needed!– Director, Information Security

For many of our customers, security awareness Computer Based Training (CBT) helps check-a-box to satisfy a compliance need. We recognize this need is a requirement so we’ve developed a set of SCORM-compliant materials to help meet that need for all companies- Cofense customers and non-customers alike and Free of Charge.  That’s right.  Free.

Does that mean our training isn’t good or doesn’t meet requirements – not at all! “Free” doesn’t mean sub-par or obsolete content. The same amazing team that produces Cofense’s best-in-class Simulation content keeps the material fresh, compliant, and relevant!

Easy to Understand, Use and Adapt

We’ve made it easy for you to take advantage of this content. If you have a Learning Management System (LMS) that ingests SCORM-compliant materials, just download the files and run the training through your own LMS. Our current library of CBTs includes 17 security awareness modules and 4 compliance training modules.  CBFree was developed using the latest eLearning techniques and trends that promote substantial engagement by the pupil. Each module takes about 5 minutes to complete and comes with an optional 5-15 minutes of interactive Q&A.Most of our security awareness modules are now available in multiple languages including English, Chinese, French, German, Portuguese (Brazilian), Spanish (Latin America) and Japanese. Languages are noted below.


Help CreateActive Defenders

Our new study shows why email reporting — human action — is the beating heart of a strong phishing defense.



4 Compliance Specific Modules

These modules focus on compliance training for a better understanding of the policies, procedures, and reporting standards when it comes to handling protected personal information:


Health Care Compliance

An overview of the HIPAA, HITECH and Omnibus legislation and security measures that can be taken to protect the data, and the reporting procedures in case of a data breach.Available in English Only

Payment Data Compliance

Answers “what is cardholder data,” the standard and regulations both an IT-Professional and Non-IT Professional must follow to protect the data and privacy of the cardholder, and how to report a data breach.Available in English Only

Personal Data Compliance

Focuses on the laws and regulations that govern the protection of sensitive personal data, security measures that can be taken to protect the data, and the steps to take when reporting a data breach.Available in English Only

General Data Protection Regulation (GDPR) Compliance

An overview of the new compliance regulations, your responsibilities under GDPR, and how to report a non-compliance issue. EU-specific.
Available in Multiple Languages.

CBFree Website Disclaimer


1:1 Demo
Powerful Solutions

We'll talk with you about your company's specific needs and provide demonstrations of our recommended solutions.


17 Interactive Modules Covering Today’s Biggest Threats

Available in Multiple Languages.

Cybersecurity Awareness

This Cybersecurity module was developed to raise awareness about how to avoid online threats that might target you or our organization. By identifying common online threats, understanding risk factors for each type of threat, and learning how to minimize the risk of an attack.

Cloud Computing

The Cloud Computing module will differentiate desktop from cloud computing; identify the advantages and disadvantages of cloud computing; and describe several best practices for using the cloud safely.

Advanced Spear Phishing

The Advanced Spear Phishing module covers topics on: identifying three types of advanced spear phishing techniques, identifying indicators of an advanced spear phishing email, and understanding what to do if you are the target.

Business Email Compromise

The Business Email Compromise (BEC) Scams module covers topics on: identifying BEC scams, differentiating between the three main types of BEC scams, and reporting a suspected attack.


The Ransomware module covers topics on: what ransomware is and how it is delivered, ransomware’s effect, minimizing the threat of ransomware, and reporting ransomware attacks.

Spear Phishing

A majority of cyber-intrusion attempts begin with spear phishing emails. These targeted attacks are delivered via malicious links, file attachments, and login forms. This lesson helps show the warning signs to look out for and what to do in the event of a spear phishing attack.

Surfing the Web

Encouraging safe Web browsing habits is critical to the safety of your organization. In this lesson, we cover an array of concepts such as secure sockets layer (SSL) encryption, illegal content, and browser plug-ins and extensions.

Data Protection

Data protection is a core value for any organization that handles confidential information. This lesson covers how to handle information safely and common responsibilities under various laws and policies.

Insider Threats

Some of the most dangerous threats to your organization can come from within. In this lesson, we discuss the three main types of insider threats, what motivates them, and what you can do to help minimize the risk of an inside attack.

Malicious Links

On the Web and in email, hyperlinks are the easiest tool that cyber criminals can use to deliver malware—all it takes is the click of a link. In this lesson, we break down the parts of a link and the structure of a URL to reveal the warning signs of a malicious link.


Malware has been a threat for decades, and it has grown more sophisticated over the years. Various forms of malware might spy on your activity, allow attackers remote access to your drives, or take control of your device. This lesson teaches what the different types of malware do, and how to avoid falling victim to them.

Mobile Devices

Modern mobile devices allow you to bring your office anywhere; they also leave your information incredibly vulnerable. In this lesson, learn the best practices for keeping your information safe when browsing on a mobile device.

Security Outside of the Office

When working outside of the office, employees must be on their guard against an array of threats. Use this lesson to educate your users about threats that linger in public places, and what they can do to protect sensitive information.


A password is your account’s first line of defense, but it is also vulnerable to cyber attacks. In this lesson, we discuss password strength and password diversity along with the best password security tools and practices for keeping your account secure.

Physical Security

Physical security measures are used to deter and detect unauthorized access to your technical devices. In this lesson, teach your employees about the steps you have taken to secure the workspace; where they are most at risk; and what they can do to prevent falling victim to theft.

Social Engineering

When working outside of the office, employees must be on their guard against an array of threats. Use this lesson to educate your users about threats that linger in public places, and what they can do to protect sensitive information.

Social Networking

Social networking profiles are easily exploited by cyber criminals. In this lesson, we cover the basics of responsible social networking; topics include app permissions, privacy settings, and more.

Introducing: CBFree Games

5 Interactive Game Modules to Make Security Awareness Training Fun for Employees

Available in English Only. Download by filling out the form below.

Category Challenge

Test your knowledge by answering questions about passwords, malicious links, spear phishing, malware and social engineering. Collect enough points to win the game.

Honey Comb Challenge

Test your knowledge by answering questions about cybersecurity and phishing topics. Start at the first cell on the left. Select adjoining cells to move across the board. If you answer incorrectly, you must start over. Once you make it to the right side of the board, you win the game.

Indicators of a Phish

Investigate the email and answer the prompts. If you score more than 80% you win the game.

Resiliency Quiz

Resilience is an indicator of how well recipients are conditioned to not interact with phishing emails. Take this quiz to assess your awareness of habits that may make you vulnerable to targeted phishing or malware and learn tips to make you more resilient.

To Catch a Threat

Taken from real phishing emails, click each indicator within the email and then report each phishing email using the Report Phishing button. Each email has 2-3 indicators displayed. Each correct response receives 5 points, you must score 50 points to win.