Golonex

Security Operations

EDR · MDR · XDR Email Security SOC Monitoring & SIEM Continuous VAPT Security Awareness Training

IT & Governance

Configuration Management Backup & DR / BCP IT & Security Governance IS Audit Readiness Compliance Readiness

Advisory & AI

Fractional Leadership AI Automation Solutions Lab Staff Augmentation Hire with us Our Work Industries About Contact Blog Golonex Press ↗ Golonex Tools ↗ ◆ Golonex Ready Book a Call →
Security Awareness Training

Your people are the perimeter.

Phishing simulations, DPDP awareness training, and cybersecurity fundamentals — delivered monthly, tracked by department, and formatted for RBI IS Audit evidence packs. Available in English and Hindi.

Training Modules

Four tracks. One managed programme.

Each module addresses a specific regulatory requirement or human-layer risk. Golonex manages delivery, tracking, and reporting — you provide the staff list.

🎣

Phishing Simulation Campaigns

Realistic phishing scenarios deployed to your staff — tailored to your industry, your systems, and your brand. Monthly campaigns with progressive difficulty. Click-through rates tracked per department and reported to management.

Monthly campaignsDept-level reportingBCSF Control 6
📱

DPDP Awareness Training

Mandatory awareness training for all staff who handle personal data. Covers what DPDP requires, what constitutes a breach, how to handle a data subject request, and when to escalate. Available in English and Hindi. Completion records maintained for regulatory inspection.

DPDP Act 2025Hindi & EnglishCompletion records
🔐

Cybersecurity Fundamentals

Core security awareness for all staff — password hygiene, safe email practices, social engineering recognition, clean desk policy, and incident reporting. Delivered as a 45-minute module, suitable for branch and back-office staff with no technical background.

All staff45-minute moduleBranch-ready
👤

IT & Senior Management Track

Deeper modules for IT staff and senior management — covering privileged access responsibilities, insider threat awareness, incident response roles, and their personal obligations under RBI and DPDP. Separate from the all-staff programme.

IT & managementPrivileged accessRegulatory obligations
What You Receive

Reports your IS auditor and management can use.

The programme runs continuously. What you see every month is a clean report showing completion rates, phishing click trends, and department-level risk indicators.

IS auditors ask to see evidence that a security awareness programme exists and that staff actually complete it. Golonex formats every report and log to answer that question directly — no scrambling for screenshots before the audit.

  • Monthly phishing campaign — customised scenario, deployment, and click-rate reporting
  • Quarterly training completion report — by department and role level
  • Annual DPDP awareness attestation — signed completion records per staff member
  • Phishing trend analysis — improvement or deterioration by department over time
  • Management dashboard — live view of programme completion and risk indicators
  • RBI/IS Audit evidence pack — training logs, completion rates, phishing reports formatted for IS auditor inspection
  • New joiner onboarding module — awareness training delivered within 30 days of joining
Regulatory Coverage

Every requirement mapped to a deliverable.

Control Requirement Programme Coverage
RBI BCSF Control 6 Anti-phishing staff training with simulated campaigns Monthly phishing simulations with click-rate reporting and targeted follow-up training
DPDP Act 2025 (Section 9) Staff handling personal data must be trained on obligations DPDP awareness module with Hindi/English delivery and per-staff completion records
RBI IS Audit Evidence of staff security awareness programme Training completion logs, phishing campaign reports, and annual attestation pack for auditors
ISO 27001 — A.6.3 Information security awareness, education, and training Programme maps to ISO 27001 Annex A.6.3 — usable as ISMS evidence
FAQ

Frequently asked questions

How does phishing simulation work without alarming or embarrassing staff? +

Phishing simulations are run as a training tool, not a disciplinary one. When a staff member clicks a simulated phishing link, they land on a brief training screen that explains exactly which indicators they missed — immediate learning at the moment of failure. Results are reported in aggregate by department, not as individual scorecards. The framing is continuous improvement, not a gotcha.

Are modules available in Hindi? +

Yes. All modules are available in both Hindi and English. For Indian banks and businesses with mixed staff literacy, Hindi-medium delivery significantly improves comprehension and completion rates. Regional language options are available for larger deployments — discuss during scoping.

How do we prove training completion to auditors? +

Every module completion is logged by staff name, date, and module version. Golonex produces a completion report formatted for IS audit evidence — showing the programme name, delivery dates, total staff, completion rate, and phishing click-rate trend over time. The report is structured to satisfy RBI BCSF Control 6 evidence requirements without additional reformatting.

Does this satisfy RBI BCSF Control 6? +

Yes. BCSF Control 6 requires banks to conduct regular cybersecurity awareness programmes for all staff, including targeted anti-phishing training. Monthly phishing simulations with tracked completion, combined with quarterly cybersecurity fundamentals modules, satisfies the spirit and documentation requirements of Control 6. The completion records serve as IS audit evidence.

What click-rate reduction can we realistically expect? +

Industry baselines show 20–30% of staff click on the first simulated phishing campaign. After three months of monthly simulation and training, most organisations reach 5–10%. After six months, well-run programmes consistently achieve sub-5%. We report click-rate trend as a key metric so you can demonstrate improvement to your Board and auditors with actual data.

Get Started

Start with a phishing baseline test

We run a baseline phishing campaign across your organisation before anything else — so you know where your people stand before training starts. No obligation.