Yes. IP threats vary significantly by industry. Manufacturing companies face process theft. Technology companies face the theft of source code and algorithms. Life sciences companies face formula and trial data exposure. We tailor scenarios to reflect the specific assets your organization needs to protect and the specific methods most likely to be used against them.

End the interaction and report it to the security team or supervisor. Social engineering exploits the natural tendency to be helpful in professional interactions. The training builds the recognition that legitimate business contacts don't need to ask for information in unexpected ways — and that a polite refusal is always the right response

Yes. Remote and hybrid employees face the same IP protection obligations as office-based employees — and in some respects greater risk, because physical security controls are absent. The training addresses secure device handling, working in public spaces, and home office security practices.

Report it to their supervisor or the security team — not investigate it independently. The training reinforces that suspicion alone is sufficient grounds to report, and that non-retaliation protections apply. Early reporting gives the organization options. Delayed reporting often doesn't.

The need-to-know principle holds that sensitive information should be shared only with people who require it to perform their specific role. It is the primary defense against insider threats — not because employees can't be trusted, but because limiting access limits the damage from any single point of failure, whether intentional or accidental.

IP refers to legally recognized creations — patents, trademarks, copyrights — and trade secrets. Confidential information is a broader category that includes internal data, reports, strategies, and communications that are not publicly disclosed. The training covers both because the required protective behaviors are the same.