In practice, information security training gives participants the awareness of threats awaiting in their daily work with IT tools. Participants learn from it how cybercriminals can acquire sensitive company data or take control of a computer (e.g., demanding a ransom later) and how to protect themselves from it.