Introduction

In today's rapidly evolving digital landscape, financial controllers and procurement officers are increasingly on the front lines of an organization's defense against cyber threats. While their roles may not involve deep technical expertise, they routinely handle highly sensitive data—from confidential financial records and payment details to critical vendor information and supply chain intelligence. A single cyber incident, such as a phishing attack leading to fraudulent payments or a ransomware attack disrupting procurement operations, can have catastrophic financial, operational, and reputational consequences. Therefore, a foundational understanding of cybersecurity principles, common threats, and practical safeguards is no longer just an IT concern; it is an indispensable skill for professionals managing an organization's financial health and supply chain integrity. This essential training course focuses on equipping these professionals with the non-technical cybersecurity essentials they need.

This comprehensive training course is specifically designed to empower financial controllers and procurement officers with the practical, non-technical knowledge required to identify, understand, and mitigate cybersecurity risks in their daily functions. Participants will gain a clear grasp of key cybersecurity concepts without delving into complex technical jargon, focusing instead on real-world scenarios and actionable strategies. The course will cover topics such as recognizing social engineering tactics, secure data handling best practices, identifying red flags in vendor security, understanding the financial impact of cyberattacks, and contributing effectively to an organization's overall cyber resilience. By mastering the Cybersecurity Essentials for Financial Controllers and Procurement Officers, participants will be better equipped to protect sensitive information, prevent fraud, ensure compliance, and contribute to a more secure and resilient business environment.

Duration: 10 Days

Target Audience

• Financial Controllers
• Head of Finance
• Chief Accountants
• Procurement Managers
• Purchasing Officers
• Supply Chain Managers
• Senior Accountants
• Internal Auditors (non-IT focus)
• Business Analysts working with financial or procurement systems
• Any non-technical professional handling sensitive data in finance or procurement

Course Objectives

• Understand fundamental cybersecurity principles relevant to finance and procurement.
• Learn to recognize common cyber threats such as phishing, ransomware, and social engineering.
• Identify red flags and suspicious activities in financial and procurement transactions.
• Acquire best practices for securely handling sensitive financial and vendor data.
• Understand the importance of strong passwords and multi-factor authentication.
• Learn how to evaluate basic cybersecurity posture of vendors and suppliers.
• Comprehend the financial and operational impact of cyberattacks on their departments.
• Develop awareness of key data privacy regulations (e.g., GDPR, local laws) in their context.
• Understand their role in incident response and reporting suspicious activities.
• Improve personal cyber hygiene and secure computing habits.
• Learn to contribute to a security-aware culture within their teams.
• Enhance communication with IT and cybersecurity teams on relevant issues.
• Understand the concept of internal controls from a cybersecurity perspective.
• Explore strategies for protecting against financial fraud facilitated by cyber means.
• Identify resources and continuous learning opportunities in cybersecurity.

Course Content

Module 1: Cybersecurity Basics for Business Professionals

• What is cybersecurity and why it matters to finance and procurement.
• Understanding key terms: data breach, malware, phishing, ransomware.
• The CIA Triad: Confidentiality, Integrity, and Availability of data.
• The human element: recognizing that people are often the weakest link.
• Overview of the current cyber threat landscape.

Module 2: Understanding Common Cyber Threats

• Phishing, spear phishing, and whaling: how to spot and avoid them.
• Business Email Compromise (BEC) and its financial implications.
• Ransomware: what it is and how it can impact financial operations.
• Social engineering tactics: pretexting, baiting, quid pro quo.
• Recognizing suspicious emails, links, and phone calls.

Module 3: Protecting Sensitive Financial Data

• Identifying what constitutes sensitive financial data (e.g., bank accounts, credit card numbers, PII).
• Best practices for securely handling and storing financial documents.
• Importance of strong, unique passwords and using password managers.
• The power of Multi-Factor Authentication (MFA) for financial systems.
• Secure use of accounting software and financial platforms.

Module 4: Cybersecurity for Procurement Systems and Data

• Understanding sensitive data in procurement (e.g., vendor contracts, pricing, supplier banking details).
• Risks of data leakage through insecure procurement processes.
• Protecting bid information and confidential supplier communications.
• Secure use of e-procurement platforms and online marketplaces.
• Best practices for managing procurement documents digitally.

Module 5: Vendor and Third-Party Cyber Risk Awareness

• Why vendors are a common entry point for cyberattacks.
• Basic questions to ask vendors about their cybersecurity practices.
• Identifying red flags in vendor communication and invoices.
• The importance of security clauses in vendor contracts (even if not drafting them).
• What to do if a vendor reports a data breach.

Module 6: Preventing Cyber-Enabled Financial Fraud

• Common financial fraud schemes (e.g., fake invoices, changed bank details).
• The connection between cyberattacks and financial fraud.
• Implementing verification procedures for payments and vendor changes.
• Importance of dual authorization for critical financial transactions.
• Recognizing internal fraud indicators related to system access.

Module 7: Data Privacy and Compliance Fundamentals

• Basic principles of data privacy (e.g., collection, use, retention).
• Overview of key data privacy regulations (e.g., GDPR, local data protection laws).
• Understanding the concept of personal data and sensitive personal data.
• The role of consent and lawful basis in data processing.
• Consequences of privacy non-compliance for the organization.

Module 8: Secure Computing Habits and Workstation Security

• Best practices for securing laptops, desktops, and mobile devices.
• Understanding the risks of public Wi-Fi and using secure networks.
• Importance of software updates and patching.
• Basic antivirus and anti-malware understanding.
• Secure Browse habits and recognizing malicious websites.

Module 9: Internal Controls and Cybersecurity

• What are internal controls and how they relate to cybersecurity.
• Examples of internal controls that mitigate cyber risk in finance (e.g., reconciliation, access reviews).
• The concept of segregation of duties in a digital environment.
• How accountants and procurement officers contribute to control effectiveness.
• Reporting control deficiencies related to cybersecurity.

Module 10: Recognizing and Reporting Cyber Incidents

• What constitutes a cyber incident or suspicious activity.
• Steps to take immediately when a cyber incident is suspected.
• Who to report suspicious activities to within the organization.
• The importance of timely reporting and not concealing incidents.
• Understanding the role of the incident response team.

Module 11: Cloud Security Awareness for Financial Data

• Basic understanding of cloud computing in finance (e.g., cloud accounting software).
• The concept of "shared responsibility" in cloud security.
• Key security features to look for in cloud financial providers.
• Risks of storing sensitive data in insecure cloud environments.
• Best practices for using cloud-based financial tools.

Module 12: Business Continuity and Disaster Recovery Basics

• What is business continuity and why it's crucial for finance and procurement.
• The role of data backups in recovering from cyberattacks (e.g., ransomware).
• Understanding the importance of offsite and offline backups.
• Basic steps for resuming operations after a system disruption.
• How finance and procurement contribute to resilience planning.

Module 13: Building a Security-Aware Culture

• The importance of every employee in cybersecurity defense.
• Promoting vigilance and critical thinking about digital interactions.
• Encouraging open communication about security concerns.
• Learning from past incidents and near misses.
• Leadership's role in fostering a security-conscious environment.

Module 14: Cybersecurity Resources and Continuous Learning

• Reliable sources for cybersecurity news and best practices.
• Recommended government and industry guidelines (e.g., CISA, local CERTs).
• Introduction to cybersecurity certifications (no need to pursue, just for awareness).
• The importance of continuous learning in a rapidly changing threat landscape.
• How to stay informed without becoming an IT expert.

Module 15: Practical Scenarios and Action Planning

• Group exercises on identifying and responding to simulated phishing emails.
• Case studies of common cyberattacks impacting finance and procurement.
• Developing a personal cyber hygiene checklist.
• Discussing specific organizational challenges and potential solutions.
• Creating an action plan for implementing learned principles in their daily roles.

Training Approach

This course will be delivered by our skilled trainers who have vast knowledge and experience as expert professionals in the fields. The course is taught in English and through a mix of theory, practical activities, group discussion and case studies. Course manuals and additional training materials will be provided to the participants upon completion of the training.

Tailor-Made Course

This course can also be tailor-made to meet organization requirement. For further inquiries, please contact us on: Email: info@skillsforafrica.org, training@skillsforafrica.org  Tel: +254 702 249 449

Training Venue

The training will be held at our Skills for Africa Training Institute Training Centre. We also offer training for a group at requested location all over the world. The course fee covers the course tuition, training materials, two break refreshments, and buffet lunch.

Visa application, travel expenses, airport transfers, dinners, accommodation, insurance, and other personal expenses are catered by the participant

Certification

Participants will be issued with Skills for Africa Training Institute certificate upon completion of this course.

Airport Pickup and Accommodation

Airport pickup and accommodation is arranged upon request. For booking contact our Training Coordinator through Email: info@skillsforafrica.org, training@skillsforafrica.org  Tel: +254 702 249 449

Terms of Payment: Unless otherwise agreed between the two parties’ payment of the course fee should be done 7 working days before commencement of the training