HiringCoachAI

Security awareness training module

Last reviewed 2026-05-11

Purpose

This is the required core security-awareness training module for HiringCoachAI personnel. It is written for people who may receive approved access to internal documents, source code, production systems, customer data, vendor dashboards, or ongoing operational responsibilities.

Complete this module before sensitive access is granted and annually thereafter. Privacy, responsible-AI, incident-reporting, and device-security topics have their own signable modules in /admin/onboarding; this module gives the core security baseline that ties them together.

1. Report Security And Privacy Issues Quickly

Report anything suspicious immediately to the Security Officer:

  • Lost or stolen device.
  • Suspicious email, login prompt, link, attachment, or shared document.
  • Accidental exposure of customer data.
  • Access you no longer need.
  • Any possible bug, breach, vulnerability, or policy violation.

Do not investigate deeply on your own if customer data, credentials, or production systems may be involved. Preserve what you observed and escalate.

2. Watch For Phishing And Social Engineering

Be skeptical of messages that create urgency, ask for secrets, or ask you to bypass normal process. Common red flags:

  • A request to share a password, API key, one-time code, recovery code, or session cookie.
  • A login link that does not match the expected domain.
  • A vendor, customer, or executive asking for unusual access or payment action.
  • MFA fatigue prompts or repeated approval requests.
  • Attachments or shared files you were not expecting.

When unsure, verify through a separate channel before clicking, approving, or responding.

3. Protect Accounts

Use a password manager and unique passwords for every work account. Enable MFA everywhere it is available. Admin access to the HiringCoachAI admin interface uses Google sign-in and must be protected by Google Account MFA.

Never share credentials through email, chat, documents, screenshots, tickets, or AI tools. If a credential may have been exposed, report it immediately so it can be rotated.

4. Keep Devices Safe

Any device used for HiringCoachAI work must have:

  • Full-disk encryption enabled.
  • Screen lock enabled when unattended.
  • Operating system and browser updates applied promptly.
  • No untrusted browser extensions or software.
  • No shared use for work accounts.

Do not store customer exports, screenshots, or production data locally longer than needed for the approved task.

5. Handle Customer Data Carefully

Only access customer data when there is a clear business need. Use the minimum data needed for the task. Treat resumes, job-search records, interview notes, contact data, account data, logs, and support context as sensitive.

Do not move customer data into personal accounts, public documents, unapproved tools, or ad hoc spreadsheets. Do not paste customer data into AI tools unless the tool and use are approved by HiringCoachAI policy.

Complete privacy and data handling training module for the detailed privacy and data-handling rules.

6. Use AI Responsibly

HiringCoachAI uses AI heavily, so the rule is not "never use AI." The rule is: use approved AI tools for approved purposes, with the least sensitive data needed.

Do not use AI outputs as final truth without review. Drafting outputs should be reviewed before use. Scoring, transcription, task breakdown, and value-proposition outputs are informational aids and are not automated employment decisions.

Report any AI output that appears biased, unsafe, privacy-invasive, or materially wrong.

Complete responsible AI training module for the detailed responsible-AI rules.

7. Follow Incident Response Basics

If something might be a security or privacy incident:

1. Stop the risky action if you can do so safely. 2. Preserve relevant facts, such as time, user, system, URL, screenshot, or error. 3. Report to the Security Officer. 4. Do not delete evidence. 5. Do not notify customers or external parties unless assigned to do so.

The Security Officer coordinates severity, containment, investigation, customer notice, and post-incident follow-up.

Complete incident reporting training module for the detailed reporting expectations.

8. Work Safely In Remote And Shared Spaces

Avoid exposing customer data, source code, credentials, or internal documents in public or shared spaces. Lock your screen when stepping away. Use privacy-conscious judgment when screen sharing.

Do not discuss customer details, incidents, access credentials, or security gaps where unauthorized people can overhear.

Complete device and physical security training module for the detailed endpoint and remote-work expectations.

9. Role-Specific Additions

Engineering personnel must also understand secure coding expectations for this stack: input validation, authorization checks, Firestore rules, NextAuth/OAuth behavior, dependency hygiene, secret handling, logging, and safe AI integration.

Personnel assigned accessibility or user-interface delivery responsibilities must complete accessibility training module before taking those responsibilities and annually while they remain assigned.

Personnel involved in privacy or support work must understand data subject requests, deletion/export workflows, breach-notification escalation, and vendor/sub-processor handling.

Acknowledgment

By acknowledging this module in /admin/onboarding, I confirm that I completed the training, understand the expectations above, and will follow HiringCoachAI security, privacy, and responsible-AI practices for my role.

← Back to the trust center

showUpgradeModal: false, modalType: migration, planName: