YMS360 Cybersecurity Training
Built for crew. Built for the water.
Short, role-aware cybersecurity modules for superyacht captains, officers, engineers, interior and deckhands. Phishing. Passwords. Guest privacy. Afloat Wi-Fi. Incident response. Done in about an hour.
Why it Matters
The threats crew face at sea have changed.
Targeted Phishing
Fake port-agent emails. Impersonated captains on WhatsApp. Modified supplier invoices with a new IBAN. Crew now see phishing that's tailored to the vessel, the charter, and the routine — often arriving at 0530 when people are moving fast between rotations.
Hostile Networks in Port
Marina Wi-Fi is shared with strangers and trivially impersonated. Evil-twin hotspots spoof the vessel's SSID. Captive portals harvest credentials. A VPN and hardened device posture is no longer optional — and crew need to know exactly when to switch each one on.
AI-driven Scams Aimed at Crew
Voice-cloning of a crew member's family. Romance-and-investment scams tuned to long rotations. Payroll-redirect fraud that targets the purser's email. The modern attack finds crew where they are — and weaponizes what's public about them.
Role-aware Training
Designed for every role on board.
Captains & Officers
Operational discipline, chain-of-command for incidents, audit trails, and the information-security decisions only the bridge can make.
Engineers & ETOs
Device patching cadence, network segmentation, guest-vs-operational network hygiene, and the security of the vessel's technical estate.
Interior & Guest-facing Crew
Guest privacy, photo and video policy, passport and PII handling, social-media OPSEC, and the discretion that protects the owner's reputation.
Every crew member takes the same five core modules; the examples and scenarios shift with their onboard role. No mandatory corporate-IT filler, no generic phishing slides designed for a cubicle farm.
Built on Principle
Training that practices what it teaches.
Privacy-first by Design
Minimal PII collected. Passwords hashed with Argon2id. MFA secrets encrypted at rest. Your training platform can't credibly teach what it doesn't itself do.
Strict Multi-vessel Isolation
Each vessel sees only its own crew, progress, and records. Enforced at the data-access layer, audited by automated tests on every release — no vessel leaks to another.
Compliance-ready Records
PDF certificates with public verification. Exportable completion reports for audits, insurers, and management companies. Audit log retained two years per record.
Continuously Updated
New scams, new regulations, new vendor weaknesses. Content updates roll to every vessel as the landscape changes — no version upgrades or retraining cycles required.
Course Library
Seven modules. About an hour total.
Designed to be completed during a quiet afternoon in port. Each module ends with a short quiz and issues a PDF certificate your vessel can keep — verifiable by a public code that guests, insurers, or auditors can check.
Phishing at Sea
Fake port agents, invoice fraud, VIP impersonation on WhatsApp, and what to do in the first 10 minutes if you think you clicked.
Passwords & MFA
Password managers, unique passwords per service, TOTP enrollment, backup codes, and which second factor beats phishing.
Device & Wi-Fi Afloat
Marina Wi-Fi risks, VPN basics, guest-network separation, patching cadence, and the lost-device protocol for when something goes overboard.
Data & Guest Privacy
What counts as PII, GDPR basics for yachts, guest-data rules, photo policy, and crew-document confidentiality on and off rotation.
Incident Response
Recognizing a breach, first-hour containment, preserving evidence without making things worse, and communicating up the chain to captain and DPA.
Physical & OPSEC
Visitor management, dockside recon, shoulder-surfing, social-media OPSEC — the non-digital half of cyber defense that yacht crew actually live with.
A seventh module, Crew-Specific Threats, covers crypto and investment scams, fake recruiter offers, payroll-redirect fraud, and the family-emergency scams targeting seasonal crew.