As a company that is operating in the telecommunication sector, XYZ must ensure that they have adequate capabilities to protect their company’s and customers’ sensitive data. Although various information security systems and processes are already in place, human resources still are the weakest link in cyber security. The new normal of Working From Home makes the threat even larger. Basically, Information Security Awareness (ISA) denotes whether or not users are aware of information security objectives. Using a phishing scenario, this study examined the level of ISA of XYZ employees and how ISA training might improve their awareness level. The simulation outcomes were compared to the results before and after they received ISA training on a percentage scale. The results showed a positive increase between before and after being given training. Employees who clicked on phishing URLs before training reached 31% reduced to 12% after training. Meanwhile, employees affected by phishing decreased from 24% to 4%. The study also revealed discovered that based on the nature of the job, employees who work at directorates who work more on non-technical matters have lower awareness when compared to employees who work at directorates who work more on technical work.