Although IT services has a top notch cybersecurity team using the latest technology, for the most part it can only identify and stop known threats. Like other institutions, we have to rely on our employees to be our first line of defense against unknown threats. To ensure our employees have the skills they need to be an effective defense, we mandate annual cybersecurity training for anyone who has a significant impact on the network. This training ensures that employees can keep themselves, their families and the University safe from cyberattack.

Mandatory training is enforced by your supervisor. They are required to collect certificates of completion as proof that training has been completed. They are also required to report completion of the training as part of the annual Position Hazard Assessment. Read on to find out if you are required to take cybersecurity training.

Full time employees All full time employees are required to complete either the online cybersecurity awareness training or a cybersecurity awareness workshop annually. The training is updated every year with the old training course taken down and archived on June 30 and the new course posted on July 1. If you are a full time employee but are on leave, you are not required to take the training until your return.

Employees that handle payment card data

All employees who handle payment card data are required to complete the PCI online training upon hire and annually. Annual training must be completed by June 30. As the PCI training includes information from the cybersecurity training course, full time employees who complete PCI training also meet their cybersecurity training requirement. Therefore,they are only required to take the one course.

Employees that meet the following criteria

Anyone employed with Mount Royal University who meets one or more or the following criteria may also be asked to complete either the online training or a cybersecurity awareness workshop

• They have access to sensitive data or applications
• They access the network 21 hours a week or more
• They have a position of authority or influence
• Their supervisor believes the training would benefit the employee and their department

Please note that is up to the discretion of the supervisor to determine whether or not an employee who meets one or more of these criteria should complete cybersecurity training.

Alumni and other employees

Alumni and those employees who are not required to take cybersecurity training but would like to improve their cybersecurity knowledge are welcome to attend a cybersecurity awareness workshop.