Who has to take training

Who has to take training?

Cybersecurity threats are constantly evolving, and each of us plays a critical role in protecting Mount Royal University from malicious attacks. Every day, cybercriminals attempt to breach our systems — in an average month, our University firewall blocks hundreds of millions of attacks, and tens of thousands of phishing emails make it to inboxes despite our security measures. As a user of our network, you are the first line of defense against threats to your data and that network.

To prepare you to be that line of defense. Mount Royal delivers infomative and engaging cybersecurity awareness training through the CIRA Security Awareness Training platform and custom workshops. This training platform uses a risk score to inform you of your vulnerabillity to a cyber attack. To ensure you have the skills you need, you are required to mainain a risk score at or below 650. You lower your score through training, reporting phishing training emails and participating in cybersecurity themed activities.

In addition, everyone who is employed by the University is enrolled in monthly phishing training. This ensures that you are well prepared to thwart a cyberattack. Together we can keep ourselves, our families and the University safe from cyber criminals.

Training courses are assigned depending on whether you are a high value target, handle payment card data, are a new hire or have completed training in the past.

New hIre

If you are new to Mount Royal University, you will be automatically enrolled in an introductory awareness training course. Upon enrollment, you will be sent a notificaiton email with a link to the CIRA Security AwarenessTraining platform. Even though enrollment is automatic, sometimes the process is delayed. You will have one month to complete the training, If you receive an error message when you attempt to logon to the Platform, please notify us by emailing securityawareness@mtroyal.ca.

Completed training in the past

If you completed awareness training in the past, you will be assigned refresher training consisting of a culture survey and a single module. The survey is completely anonymous and lets us know how the University as a whole is doing. The module reviews basic cybersafety concepts through a fun and engaging game. It takes about 15 min to complete both and you have 30 days to do so. If you are unable to meet the 30 day deadline, don't worry, the courses stay in your Outstanding Tasks list until they are completed. The sooner you do, the greater the affect on your risk score.

High value target

High value targets are people whose role requires them to have privileged access to the network, sensitive information or financial data. They are targeted by attackers at a greater rate and therefore our auditor requires they receive specialized training in addition to standard awareness training. Those in senior management, HR, payroll, finance, ITS and procurement are all considered high value targets and are assigned additional online training modules specific to their role.

Handle payment card data

Those who process customer payments have access to payment card data and must follow the standards and requirements set by the Payment Card Industry (PCI). One of those requirements is to receive PCI specifc training. If you are new to the role, you will be assigned introductory training which must be completed before you start processing payments. After that training is complete, you will be assigned refresher training every August which must be completed by June 15 of the following year. Enrollment in the training is not automatic, you must request it. You can request enrollment for yourself or on behalf of someone else. To request enrollment, please complete the registration form.

Handle personal identifiable information

If you handle the personal information of employees or students, PII (Personally Identifiable Information) training will teach you how to securely handle, use and store that information. You can request this training for yourself or your team. Contact securityawareness@mtroyal.ca for more information.

To access the training:

1. Open a browser.

2. Enter https://mtroyal.cyberaware.d-zone.ca/ into the address bar. A login screen appears.

3. Login to the training platform using your MRU workstation login credentials. Your training dashboard appears.

4.Complete your assigned training listed under Outstanding Tasks.

5. Add additional training courses of your choosing by clicking the Add Course button on the Education tab.

Please note:

The sooner you complete your training after it has been assigned, the lower your risk score will go.

If you have any questions about the cybersecurity awareness training, please contact the Cybersecurity Coordinator at 403-440-5677 or securityawareness@mtroyal.ca.

Cybersecurity workshops

Does your team learn better from a live instructor? Would you like your students to learn about cybersafety? We offer workshops on a variety of cybersecurity topics. Some of the presentations/collaborations we have done in the past include:

Demystifying password managers
Securiing your home network
How to use AI securely
How does Google Meet store and use meeting data?
Learn attackers methods by creating phishing training emails

These topics are just a sampling of what we can offer. We love to work with managers to create presenations that are targeted specifically to the challenges and concerns that their teams face. We also love collaborating with instructors to help their students practice real world skills that they can use throughout their lives. If you would like to arrange a live workshop either in-person or virtually, please contact the Cybersecurity Coordinator at securityawareness@mtroyal.ca to submit your request.