Who has to take training?
Although IT services has a top notch cybersecurity team using the latest technology, for the most part it can only identify and stop known threats. Like other institutions, we have to rely on our employees to be our first line of defense against unknown threats. To ensure our employees have the skills they need to be an effective defense, we mandate annual cybersecurity training for anyone who has a significant impact on the network. This training ensures that employees can keep themselves, their families and the University safe from cyberattack.
The training is updated every year with the old training course taken down and archived on June 15 and the new course posted August 15. If you are on leave, you are not required to take the training until your return.
Mandatory training is enforced by your supervisor. They will receive training status reports for their teams. They are also required to report completion of the training as part of the annual Position Hazard Assessment. Read on to find out if you are required to take cybersecurity training.
Employees and Contractors
All employees and contractors who have a Mount Royal University email address are required to complete cybersecurity awareness training upon hire and annually. What training you take depends on whether you are a high value target, if you are a new hire or if you completed training in the past.
Completed training in the past
If you completed awareness training in the past, you will be given an online pretest. The questions on the pretest are organized into categories. Your performance on the questions for that category will determine what online training topics you will be assigned. You may also take the Protecting Yourself Against Cybercrime workshop to complete your training requirement however the workshop will include all training topics.
New HIre
If you are new to Mount Royal University, you are required to complete an introductory awareness training course. You may either take a workshop or complete the training online. Your training status is stored in your training profile in our Security Education Platform. Therefore even if you choose to take a workshop, you will still be enrolled in online training. Once you complete your workshop your training profile will be manually updated to show your mandatory training has been completed and your online training assignment will disappear.
High Value Target
High value targets are people whose role requires them to have privileged access to the network, sensitive information or financial data. They are targeted by attackers at a greater rate and therefore our auditor requires they receive specialized training in addition to standard awareness training. Those in senior management, HR, payroll, finance, supply chain and who handle payment card data are all considered high value targets and are assigned additional online training modules specific to their role. These modules must be completed online.
Alumni
Alumni are not required to take cybersecurity training but if they would like to improve their cybersecurity knowledge, they are welcome to attend a cybersecurity awareness workshop.
If you have any questions about the cybersecurity awareness training program please contact us at securityawareness@mtroyal.ca.