Mandatory Cybersecurity Online Training

Cybersecurity training and awareness are critical in the performance of day to day job duties, in addition to the benefits cybersecurity knowledge provides to anyone who uses technology in their day to day lives.  Henry Ford College has purchased Cybersecurity Training software with training modules that will be mandatory for all employees to complete.  Staff will be asked to complete bimonthly training, and faculty will be asked to complete at least four training sessions a year.  The training can be completed from anywhere you have access to a computer.  In addition, HFC ITS will be performing phishing tests at random times throughout the year.  These tests will identify those persons who need additional training, and anyone who “bites” on a phish will receive training relative to the type of phishing e-mail that was sent.

Please realize that the purpose of this mandatory cybersecurity training is to better prepare everyone to face the dangers that are present in the online applications that we use, both at work and at home.  Training will allow you to make better decisions when you are online.  Over 90% of data breaches begin with an e-mail.  This occurs when a user either opens a malicious web site URL, an e-mail attachment, or enters their credentials on a bogus page. It is important that Henry Ford College acts as a responsible steward of the data entrusted to us by our students and other constituent groups.  While the goal of this training is to provide employees with the skills and knowledge necessary to keep data safe, it is also important to the college’s financial health and reputation that we are safe when accessing, storing, or transmitting the data we work with.  More than half of the small and medium sized businesses that suffer a data breach are out of business within six months.  Data breaches cost companies in terms of remediation, lost business due to lost consumer confidence, and the financial cost of the breach itself in terms of possible lawsuits, fines, and other financial loss.  The INFOSEC Institute lists these seven benefits of employee training:

  1. Training reduces errors. A recent study showed that 80% of breaches are caused by employee carelessness. If a program is implemented to teach them about common scams, such as email attachments that contain malware or phishing emails that steal personal information, they are much less likely to accidentally click links or open files.
  2. Training enhances security. With vigilant employees using strong passwords, flagging suspicious emails, and alerting supervisors about unusual communications or activity, the company itself becomes less vulnerable.
  3. An educated staff increases compliance. As cyber-crime continues to wreak havoc, regulations continue to be implemented to protect data. While some are mandatory (particularly in industries such as banking and healthcare), failure to have adequate safeguards can possibly lead to lawsuits and/or fines.
  4. Security training can help protect a company’s reputation (and possibly save the company itself). A security breach can destroy confidence in your brand, causing consumers or clients to flee in droves. One study shows that 60% of small businesses go under within 6 months of a successful attack.
  5. Education helps morale. Scams are increasingly sophisticated and many employees are embarrassed that they don’t know much about security or what to do to stay safe. A security awareness training program can educate everyone discreetly, enhancing job satisfaction and employee retention along the way.
  6. Your company will save time and money. It takes on average more than 7 months to identify and recover from a successful cyber-attack. The typical disruption to business operations cost $955,429 and $955,429 was spent on upgrades or replacements. Does your company have this kind of spare cash?
  7. You will have peace of mind. Having a strong security policy coupled with security awareness training means less worrying. You’ll be able to relax more, and perhaps even get a good night’s sleep, knowing that everyone is on the same page.

You’ll receive an e-mail that training has been assigned from “Wombat Training Platform” with a subject of  “You have been assigned Cyber Security Training”, and the URL will begin with https://hfcc.securityeducation.com

Here are some general guidelines you should always remember:

HFC ITS will never send you an e-mail with a link to change your password, or to verify your account.  E-mail from internal people like the President of HFC or one of the Vice Presidents discussing HFC business should ALWAYS come from an HFC e-mail address.  Be especially careful opening documents or links within e-mails that you were not expecting.  Read links carefully.  Bad guys like to switch characters, add additional characters, or omit characters from common links.  Also beware of the current e-mail scam, where spammers send you some ancient password you used, and tell you if you don’t send them bitcoin, they’ll tell all your friends something evil, like you don’t like dogs or something.

That’s it.  Remember, data is the modern day currency.  Hackers and attackers want information.  Cybersecurity training is one of the most important factors in preventing data breaches.

Joe Zitnik
Director, Network and IT Infrastructure
Henry Ford College
e-mail: jzitnik@hfcc.edu
Phone: 313-317-6500

This entry was posted in Human Resources Messages, Latest Information. Bookmark the permalink.

Leave a Reply