Cybersecurity Awareness Training Program
- Travis Green
Why are we required to do the training?
Did you know that around 90% of data breaches are caused by human error, not technical vulnerabilities? Florida Gateway College and its IT team work hard to protect the data of its students, faculty, and staff, but the fact remains: humans are the weakest link in cybersecurity.
The best way to minimize this risk is to ensure that all College employees are aware of the most common security threats we face and how to handle them.
Besides just being a good idea, under the Gramm-Leach-Bliley Act (GLBA) and its resulting Safeguards Rule, FGC is legally required to provide cybersecurity awareness training to its employees and to use techniques such as simulated phishing attacks to assess the effectiveness of its information security program. To comply with this requirement, the College partners with the KnowBe4 training platform to teach cybersecurity awareness and to conduct simulated phishing campaigns.
Please: Take your training seriously and be very careful when interacting with the emails you receive. We know this can all sound a bit paranoid or farfetched – we get it – but the reality is that we in IT see malicious emails constantly. It’s the most common and the most successful cybersecurity attack vector by far. A momentary lapse in judgement could lead to severe consequences for the institution and its constituents.
How does FGC’s training program work?
Periodic mandatory training
New employees must complete mandatory cybersecurity awareness training as part of the onboarding process.
All employees must complete additional training annually.
Simulated phishing attacks and remedial training
Simulated phishing attacks are periodically sent to all employees. Employees falling victim to these simulated attacks (or actual attacks!) will be required to take part in remedial training. The first time you fail a phishing simulation you must complete Level 1 remedial training (approximately 30 minutes of additional educational content). If you fail a second time within 6 months, you must complete Level 2 remedial training (approximately 1 hour of additional educational content).
Employees who fail to complete required training will have their FGC accounts disabled.
Employees who continue to engage in risky cybersecurity practices after training may be reported to human resources and could face disciplinary action.
I’ve been assigned training. How do I complete it?
Simply go to https://training.knowbe4.com/ and log in using your FGC email address and password. From there you will be taken to the learner dashboard, where you can view your assigned training and admire the many badges you have earned throughout your training endeavors!
For a quickstart guide on how to get started with your training: https://support.knowbe4.com/hc/en-us/articles/204469068-Learner-Support-Quickstart-Guide
Additional resources can be found in the KnowBe4 Knowledge Base: https://support.knowbe4.com/hc/en-us
I’ve received a suspicious email. What do I do?
First, what you should NOT do:
DON’T click anything in the email.
DON’T reply to the email.
DON’T forward the email to the Technology Helpdesk.
So, what SHOULD you do?
Option 1: (preferred) Whenever possible, report suspicious emails by using the Phish Alert Button (PAB) located in your Outlook client (instructions provided below).
Option 2: If you don’t have access to the PAB, forward the email to phishing@fgc.edu or simply delete the message.
Only report phishing emails – emails which you think may be fraudulent or malicious. Spam emails (unwanted “junk” emails) should just be deleted.
That being said: if you can’t tell whether the email is phishing or spam, report it!
Using the Phish Alert Button (PAB)
Outlook on desktop (Windows)
The desktop version of the PAB looks a little different depending on whether you’re using the “new” Outlook or Outlook Classic.
Outlook mobile app
The PAB is just as easy to use on the Outlook mobile app. Within your Outlook app, tap the 3 dots on the top right of the email message (not the top right of the screen) and then select the PAB. From there you will be able to confirm that you want to report this email.
On iOS (iPhone)
On Android
