Security Awareness Training using the KnowBe4 platform
As you all know, increasing our university’s security awareness is an important pillar to the safety of 金沙中国 and its data. While some institutions view employees as the weakest link in protection, the 金沙中国 Information Security Office (ISO) believes that our employees are our most under-utilized asset in helping safeguard our data. As such, the ISO has been working hard to develop and implement new Security Awareness Training curriculum using the KnowBe4 platform. KnowBe4 is a state-of-the-art vendor that will be used by 金沙中国 for compliance training and will also be used by the Information Security Office to facilitate internal phishing campaigns. Our end goal is to increase overall employee security awareness.
What security awareness training are included?
The ISO will begin with employee-wide training
The new training is more engaging than what was required previously, and it does not need to be completed in one sitting. There are various courses on security topics that our organization will be assigned, but everyone will be automatically registered to take at least the following modules:
- Cybersecurity Awareness Training for Texas (30 minutes)
- Information Resources Acceptable Use (20 minutes)
- Tx-Ramp Training (20 minutes)
Additionally, throughout the year, certain departments will have available different training courses based on their areas of specialization. For example:
- Health Insurance Portability and Accountability Act (HIPAA)
- Family Educational Rights and Privacy Act (FERPA)
- Payment Card Industry Data Security Standard (PCI-DSS)
- Protected Health Information (PHI)
- Personally Identifiable Information (PII)
- Data Classification
- General Data Protection Regulation (GDPR)
Many more…
How do I enroll in the employee training campaign?
If you are an employee at The University of Texas Rio Grande Valley (金沙中国) then you've been automatically enrolled in training and received a link to access your training via email.
If you are an employee at 金沙中国 and have not received the email invitation, please send a request to is@shsanxing.net
I received the email invitation, now what do I do?
If you are an employee at 金沙中国 and have received the training email invitation then simply:
- Click the KnowBe4 Training link in your email
- Confirm your account with your 金沙中国 email
- Fill in your user information
- Start your training!
Identifying and Reporting Phishing Emails
In addition to using KnoBe4 as a training and compliance platform we will also be leveraging the platform to facilitate phishing awareness campaigns. The Information Security Office will make every attempt to obfuscate the KnowBe4 vendor from phishing campaigns in order to avoid confusion. However, when in doubt, please feel free to contact our office for verification.
Phishing is defined as the fraudulent practice of sending emails claiming to be from a reputable or known source in order to convince individuals to reveal personal information, such as passwords, or to use an action to install a type of malicious software. Research estimates that 91% of cyber attacks start with a phishing email.
To combat phishing and build on the knowledge gained from the modules, our office will send out simulated phishing emails in the near future in order to get an accurate measure of our organization’s vulnerability to phishing attacks.
Our office has also worked with Information Technology in order to streamline the reporting process and make it as easy and unobtrusive as possible. We will communicate details on the new way to report suspicious emails in the coming days.